GROUP 8

ABELLANOSA, JOHN DAVE

BOOC, DERRICK
TAPINIT, SYVIL MAE
SIMPLE MAIL
TRANSFER
PROTOCOL
TABLE OF CONTENTS

01 SMTP Components

02 Types of SMTP Sessions

Message Retrieval
03 Operations
SMTP Server
04 Functionalities and
Security
User Account Naming
05 Conventions

06 Password Guidelines
SMTP

WHAT IS SMTP?

SMTP (Simple Mail Transfer Protocol) is a

communication protocol for sending emails over the
Internet. The protocol is text-based and involves the
sender’s email client or server initiating a
connection to the recipient’s mail server, delivering
the message, and then terminating the session.
SMTP Components
• SMPT Client (Mail User Agent - MUA) - This is the
email application or service (such as Outlook, Gmail,
or Thunderbird) that sends messages to the server.

• Mail Transfer Agent (MTA) - The server that transmits

the emails from one server to another.

• Mail Delivery Agent (MDA) - The component

responsible for delivering the message to the final
destination (recipient’s inbox).
Types of SMTP Sessions
1. End-to-End Session (MTA to MTA)
- This is the most basic type of SMTP session. Here, emails are
transferred directly between Mail Transfer Agents (MTAs) without any
intermediaries. This session typically occurs in enterprise-level email
communications where both sender and receiver use email servers
to manage their emails.

2. SMTP Store-and-Forward Session (Client to Server)

- In this type of session, emails are first delivered to an intermediate
SMTP server. This server temporarily stores the email before
forwarding it to the recipient’s mail server when it becomes
available.

3. Extended SMTP (ESMTP)

- Enhanced version of SMTP that allows for additional features and
commands. ESMTP supports larger message sizes, 8-bit data, and
Message Retrieval Operations
While SMTP is used to send emails, different protocols are employed to
retrieve emails from the server.

1. POP3 (Post Office Protocol 3)

- POP3 is a simple protocol used for retrieving emails from a remote
mail server. This protocol is useful for users who want to access their
emails offline or prefer managing them locally on their device.
2. IMAP (Internet Message Access Protocol)
- IMAP is a more advanced protocol for retrieving email. Unlike POP3,
IMAP allows emails to remain on the server, enabling synchronization
between multiple devices.
3. HTTP Mail (Webmail)
- This method of email retrieval is convenient for users who prefer
accessing their emails from any internet-enabled device without
needing a dedicated email client.
SMTP Server Functionalities and Security
SMTP Server

A server application that implements the Simple Mail Transfer

Protocol (SMTP) to send, receive, and relay email
messages between email clients and servers. When you
send an email, the SMTP server manages the outgoing
mail and transfers it to the recipient's mail server, where it
can be accessed.

When you send an email, it first gets sent to an SMTP server,

which then forwards the message to the recipient’s email
server or another SMTP server for further delivery. It works
as the backbone of email communications by ensuring the
smooth transmission of emails from one system to
another.
 SMTP Server Functionalities and Security
SMTP Server Functionalities
• Relaying - SMTP servers can relay emails to other servers if the
recipient's server is not directly reachable.

• Queuing - If the email cannot be delivered immediately, the server

will queue the message and retry delivery after a specified interval.

• Spam Filtering - Many modern SMTP servers include spam detection

and filtering capabilities to protect users from unsolicited messages.

• Email Forwarding - SMTP servers can forward messages to a different

email address if configured.

• Authentication - Modern SMTP servers use authentication

mechanisms to verify that users are authorized to send email,
reducing the risk of spam or unauthorized access.
 SMTP Server Functionalities and Security
SMTP Security
Since SMTP was originally designed without any encryption or
authentication mechanisms, modern security measures are essential
for protecting email communications. Several protocols and
technologies enhance SMTP security:

1. SMTP Authentication
- requires the email sender to authenticate (log in) to the SMTP server
using a username and password before sending emails. This prevents
unauthorized users from sending messages through the server,
reducing the risk of spam and email spoofing.
2. TLS (Transport Layer Security)
- TLS provides encryption for the communication between the email
client and the SMTP server. This ensures that the contents of the
email, including the subject, body, and attachments, are encrypted
and cannot be read by anyone intercepting the data.
 SMTP Server Functionalities and Security
SMTP Security

3. SPF (Sender Policy Framework)

- SPF is a DNS-based email authentication method that allows domain
owners to specify which servers are authorized to send emails on their
behalf. This prevents spammers from sending emails that appear to
come from legitimate domains.
4. DKIM (DomainKeys Identified Mail)
- DKIM adds a digital signature to outgoing emails. This allows the
recipient’s email server to verify that the email was not altered during
transmission and that it was sent from the claimed domain.
5. DMARC (Domain-based Message Authentication, Reporting, and
Conformance)
- DMARC works in conjunction with SPF and DKIM to help protect email
domains from spoofing and phishing attacks. It allows domain owners
to specify how email servers should handle messages that fail SPF or
DKIM checks.
User Account Naming Conventions

User account naming conventions

- are guidelines or rules that define how usernames are created
within an organization or system. These conventions help
ensure consistency, simplicity, and ease of management
when setting up user accounts, particularly in larger
organizations where thousands of users need to be
managed.
 User Account Naming Conventions
Some general guidelines include:

1. Standard Format
- Email addresses are usually structured as `[email protected]`.
The `username` is often based on the person’s real name, job title, or
department within the organization. This makes it easier to manage and
identify users.
Example: `[email protected]` or `[email protected]`.

2. Uniqueness
- Each user must have a unique email address within the domain. This
ensures that emails are delivered to the correct individual without any
confusion or overlap.
 User Account Naming Conventions
Some general guidelines include:

3. Format Guidelines
- Usernames should avoid special characters, spaces, and non-ASCII
characters to ensure compatibility across different email systems.
- Email addresses are generally case-insensitive, although the domain
portion is always lowercase.

4. Naming Convention Rules

- For personal email accounts: use a combination of first name and last
name (e.g., `[email protected]`).
Password Guidelines
Strong password practices are essential for securing email accounts
from unauthorized access. Some best practices for SMTP-related
passwords include:

1. Password Length
- A minimum of 8-12 characters is recommended, but longer
passwords (16-20 characters) provide greater security. Password
length increases the time it takes for a brute force attack to
succeed.

2. Complexity
- Passwords should be a mix of uppercase letters, lowercase letters,
numbers, and special characters. This combination makes
passwords harder to guess or crack.
- Example: `D0g$ecure!2024`.
Password Guidelines
3. Password Expiration
- Regularly changing passwords (e.g., every 60-90 days) helps
protect against long-term exposure in the event of a data breach. It
ensures that even if passwords are compromised, they are not
usable for a long time.

4. Multi-Factor Authentication (MFA)

- MFA adds an extra layer of protection by requiring users to provide
two forms of identification (typically something they know, like a
password, and something they have, like a phone or security token)
before accessing their account.

5. Avoid Reuse
- Users should not reuse passwords across multiple accounts. This
minimizes the risk of a single compromised account leading to
further breaches.
Password Guidelines

6. Password Management Tools

- Password managers help users generate strong, unique passwords
for each account and store them securely. This reduces the
temptation to use simple, easy-to-remember passwords.
ACTIVITY TIMEEE!!