The Simple Mail Transfer Protocol (SMTP) is used for transmission of email on the Internet. It was designed in the early 1980s when there was no cause to consider security, therefore, it provided for no verification of sender. Those days there were no such a phenomenon as spam.
Spam email is an increasing problem in a world now. The rules used by spam filters and spam blockers are constantly being updated to catch more spam and filter junk and unwanted mail. Previously mail servers were "open" that meant that anyone could send an email messages through any server to anyone. Spammers used this option to send their junk emails through a chain of servers and remained anonymous. In order to protect users against spam messages SMTP service was updated and now authorization of users via authentication is widely used. This means that the SMTP mail server "knows" who exactly sends an email. There are several different methods of authentication available:
- Plain text method. The simplest one is to use plain text password when user sends to SMTP server his/her name and password before the message sending. The main disadvantage of plain text method is that it is not enough secure. Somebody sniffing packets coming over the wire could discover your password. However, this problem can be avoided by using an encrypted connection.
- POP-before-SMTP. This method of authentication requires user to check his/her POP3 email account (usually also using the plain text password) before being allowed to send an email. At the first stage mail server records the incoming IP address of POP3 request and then, at the second stage, temporarily allows sending emails from this IP address. However, the unwanted mail still could be sent if IP address that is authorized by the POP-before-SMTP server is shared among multiple users and computers.
- Other authentication methods. There are also such complex authentication methods as CRAM-MD5, DIGEST-MD5, etc. that in essence use security technology similar to encryption for protecting connection between mail server and user.