Simple Mail Transfer Protocol (SMTP)

Simple Mail Transfer Protocol (SMTP) is the used protocol for sending e-mail messages between servers. Most e-mail systems that send mail over the Internet use SMTP to send messages from one server to another. However, SMTP does not has facility for authentication of senders.

The sender-SMTP establishes a two-way transmission channel to a receiver-SMTP on the request of opt-in users.The receiver-SMTP may be either the ultimate destination or an intermediate.SMTP commands are generated by the sender-SMTP and sent to the receiver-SMTP.SMTP replies are sent from the receiver-SMTP to the sender-SMTP in response to the commands.

Once the transmission channel is established, the SMTP-sender sends a MAIL command indicating the sender of the mail.If the SMTP-receiver can accept mail it responds with an OK reply.The SMTP-sender then sends a RCPT command identifying a recipient of the mail.If the SMTP-receiver can accept mail for that recipient it responds with an OK reply; if not, it responds with a reply rejecting that recipient (but not the whole mail transaction).

The SMTP-sender and SMTP-receiver may negotiate several recipients.When the recipients have been negotiated the SMTP-sender sends the mail data, terminating with a special sequence.If the SMTP-receiver successfully processes the mail data it responds with an OK reply.The dialog is purposely lock-step, one-at-a-time.

In recent times, several proposals to combat the growing menace of spam emails are being considered. The proposals being considered would require better identification of who the Sender of an email is and putting a stop to forging practice.

There is a major flaw in STMP, it does not provide a way to authenticate sender. Spammers use this loophole to forge the 'From' lines and send bulk emails. However, the new proposals claim to put lid on such practice. It offers better identification of who the "sender" of an e-mail message is and blocking emails which are not authenticated.

Sender Policy Framework (SPF) makes it easy to counter most forged "From" addresses in email and thus stop email spams. It is an extention to Simple Mail Transfer Protocol (SMTP). Normal SMTP without SPF allows anyone to forge anyone else's email address. For example - if Mr. XYZ wants to send an email, he can forge your email address and send it across claiming to be from you. SPF is said to put stoppage to that practice, as one is required to send emails from their real domains.

SPF allows an internet domain to specify which machines are authorized to transmit for that particular domain. For example- if Mr. XYZ wants to send an email, he/she has to use only their authorized domain address and if he uses an unauthorized domain the email will not proceed further.

SPF only keeps spammers from forging the domain names given in the From address of an email. The spammer can still send emails from legitimate domain account. However; this can be traced out easily, making it easier to automatically black list a domain that sends spam.