SMTP Server Commands Explained | Full List, Syntax, and Use Cases

Table of Contents

• What Is SMTP?
• How SMTP Communication Works
• Commonly Used SMTP Server Commands
• Optional/Extended SMTP Commands (ESMTP)
• SMTP Command Example (Telnet Session)
• Security Risks of SMTP
•  Conclusion
• Frequently Asked Questions (FAQs)

Email communication is an essential part of the digital world, and SMTP (Simple Mail Transfer Protocol) serves as the backbone of sending emails over the internet. Whether you're a cybersecurity professional, network administrator, or aspiring ethical hacker, understanding SMTP server commands is vital for analyzing email traffic, testing configurations, and detecting vulnerabilities like email spoofing or phishing.

In this blog, we’ll cover what SMTP is, its working mechanism, and a comprehensive list of SMTP commands, including their syntax, functions, and examples.

What Is SMTP?

SMTP stands for Simple Mail Transfer Protocol. It's an application-layer protocol used to send and relay emails between mail servers and clients. SMTP works primarily over TCP port 25 (and sometimes 587 or 465 for secure connections).

SMTP doesn’t retrieve or store messages — it only sends them. For receiving emails, protocols like IMAP or POP3 are used.

How SMTP Communication Works

When you send an email, here's what typically happens:

1. Your email client connects to the SMTP server.

2. A handshake is established.

3. The client identifies itself and the sender/recipient.

   
   

4. The message is transferred in ASCII format.

5. The connection is terminated.

This entire process is driven by SMTP commands and responses exchanged between the client and server.

Commonly Used SMTP Server Commands

Here are the most commonly used SMTP commands, in order of their typical usage:

1. HELO / EHLO

• Purpose: Initiates the SMTP session.

• HELO is used for basic SMTP servers; EHLO is used for servers that support Extended SMTP (ESMTP).

• Syntax:

  HELO yourdomain.com
  

  or

  EHLO yourdomain.com
  

• Response: 250 Hello yourdomain.com

2. MAIL FROM

• Purpose: Specifies the sender's email address.

• Syntax:

  MAIL FROM:
  

• Response: 250 OK

3. RCPT TO

• Purpose: Identifies the recipient's email address.

• Syntax:

  RCPT TO:
  

• Response: 250 OK (or error if address is not valid)

4. DATA

• Purpose: Begins the message body transfer.

• Syntax:

  DATA
  

  After this command, the server responds with:

  354 End data with .
  

  You then write the email content and end with a single period on a line:

  This is the message body.
  

5. RSET

• Purpose: Resets the current mail session (clears all previous commands).

• Syntax:

  RSET
  

• Response: 250 OK

6. NOOP

• Purpose: Sends a "no operation" command. It does nothing but ensures the server is responsive.

• Syntax:

  NOOP
  

• Response: 250 OK

7. VRFY

• Purpose: Verifies whether an email address exists on the server.

• Syntax:

  VRFY [email protected]
  

• Response: Could return 250, 252, or 550 depending on the server configuration.

 Many modern servers disable this command for security reasons.

8. EXPN

• Purpose: Expands a mailing list to reveal all recipients.

• Syntax:

  EXPN listname
  

• Response: Lists recipients or returns an error.

 Like VRFY, often disabled for privacy/security.

9. HELP

• Purpose: Requests a list of available commands.

• Syntax:

  HELP
  

• Response: List of SMTP commands and descriptions.

10. QUIT

• Purpose: Ends the SMTP session and disconnects.

• Syntax:

  QUIT
  

• Response: 221 Bye

Optional/Extended SMTP Commands (ESMTP)

When using EHLO, servers may support additional ESMTP extensions, such as:

STARTTLS

• Purpose: Upgrades connection to a secure TLS/SSL.

• Syntax:

  STARTTLS
  

AUTH

• Purpose: Authenticates the client using login credentials.

• Syntax:

  AUTH LOGIN
  

SMTP Command Example (Telnet Session)

Here's how a basic email session might look via Telnet:

telnet smtp.example.com 25

220 smtp.example.com ESMTP
EHLO test.com
250-smtp.example.com Hello
MAIL FROM:
250 OK
RCPT TO:
250 OK
DATA
354 End data with .
Subject: Test Email

This is a test.
.
250 OK: queued
QUIT
221 Bye

Security Risks of SMTP

SMTP by default is not encrypted, which exposes it to:

• Man-in-the-middle attacks

• Email spoofing

• SMTP relay abuse

• Phishing

Mitigations Include:

• Enabling TLS encryption (STARTTLS)

• Enforcing SMTP Authentication (AUTH)

• Implementing SPF, DKIM, and DMARC

Conclusion

SMTP commands form the core of how email is transmitted across networks. Understanding these commands not only helps you troubleshoot and configure mail servers but also plays a key role in cybersecurity and penetration testing. From sending emails using Telnet to detecting SMTP misconfigurations, this knowledge is crucial in both offensive and defensive security contexts.

FAQs

What are SMTP server commands?

SMTP server commands are a set of text-based instructions used to send and relay email messages between servers and clients in an SMTP session.

What does the HELO command do in SMTP?

HELO is the initial command in an SMTP session used to identify the sender's domain to the mail server.

How is EHLO different from HELO in SMTP?

EHLO is an extended version of HELO that supports additional features like authentication and STARTTLS in ESMTP.

What is the purpose of MAIL FROM in SMTP?

The MAIL FROM command specifies the email address of the sender in the SMTP session.

What does RCPT TO mean in SMTP?

RCPT TO defines the recipient's email address, telling the server where the message should be delivered.

What does the DATA command do in SMTP?

DATA initiates the transfer of the email body content, including headers and message text, ending with a period (.) on a new line.

Is SMTP secure by default?

No, SMTP is not secure by default. Security can be added through STARTTLS and authentication mechanisms.

What is STARTTLS in SMTP?

STARTTLS is an ESMTP command used to upgrade the plain connection to an encrypted one using TLS.

What is AUTH LOGIN in SMTP?

AUTH LOGIN allows the client to authenticate with the SMTP server using a base64-encoded username and password.

Why are VRFY and EXPN disabled on many mail servers?

They can reveal valid email addresses and user lists, which attackers may exploit for phishing or spam.

Can I use Telnet to test SMTP commands?

Yes, Telnet is commonly used to manually test SMTP commands and troubleshoot mail server issues.

What does RSET do in SMTP?

RSET resets the current mail transaction, clearing all previous command input without closing the connection.

How does the QUIT command function in SMTP?

QUIT properly ends the SMTP session and disconnects the client from the server.

What are common ports for SMTP?

Port 25 (default), 587 (submission), and 465 (secure SMTP with SSL) are commonly used.

What is the NOOP command in SMTP?

NOOP does nothing except test the connection; it’s used to keep the connection alive.

Can I spoof an email using SMTP commands?

Technically yes, if the server is misconfigured. That’s why proper authentication and DMARC/SPF policies are vital.

What’s the difference between SMTP and IMAP/POP3?

SMTP is used to send emails, while IMAP and POP3 are used to receive them.

Why is SMTP important for cybersecurity professionals?

Understanding SMTP is crucial for testing email services, identifying spoofing attempts, and securing mail flow.

What is an SMTP session?

An SMTP session is a connection between a mail client and server where commands are exchanged to transmit an email.

How do I secure my SMTP server?

Use STARTTLS, enable authentication, restrict relay access, and implement SPF/DKIM/DMARC.

What is a 250 SMTP response?

It’s a positive response from the server indicating the command was accepted.

What does 354 mean in SMTP?

354 is a response to the DATA command, indicating the server is ready to receive message content.

Can SMTP be used for file transfers?

SMTP is not designed for file transfers but supports attachments via MIME encoding.

How do mail clients use SMTP?

Mail clients use SMTP to send outbound email to the mail server, which then delivers it to the recipient.

What is SMTP relay?

SMTP relay is the process of one SMTP server forwarding email to another, typically for final delivery.

How do I test SMTP using command line?

Use Telnet or OpenSSL to connect to the SMTP server and issue commands like HELO, MAIL FROM, etc.

Why would an email fail during the SMTP session?

Failures can occur due to invalid addresses, blocked IPs, or authentication issues.

What’s the maximum message size for SMTP?

This depends on the server, but typical limits are between 10MB and 25MB.

Can SMTP commands be automated?

Yes, tools like Python’s smtplib or shell scripts can automate SMTP command execution.

What happens if I forget the period after DATA in SMTP?

The server will keep waiting for message completion, potentially causing a timeout.