Glossary
Definition
SMTP (Simple Mail Transfer Protocol)is the internet standard for sending email between mail servers. When you hit send, your client speaks SMTP to a mail server, which relays the message server to server until it reaches the recipient’s provider. SMTP only pushes mail outbound; separate protocols handle reading it from a mailbox.
Every email ever sent traveled over SMTP at some point. We open billions of SMTP conversations to verify addresses, and the protocol is far simpler than its reputation suggests: it is a short, readable exchange between two servers. Understanding that exchange explains not just how mail moves, but how you can confirm an address is real without ever sending a message.
SMTP, the Simple Mail Transfer Protocol, is the internet standard for sendingemail. It is the language mail servers speak to hand a message from one place to the next. When you press send, your mail client connects to an outgoing mail server and speaks SMTP to it; that server then speaks SMTP to the recipient’s server, relaying the message across the internet until it lands at the destination provider. SMTP governs that entire outbound journey.
The key thing to hold onto is direction. SMTP only ever pushes mail outward, from sender toward recipient. It does not fetch mail out of a mailbox so you can read it; that job belongs to other protocols, covered below. SMTP is the send path, full stop.
An SMTP session is a short, ordered conversation. The sending server opens a TCP connection to the receiving server and then they trade a handful of plain-text commands, each answered with a three-digit status code. The sequence runs like this:
220 greeting, signalling it is ready.EHLO is the modern Extended SMTP greeting that also asks the server which features it supports, such as encryption and authentication; HELO is the older, plainer form.250 OK means it will accept mail for that mailbox, while a 550 means the address is rejected.250 once it has taken responsibility for the message.That is the whole protocol in spirit. You can watch a real handshake play out against any domain, command by command, with the SMTP test tool.
SMTP runs over a few well-known ports, and which one to use depends on who is talking. Port 25 is the original, and it is still how one mail server relays to another across the internet. Because spammers abused it from end-user machines, it is now widely blocked for ordinary clients, so in practice port 25 is reserved for server-to-server relay.
For a mail client or application submitting outbound mail, the modern standard is port 587, which upgrades to an encrypted channel via STARTTLS and requires authentication. Port 465 does the same job with implicit TLS, meaning the connection is encrypted from the very first byte. If you are configuring an app to send through an SMTP server, you almost always want 587 or 465, never 25.
SMTP is constantly confused with IMAP and POP, but the split is clean once you anchor on direction. SMTP sends; IMAP and POP3 receive. When your client pulls messages down so you can read them, it is speaking IMAP or POP3 to your mailbox, not SMTP.
The two receive protocols differ too. IMAP keeps your mail on the server and syncs it across every device, so an email read on your phone shows as read on your laptop. POP3 is the older model that typically downloads messages to one device and removes them from the server. A working email account therefore uses two protocols at once: SMTP for the outbound send path, and IMAP or POP for the inbound read path. They are partners, not competitors.
Here is where SMTP becomes a verification tool rather than just a delivery mechanism. Notice that in the handshake above, the server tells you whether a mailbox exists at the RCPT TO step, which comes before the DATA step where the message is actually transmitted. That gap is the entire trick.
To verify an address, email verification runs the front half of the conversation and then stops. The engine looks up the domain’s MX records to find its mail server, connects, greets with EHLO, issues MAIL FROM, and then issues RCPT TO for the address in question. It reads the reply, learns whether the mailbox is real, and quits. It never sends DATA, so no message is ever delivered. The recipient sees nothing, yet you walk away knowing whether the address exists. That is how you confirm a mailbox without sending it mail.
One wrinkle keeps this from being trivial. Some domains are configured to accept mail for every address, real or not, and they answer 250 OK at RCPT TO even for an address that does not exist. A naive verifier marks those as valid and is wrong. Our engine detects catch-all behaviour during the SMTP stage and then runs an AI-confidence pass to return a real, scored verdict rather than a false positive, the same engine that powers the free email checker.
Used well, an SMTP handshake lets you clean a list before you ever press send, so the addresses that would have triggered a hard bounce are caught in advance and your sender reputation stays intact. For teams verifying at scale, the volume tiers are on the pricing page.
Keep learning
SMTP sits at the centre of a wider set of deliverability concepts. These are the terms most worth understanding next.
A domain that accepts mail for any username, so SMTP cannot confirm a specific mailbox.
A permanent delivery failure, usually a 550 because the mailbox does not exist.
A temporary delivery failure, like a full inbox or a server that is briefly down.
Throwaway addresses from temporary-mail services that self-destruct after minutes.
Confirming an address is real, reachable, and safe to send to before you send.
A shared inbox like info@ or support@ that belongs to a team, not a person.
The SMTP test tool runs a live handshake against any domain and shows every command and reply. Or paste an address into the free email checker to see the verdict in two seconds. No signup.
Common questions
The questions we get most about SMTP, answered with the same logic our verification engine uses.
SMTP stands for Simple Mail Transfer Protocol. It is the standard, first defined in 1982 and updated many times since, that mail servers use to move a message from the sender toward the recipient across the internet.
The “simple” is honest: at its core SMTP is a short, readable text conversation between two servers. That simplicity is exactly why it has carried essentially all of the world’s email for four decades.
The sending server opens a TCP connection to the receiving server, then they exchange a short sequence of commands: the sender greets with EHLO, declares the envelope sender with MAIL FROM, names each recipient with RCPT TO, sends the message body after DATA, and closes with QUIT.
Every command gets a numeric reply, such as 250 OK for success or 550 for a rejected recipient. You can watch a live exchange against any domain with the SMTP test tool.
Three matter. 587 is the modern standard for a mail client submitting outbound mail, with encryption via STARTTLS. 465 is the implicit-TLS submission port, encrypted from the first byte. 25 is the original port, still used for server-to-server relay between providers.
For sending from an app or device, use 587 (or 465). Port 25 is widely blocked for end users to curb spam, so it is effectively reserved for mail-server-to-mail-server traffic.
SMTP is for sending; IMAP and POP3 are for reading. SMTP pushes a message outbound from your client to a server and onward to the recipient. IMAP and POP3 pull messages the other direction, out of your mailbox and into your client.
IMAP keeps mail on the server and syncs every device, while POP3 typically downloads and removes it. A working email account uses SMTP for the send path and one of IMAP or POP for the receive path.
It runs the front half of the SMTP conversation and stops. The verifier looks up the domain’s MX records, connects to the mail server, and issues MAIL FROM and RCPT TOfor the address being checked. The server’s reply to RCPT TO reveals whether the mailbox exists.
Crucially, the verifier never sends DATA, so no email is ever delivered. You learn whether an address is real without the recipient receiving anything. Try it on the free email checker.
Yes, and that is the whole basis of an SMTP verification check. After RCPT TO, a healthy server answers 250 OK for a real mailbox or a 550-class rejection for one that does not exist, all before any message body is transmitted.
The catch is servers that accept everything, called catch-all domains, which return 250 OK even for fake addresses. Our engine detects those and runs an AI-confidence pass to score them instead of guessing.
Both are the opening greeting where the connecting server introduces itself. HELO is the original command from classic SMTP. EHLO is the Extended SMTP greeting that also asks the receiving server to list the features it supports, such as STARTTLS, authentication, and message-size limits.
Modern servers always try EHLO first and fall back to HELO only if the other end is too old to understand it. In practice nearly every real conversation today starts with EHLO.
A 550 is a permanent rejection. The most common form, 550 5.1.1, means the recipient mailbox does not exist, which is precisely the signal verification looks for and the cause of most hard bounces.
Because it is permanent, a real send that hits 550 will not be retried, and repeated 550s drag down your sender reputation. Verifying first, so those addresses never enter a campaign, is how teams keep their reputation clean. Volume tiers are on the pricing page.