Chapter 13 ■ SMtp
244
not through FTP; they read message boards, rather than connecting to the Usenet—but it is also obviating the need
for many traditional desktop clients. Why convince thousands of users to download and install a new e-mail client,
clicking through several warnings about how your software might harm their computer, if your application is one that
could be offered through an interactive web page?
In fact, the web browser has become so preeminent that many Internet users are not even aware that they have
a web browser. They therefore use the words “Internet” and “Web” interchangeably, and they think that both terms
refer to “all those documents and links that give me Facebook, YouTube, and Wikipedia.” This obliviousness to the fact
that they are viewing the Web’s glory through some particular client program with a name and identity—say, through
the pane of Internet Explorer—is a constant frustration to evangelists for alternatives like Firefox, Google Chrome, and
Opera, who find it difficult to convince people to change from a program that they are not even aware they are using!
Obviously, if such users are to read e-mail, it must be presented to them on a web page, where they read incoming
e-mail, sort it into folders, and compose and send replies. Thus there are many web sites offering e-mail services through
the browser—Gmail and Yahoo! Mail being among the most popular—as well as server software, like the popular
SquirrelMail, that system administrators can install if they want to offer webmail to users at their school or business.
What does this transition mean for e-mail protocols and the network? Interestingly enough, the webmail
phenomenon essentially moves us back in time to the simpler days when e-mail submission and e-mail reading
were private affairs, confined to a single mainframe server and usually not an experience that involved using public
protocols at all. Of course, these modern services, especially the ones run by large ISPs, and companies like Google
and Yahoo!, must be gargantuan affairs, involving hundreds of servers at locations around the world; so, certainly,
network protocols are doubtlessly involved at every level of e-mail storage and retrieval.
But the point is that these are now private transactions, internal to the organization running the webmail service.
You browse e-mail in your web browser; you write e-mail using the same interface; and when you click Send, well, who
knows what protocol Google or Yahoo! uses internally to pass the new message from the web server receiving your
HTTP POST to a mail queue from which it can be delivered? It could be SMTP; it could be an in-house RPC protocol;
or it could even be an operation on common file systems to which the web and e-mail servers are both connected.
For the purposes of this book, the important thing is that, unless you are an engineer working at such an
organization, you will never see whether POP, IMAP, or something else is at work behind the webmail interface you
use to manipulate your messages.
E-mail browsing and submission, therefore, become a black box: your browser interacts with a web API and, on
the other end, you will see plain old SMTP connections originating from and going to the large organization as e-mail
is delivered in each direction. But in the world of webmail, client protocols are removed from the equation, taking us
back to the old days of pure server-to-server unauthenticated SMTP.
How SMTP Is Used
The foregoing narrative has hopefully helped you structure your thinking about Internet e-mail protocols. With any
luck, it has also helped you realize how they fit together in the bigger picture of getting messages to and from users.
The subject of this chapter, however, is a narrower one—the Simple Mail Transport Protocol. I’ll start by stating
the basics in the terms you learned in Part 1 of this book:
• SMTP is a TCP/IP-based protocol.
• Connections can be authenticated or not.
• Connections can be encrypted or not.Most e-mail connections across the Internet these days seem to lack any attempt at encryption, which means
that whoever owns the Internet backbone routers are theoretically in a position to read staggering amounts of other
people’s e-mail. What are the two ways, given the discussion in the previous section, that SMTP is used?
First, SMTP can be used for e-mail submission between a client e-mail program like Thunderbird or Outlook and
a server at an organization that has given the user an e-mail address. These connections generally use authentication
so that spammers cannot connect and send millions of messages on a user’s behalf without their password. Once a
message is received, the server puts it in a queue for delivery so that the e-mail client can forget about the message
and assume that the server will keep trying to deliver it.