This guide explains the core building blocks required to send and receive email via the internet. It focuses on a understanding how the email is sent across the real world and what protocols are used within this communication.

The Components of a Mail Communication Link to heading

  • DNS Server: Routes trusted servers, handles MX / SPF / DKIM records for mail delivery and authority verification.
  • Mail Servers: Receives outbound emails from clients and moves messages across each other using SMTP.
  • Mail Client: Applications used by people to send / receive emails (eg. Outlook, Thunderbird).
Mail Server Communication Model
Mail Server Communication Model

Mail flow Link to heading

  1. You write an email on thunderbird and press Send.
  2. Your mail client submits it to your mail server using SMTP (port 587).
  3. Your mail server checks the recipient’s domain.
  4. It queries DNS to find the domain’s MX record.
  5. DNS tells your server which mail server handles that domain.
  6. Your server connects to the recipient’s server using SMTP (port 25).
  7. The recipient server verifies security (SPF/DKIM/TLS).
  8. If valid, it accepts and stores the email.
  9. The recipient’s mail client connects via IMAP (993) or POP3 (995).
  10. The email appears in their inbox.

1. DNS Server Link to heading

Before email works, the internet must know which server handles mail for a particular domain, where that server is located and whether that server is trusted. This is handled through DNS (Domain Name System).

Key DNS Records in an Email Communication Link to heading

A Records Link to heading

Maps a hostname to an IP Address

mail.example.com → 192.0.2.10

MX Record (Mail Exchange) Link to heading

Tells the world which server receives mail for your domain.

example.com → mail.example.com

When someone sends mail to user@example.com, their mail server:

  1. Queries DNS for MX records of example.com
  2. Finds mail.example.com
  3. Connects to that server via SMTP
Info
In a DNS’ MX records you can specify priority to setup traffic routed via DNS server to a particular IP. This way you can setup prod and backup mail servers.

Securing mail communications with DNS Link to heading

To make sure that the email is coming from an authorized mail server and not someone spoofing the email header, you can verify the authority via certain DNS records.

SPF (Sender Policy Framework) Records Link to heading

They are mainly used to prevent spoofing by declaring which servers may send mail for your domain. In their definition they are just TXT records with the following information.

v=spf1 mx -all

Meaning: Only servers listed in MX records can send mail.

DKIM Records Link to heading

DKIM stands for DomainKeys Identified Mail. This record is used to add cryptographic signatures to outgoing messages so recipients can verify authenticity (specifically, that the email has not been intercepted while in-transit). Like any other RSA encryption it is comprised of a private key (stored on the mail server) and public key (exposed via DNS TXT record).

v=DKIM1 k=rsa p=<base64 encoded public key>

When the email is received by the recepient’s mail server, it queries <selector>._domainkey.example.com (from username@example.com) to retrieve the public key and decrypt the signature in the mail received. If it decrypts successfully with the public key it ensures that the mail received has not been compromised in-transit.

Note
Read more about the selector.

DMARC Records Link to heading

In simple terms, DMARC (Domain-based Message Authentication, Response, and Conformance) is DNS protocol that defines on the domain owner’s behalf what should the receiver do with the mail if the SPF or DKIM check fails. A receiver can choose to conform to the domain owner’s set DMARC action or handle the result of failing security checks on it’s own.

v=DMARC1; p=quarantine;

It is also specified as a TXT record and p usually have values like quarantine, reject, none.

Note
If you’re curious to know more about DMARC, check it out here

2. Mail Servers Link to heading

A mail server is basically the working backbone of email communication. It has two clear responsibilities:

  1. Sending mail out
  2. Receiving mail in. Everything that happens in between — routing, verification, storage — revolves around these two functions.

Sending Mail (SMTP) Link to heading

When you press Send, your email does not immediately go to the recipient. It first goes to your mail server. The server’s job is to accept that message, process it properly, and deliver it to the correct destination server.

This process uses SMTP (Simple Mail Transfer Protocol).

Tip

Port 587: When a Mail Client submits an email to the Mail Server.

Port 25: SMTP; Used when mail servers talk to each other.

Port 465: SMTPs (SMTP Secure) connections.

3. Mail Clients Link to heading

A mail client is simply something that a user interacts with. It usually comprised of a UI interface for easily compose and read through a emails. It also manages organizing your mails into folders if you’re using POP3, (with IMAP, this control has been given to the server, as it is capable of syncing across devices).

Mail clients are also responsible for handling email attachments. For really large attachments, email clients upload the attachment to a configured storage and then issue a link to the attachment for retrieval. A mail client can be:

  • Desktop clients (Outlook, Thunderbird)
  • Webmail (Roundcube)
  • Mobile mail apps

Receiving Mail (IMAP / POP3) Link to heading

Once an email reaches the recepient’s mail server, it is stored in your mailbox. A Mail Client is then used to retrieve the messages from the recepient’s mail server. The Mail Client uses IMAP / POP3 to fetch emails from the server:

  • IMAP is designed for modern usage. It keeps emails stored on the server and syncs them across devices.
  • POP3 works differently. It downloads emails from the server to a single device, and (in many cases) removes them from the server. This method provides better offline access but is not ideal if someone checks their email on multiple devices.

IMAP runs on port 993 (secure), and POP3 runs on port 995 (secure)

Info

Quick comparison Link to heading

FeatureIMAPPOP3
Default Secure Port993995
Mail StorageStays on serverDownloads onto device
Multi-Device SyncYesNo
Best ForMultiple devicesSingle device setup
Folder SyncYesNo
Modern UsageRecommendedLess common today

Summary Link to heading

Honestly, email is just a bunch of systems talking to each other.

When you press Send, your mail app gives the email to your mail server using SMTP. That server checks DNS to see where the other domain receives mail (MX record), then sends it there. The receiving server checks if it’s legit (SPF/DKIM/DMARC), saves it, and the user reads it using IMAP or POP3.

If you like this blog post… This one is coming from a series, so feel free to check it out. Have some questions / remarks / hate for me? Hunt me down on my socials