Editing Simple Mail Transfer Protocol (section)

==Outgoing mail SMTP server==
An [[email client]] needs to know the IP address of its initial SMTP server and this has to be given as part of its configuration (usually given as a [[Domain name system|DNS]] name). This server will deliver outgoing messages on behalf of the user.

===Outgoing mail server access restrictions===
Server administrators need to impose some control on which clients can use the server. This enables them to deal with abuse, for example [[Spam (electronic)|spam]]. Two solutions have been in common use:

* In the past, many systems imposed usage restrictions by the ''location'' of the client, only permitting usage by clients whose IP address is one that the server administrators control. Usage from any other client IP address is disallowed.
* Modern SMTP servers typically offer an alternative system that requires [[authentication]] of clients by credentials before allowing access.

====Restricting access by location====
Under this system, an [[ISP]]'s SMTP server will not allow access by users who are outside the ISP's network. More precisely, the server may only allow access to users with an IP address provided by the ISP, which is equivalent to requiring that they are connected to the Internet using that same ISP. A mobile user may often be on a network other than that of their normal ISP, and will then find that sending email fails because the configured SMTP server choice is no longer accessible.

This system has several variations. For example, an organisation's SMTP server may only provide service to users on the same network, enforcing this by firewalling to block access by users on the wider Internet. Or the server may perform range checks on the client's IP address. These methods were typically used by corporations and institutions such as universities which provided an SMTP server for outbound mail only for use internally within the organisation. However, most of these bodies now use client authentication methods, as described below.

Where a user is mobile, and may use different ISPs to connect to the internet, this kind of usage restriction is onerous, and altering the configured outbound email SMTP server address is impractical. It is highly desirable to be able to use email client configuration information that does not need to change.

====Client authentication====
Modern SMTP servers typically require [[authentication]] of clients by credentials before allowing access, rather than restricting access by location as described earlier. This more flexible system is friendly to mobile users and allows them to have a fixed choice of configured outbound SMTP server. [[SMTP Authentication]], often abbreviated SMTP AUTH, is an extension of the SMTP in order to log in using an authentication mechanism.

===Ports===
Communication between mail servers generally uses the standard [[Transmission Control Protocol|TCP]] port 25 designated for SMTP.

Mail ''clients'' however generally don't use this, instead using specific "submission" ports. Mail services generally accept email submission from clients on one of:

* 465 This port was deprecated after {{IETF RFC|2487}}, until the issue of {{IETF RFC|8314}}.
* 587 (Submission), as formalized in {{IETF RFC|6409}} (previously {{IETF RFC|2476}})

Port 2525 and others may be used by some individual providers, but have never been officially supported.

Many [[Internet service provider]]s now block all outgoing port 25 traffic from their customers. Mainly as an anti-spam measure,<ref>{{cite magazine |url=http://www.pcworld.com/article/116843/article.html |title=ISPs Pitch In to Stop Spam |author=Cara Garretson |year=2005 |magazine=[[PC World]] |access-date=18 January 2016 |quote=Last month, the Anti-Spam Technical Alliance, formed last year by Yahoo, America Online, EarthLink, and Microsoft, issued a list of antispam recommendations that includes filtering Port 25. |archive-date=August 28, 2015 |archive-url=https://web.archive.org/web/20150828005734/http://www.pcworld.com/article/116843/article.html |url-status=live }}</ref> but also to cure for the higher cost they have when leaving it open, perhaps by charging more from the few customers that require it open.

{{anchor|Transport_example}}