TL;DR: We use email daily but rarely understand how it works under the hood. This article explores mail servers, protocols like SMTP, and essential DNS records (MX, SPF, DKIM, DMARC) that make email delivery secure and reliable.
Introduction
We use email daily and it is the invisible but most important marketing and communication tool. Us developers use email for several things but we (at least me) don't understand how they actually work under the hood. We make some DNS changes for Resend to work but don't really check.
My goal for this blog is to understand how mail servers and protocol works and try to explain to you also. So let's get started!
How Mail Servers Work
Key Actors
Mail User Agent (MUA)
Our email client like web browser, Thunderbird or something like Outlook. The application we use the read and compose emails.
Mail Transfer Agent (MTA)
This is a software that transfers emails from sender to receiver using SMTP.
Mail Delivery Agent (MDA)
Postal mailbox equivalent of emails.
Mail Retrieval Agent (MRA)
Server component allows users agents to retrieve messages using protocols like IMAP or POP3.
Sending an Email
When send button is clicked your client (MUA) connects to the mail server (MTA) via SMTP. MTA then looks at the recipient's email address to locate where to send email next. It used the domain part (after @) to query DNS for that domains MX record which contains the recipients mail server's address. After the address is located MTA starts to do store and forward, they queue the messages and retry if next hop is unreliable which ensures reliable connection.
Key Protocols
- Simple Mail Transfer Protocol (SMTP): Used to send emails from client to server and between MTA's.
- Extended Simple Mail Transfer Protocol (ESMTP): An extension of SMTP that supports additional features like authentication and attachments.
- Posts Office Protocol v3 (POP3): Downloads emails from the server to the client and usually deletes them from the server.
- Internet Message Access Protocol (IMAP): Syncs emails between the server and client. Keeping them both on client and server, more modern approach.
DNS Setup for Email Service
This is the part which I am most interested. I think we all did this setup more than one time in our life but most of us is not going one more them forward to actually understand that settings.
MX Records - Direct Mail to the Right Server
Mail Exchange records tell the world which mail server is responsible for receiving email for your domain.
example.com. 3600 IN MX 10 mail.example.com.This means for domain example.com the primary mail exchanger is mail.example.com with priority 10. Lower the priority higher the preference.
SPF - Sender Policy Framework
SPF is one of the primary email authentication methods. SPF allows the owner of the domain to specify which mail servers are authorized to send email on the behalf of that domain.
example.com. 3600 IN TXT "v=spf1 ip4:abc.d.efg.h include:_spf.google.com -all"This is a sample SPF record, this indicates that domain authorizes a specific IPv4 address (abc.d.efg.h) and includes Google's mail server as a valid. -all means a hard fail so if it fails all of them are rejected automatically. ~all means soft fail, if it fails mail gets marked as spam or suspicious.
DKIM – DomainKeys Identified Mail
Another way of email authentication. DKIM ties the email to the domain's identity by using cryptographic signatures like RSA.
default._domainkey.example.com. 3600 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqh...Ab (your public key) ...IDAQAB"p is public key with v version and k type.
DMARC – Domain-Based Message Authentication, Reporting & Conformance
DMARC is another policy on top of SPF and DKIM. In simple terms DMARC answers the question, If an email claims to be from my domain, did it pass SPF and/or DKIM, and if not, what should the recipient server do with it? When a receiver gets an email from example.com, it checks SPF and DKIM as usual.
_dmarc.example.com. 3600 IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; ruf=mailto:forensic@example.com; fo=1"Where v is the version, rua and ruf is addresses where aggregate and forensic reports should be send.
To Sum Up
I tired to deep summarize the email protocols, dns settings and simple but deeper knowledge about emails. Thanks for reading and if you have any suggestions or if i made a any mistake feel free to reach me!
Key Takeaways
- Email Flow: MUA → MTA → DNS lookup → MTA → MDA → MRA → MUA
- Authentication Trinity: SPF validates sending servers, DKIM provides cryptographic signatures, DMARC enforces policies
- MX Records: Direct incoming emails to the correct mail server with priority handling
Learn More
If you want to dive deeper into email infrastructure and security: