How is an email sent? You type it out on your computer, hit send, and it magically reaches your recipient, right? Well, while it may seem like magic, it's mostly thanks to the SMTP server that your email provider set up.
What is an SMTP server?
SMTP stands for Simple Mail Transfer Protocol. SMTP servers are the reason your email reaches your recipient's inbox. SMTP is a protocol—a set of instructions—that dictates the transfer of emails between two servers (sender and recipient), while SMTP servers are the servers that know how to perform this protocol.
Why do we need SMTP servers?
The SMTP server does for emails exactly what the postman does for your physical letters. This server ensures that the email you send from your email client reaches your recipient's inbox intact. The message you hit send on gets converted into a code that can be transported to the SMTP server for processing and relaying.
While the main purpose of modern SMTP servers like ZeptoMail's and Zoho Mail's is to relay emails, the role of modern SMTP servers has extended beyond this:
They ensure that your emails are properly authenticated. SPF, DKIM, etc need to be in place while sending emails.
Recipient servers can be suspicious of large volumes of emails from a single server. These servers manage the volume to ensure that there is no negative impact on email sending.
Modern SMTP servers ensure that the security of their infrastructure is up to date and up to industry standards.
How does SMTP work?
There are multiple steps and processes that take place between hitting the send button (in ZeptoMail's case, once it is triggered from the application) and the recipient receiving the email. Take a look at how this digital postman (SMTP server) works in sending an email from ZeptoMail to a recipient using Zoho Mail:
- As soon as the email is triggered, your email client establishes a connection with the ZeptoMail SMTP server.
- The email client conveys the details of the message, sender, and recipient with the ZeptoMail SMTP server.
- Once it has the information about the recipient server, ZeptoMail's SMTP server runs a check to verify that the sender is an active email account to prevent spam.
- The ZeptoMail SMTP server then processes the information sent by the email client.
- It first identifies the recipient domain and the SMTP provider hosting the domain. The SMTP server also gets the recipient provider's unique IP address.
- After the verification is successful, ZeptoMail's SMTP server hands over the message to the recipient SMTP server—in our case, the Zoho Mail SMTP server.
- Once the email is delivered, recipient servers perform a list of actions like checking the sending server's reputation, MIME format, SPF and DKIM verifications, etc. After their checks are performed, the server then delivers the email to the inbox or spam folder, quarantines the email, or rejects the email.
What is SMTP security and why is it important?
Considering that your SMTP server literally handles every single email you send out, you would want to reinforce the security of this crucial connection. So why do we need SMTP security?
Important information is transmitted via email. Without good SMTP security in place, unauthorized people can gain access to your emails. This data can then be leaked or used for their advantage.
Spam and phishing
If an unauthorized person gets access to your SMTP credentials, they can send out spam emails to your contacts. In some cases, they can also impersonate you and send malicious emails to your contacts and gain confidential information.
Once these fraudsters use your SMTP server for spamming and phishing, email providers will view your emails as untrustworthy. This will end up causing deliverability issues for your legitimate emails.
Malware and email attacks
Attackers can use your SMTP credentials to spread malicious software to recipients of your emails and also within your own systems. They can also use SMTP access to perform email attacks like DDOS to harm other servers.
If you're wondering if there is a simple way to send emails securely using SMTP, there definitely is.
ZeptoMail is a transactional email-sending service that lets you send transactional emails from your application/sites using SMTP. You can use the SMTP configuration to send emails in a quick few steps.
You also don't need to worry about securing the SMTP server—we've got it covered.
How we secure your SMTP connection
ZeptoMail takes multiple measures to protect your email sending over our SMTP connection.
ZeptoMail adds a layer of security by using TLS connections. SSL/TLS connections encrypt the email message when being sent from the email client to the SMTP server. So even if the server is breached, attackers will only be able to see codes that cannot be deciphered. ZeptoMail supports TLS v1.2 to eliminate the limitations of previous versions.
SMTP account authentication
SMTP email sending in ZeptoMail is done using unique passwords. When your application connects to our SMTP, your identity is verified using the password. Each Mail Agent comes with unique SMTP credentials that allow you to isolate the reputation of different email categories that can be based on type, application, purpose, environment, and more.
The first and most crucial step in ZeptoMail onboarding is domain verification. Every domain added to our platform is authenticated using SPF, DKIM, and CNAME. This helps prove your identity to our SMTP server and also protects you from spammers and spoofing. You can also publish DMARC policy to advise the recipient server on how to handle emails that originate from your server.
ZeptoMail lets you manage email sending from different IPs using IP restrictions. You can add IP addresses/ranges from which you allow email sending. While your account can be accessed from any IP, email sending can only occur from the provided IP addresses.
These are just some of the security measures ZeptoMail has in place. We also have email APIs that allow for deeper integration of your application/site with ZeptoMail.
And that's all we have for today—I'll be back to tell you more about these features in our upcoming blogs. Trust me that we're hard at work coming up with more ways to make your ZeptoMail experience even better! In the meantime, give our latest updates a try and share your feedback with us on social media, through email, or in the comments below!
You can also follow us on Twitter and LinkedIn and join our community forum for regular updates.
8 Replies to SMTP and SMTP security
Is there a charge to have a large number of domains using the service inside one account? Is there pre-built integrations for systems such as WordPress?
Hi Jason. We don't have extra charges for domains. By default, you can add upto 100 domains in ZeptoMail. As for integrations, we do have a WordPress Plugin that allows you to connect ZeptoMail to your WP site with ease. WordPress plugin: https://wordpress.org/plugins/transmail/ Documentation: https://www.zoho.com/zeptomail/help/wordpress-plugin.html
I've read the above explainations, but I'm still not clear as to the difference between Zepto and Zoho mail services. What are the advantages over each other? Who is the Zeptomail target user, verses the Zohomail target user?
Hi Robert. ZeptoMail is a transactional email service. Transactional emails are automated emails that are triggered when a user performs an action on a site or application. For example, if you place an online order, you will receive an automated "Order Placed" email, if you try to reset your password to any account you will receive a "password reset" email. These automated emails are sent using ZeptoMail. Target users: If you own a business that has a site or uses an application and you wish to trigger automated emails when your users perform certain actions on your app, then you can use ZeptoMail. https://www.zoho.com/zeptomail/ Zoho Mail on the other hand is used to send one-to-one or group emails. Emails that you type out in your composer and send to your colleagues or clients or sometimes family and friends. These are not automated. Target users: If you own an organization and need a custom domain email address (email@example.com) for all your employees then you can use Zoho Mail. Your employees can then use their email addresses for email communications. https://www.zoho.com/mail/ These are two completely different services with different purposes. I hope this helps.
Hello, I had tested a few months ago but it was not possible to answer a form that we receive by email for example. has this evolved? thank you.
Hi Thierry. We would need more details to understand the process you wish to use ZeptoMail for. Please write to support(at)zeptomail(dot)com with details so we can help you out. Our team will get back to you at the earliest.
Why is this not inherent to Zoho Mail or why is this an add-on purchase? Can Zoho Mail SMTP be trusted to be secure?
Hi Jo. ZeptoMail is a transactional email service that can be used to send out automated emails like welcome email, OTP emails, password reset emails from your site/app. Zoho Mail is a business email service. Since they have different purposes, it is available as separate services for our users to choose from. Both Zoho Mail SMTP and ZeptoMail SMTP follow industry-standard security practices to protect our user's emails.