Reputation: 340
How an E-mail is sent from your mail SMTP server to others?
Assume you have a Gmail account and want to send an E-mail to an account on yahoo mail server from Gmail account, here are the steps:
- Client mail manager (say outlook) connects to gmail server and authenticates your account(using username/password that you have already)
after the authentication is done, your mail is sent to gmail server
so here is the question: how gmail proves itself to yahoo? has gmail any username/password or some sort of things? is authentication needed for this?
Upvotes: 1
Views: 429
Answers (1)
Reputation:
In general there is no authentication from one SMTP server to another. The only authentication is from you to gmail.
This is one reason why spam is such a problem. The basic SMTP protocol just assumes there is no spam. You open a connection to a mail server and just send the headers like
from: [email protected]
to: [email protected]
Hello
And yahoo.com (the receiver) will happy except the email regardless of what computer it came from.
Because of those issues things have been added but they are optional.
One is DKIM. It works by signing your email with a digital signature. The signed email can be verified by the receiver (in your case by yahoo). Yahoo can check for gmail's public key in gmail's DNS records and check that the mail's signature cryptographically matches. It's up to the receiver (yahoo) to decide if it wants to check that or not. If the sender (Google or a spammer) does not add the signature then again, it's up to the receiver to decide what to do with the message. It could assume it's okay and pass it on. It could check if there is a public key available and if it is and the email has no signature then may not pass it on? Or mark it as "possibly spam"
There's also SPF. SPF is designed so that the receiver (yahoo) can verify that only the sender (Google) is allowed to send mail from gmail.com.
Then there is DMARC. DMARC lets Google (the sender) tell Yahoo (the receiver) what to do when when the stuff above fails. For example wither or not to forward messages who's signatures don't match the key. It's up to the receiver to decide to use this info.
Along with the linked wikipedia articles here's a pretty good overview of what happens and the problems involved.
Upvotes: 1
Related Questions
- What protocols and servers are involved in sending an email, and what are the steps?
- Can I send emails without authenticating on the SMTP server?
- What type of authentication is System.Net.Mail.SmtpClient using when sending emails?
- How C# SMTP works
- How does e-mail go from SMTP to IMAP?
- What mechanism does Gmail use for user authentication?
- What further happens after emails are received on SMTP ? Who Stores the email, is that SMTP?
- How does Magento deliver mail?
- how mail server determine the recipients email address
- Smtp Authentication