SMTP: How it works

When client sends email, the client connects to port 25 of the email server (via the SMTP port) and sends a HELO command (Tschabitscher, n.d.). The client “addresses the envelope” by specifying who is sending the email and who is to receive it, then appending the content of the message itself.

To specify the sender, the command MAIL FROM: is used. The receiver is likewise specified by the command RCPT TO: (Tschabitscher, n.d.). A sample SMTP transaction might read as follows:

MAIL FROM: <[email protected]>
250 [email protected]… Sender ok
RCPT TO: [email protected]
250 [email protected]… Recipient ok (will queue)

Following the initial addressing, the DATA command is used to indicate the beginning of the message, followed by the email headers and then the body of the text (Tschabitscher, n.d.). To indicate the end of the message, a single period character is used. An example of the DATA portion of an SMTP transmission might read as follows:

354 Enter mail, end with “.” on a line by itself
Message-ID: <[email protected]>
Date: Tue, 10 Sep 2011 22:00:12 +0300
From: Bo Diddly <[email protected]>
To: Billy Bob <[email protected]>
Subject: Testing the SMTP server

If you receive this message, it works!
250 SAA19146 Message accepted for delivery

There is a significant exploitable loophole permissible through SMTP at this stage; when composing the data portion of the email, any email address can be used for the sender’s address, even if it is different from the one that was specified during the addressing phase. This is all it takes to spoof the sender of an email (Tschabitscher, n.d.).

Once the message is composed, the command QUIT will exit the session.

Leave a Reply