Does an SMTP server use HTTP?

Question

I am reading up on how malformed packets can be detected and it says that HTTP flood attacks against SMTP servers can be filtered.

Can anybody explain to me how SMTP and HTTP are separated? I thought SMTP uses HTTP somehow.

Thank you in advance, Kind regards, Sara Fatih.

Answer 1

Web-Based E-Mail More and more users today are sending and accessing their e-mail through their Web browsers. Hotmail introduced Web-based access in the mid 1990s. Now Web-based e-mail is also provided by Google, Yahoo!, as well as just about every major university and corporation. With this service, the user agent is an ordinary Web browser, and the user communicates with its remote mailbox via HTTP. When a recipient, such as Bob, wants to access a message in his mailbox, the e-mail message is sent from Bob’s mail server to Bob’s browser using the HTTP protocol rather than the POP3 or IMAP protocol. When a sender, such as Alice, wants to send an e-mail message, the e-mail message is sent from her browser to her mail server over HTTP rather than over SMTP. Alice’s mail server, however, still sends messages to, and receives messages from, other mail servers using SMTP

Answer 2

HTTP and SMTP are two completely different protocols, used for different purpose with different clients.

SMTP stands for Simple Mail Transfer Protocol, and as far as I remember is much older than HTTP. SMTP as you can understand was used primarily for exchanging electronic mail usign a TCP connection. In other words, it is the protocol used by e-mail servers to forward messages across the TCPIP network.

HTTP stands for Hypertext Transfer Protocol and was born as an application protocol for distributed, collaborative, and hypermedia information systems. HTTP was and is the backbone of the World Wide Web.

When we use an HTTP web application that acts as email client, under the hoods there are many things, for example there is the TCP/IP protocol which is common to both SMTP and HTTP. An HTTP web application could use HTTP, HTTPS, HTTP2 or Websockets to transfer data from and to the browser, this does not means that they are related in some way to SMTP. They are only the mode of transportation.

I'll try to give you few basic concepts in order to see the things from a different view point:

An Web Server usually is used to serve static contents over HTTP.

An Application Server is used to serve dynamic contents often over HTTP.

Web server and Application Server can be the same server (hardware) or distributed across more machines.

When a Browser open a Web Application, the browser opens more TCP connection to a Web Server and/or an Application Server.

In this way the Browser loads HTML, Javascripts, CSS, images and everything is needed to run inside the Web Application and to send and receive informations from the servers.

In case of Email Web Application, let's say for example GMail.

The Application Server when receive a request from the Browser, internally connects to the Email Servers and then read the data (one or more emails). The server then elaborate such data in a way that can be returned back to the Browser.

Another important thing you have to understand is that SMTP is used only to send the email. You cannot read the email using SMTP.

There are other protocols that have to be used to read emails, for example POP3 or IMAP.

Although electronic mail servers and other mail transfer agents use SMTP to send and receive mail messages, user-level client mail applications typically use SMTP only for sending messages to a mail server for relaying. For retrieving messages, client applications usually use either IMAP or POP3.

https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol