When the protocols that underlie how email works were first developed, little thought was given to security. At the time, most of the networks that were later to join together to form the nascent Internet were in large corporations, universities, and government agencies. Because it was only employees of these organizations that had access to email, there wasn’t much need to authenticate senders.
SMTP (Simple Mail Transfer Protocol), when it was developed in the mid–70s by Jon Postel, didn’t include any functionality to make sure that senders of email were authorized to use the email servers. These open email relays accepted incoming mail from everyone.
As the Internet grew and became available to ordinary people, email’s popularity snowballed, and abuse of the email system grew along with it. We’re all familiar with spam email; open relays make it easy for spammers to distribute huge amounts of email with no checks on who they are.
SMTP authentication was developed in the mid–90s to help close the authentication gap and rid the net of open email relays. It forces mail user agents — your email clients — to authenticate and verify their identity before the server will accept and transfer email. That’s great for cutting spam, but it also causes a problem for businesses that want to send mail from within their own networks.
Why Is SMTP Authentication Useful For Business?
SMTP Authentication is provided by a mail submission agent that accepts connections on a variety of ports , most usually 587. The mail is then handed off to a mail transfer agent for delivery.
Mail transfer agents usually use port 25. Because having access to the mail transfer agents directly on port 25 lead to huge amounts of spam being sent, ISPs often block outgoing port 25. For most businesses and individuals, that means they can’t use their domains for sending email from their own servers. The ISPs won’t let users connect out on that port.
For businesses that want to run their own email servers for reasons of privacy, security, or convenience, the blocking of port 25 is a serious stumbling block.
SMTP authentication, which doesn’t use port 25, allows these businesses to connect to a mail submission agent that verifies and authorizes their identity, before sending the mail on its way. It’s the perfect solution for businesses that need to manage their own email.
SMTP authentication provides a secure outgoing relay for email that can be encrypted with SSL.
Also published on Medium.