Extended SMTP, sometimes referred to as Enhanced SMTP, is a definition of protocol extensions to the Simple Mail Transfer Protocol standard. ESMTP was defined in November 1995 in IETF publication RFC 1869 which established a general structure for all existing and future extensions. ESMTP defines consistent and manageable means by which ESMTP clients and servers can be identified and servers can indicate supported extensions.
Extensions
Like SMTP, ESMTP is a protocol used to transport Internet mail. It is used as both an inter-server transport protocol and a mail submission protocol. The main identification feature for ESMTP clients is to open a transmission with the command EHLO, rather than HELO. A server will respond with success, failure or error, depending on its configuration. An ESMTP server returns the code 250 OK in a multi-line reply with its domain and a list of keywords to indicate supported extensions. A RFC 821 compliant server returns error code 500, allowing ESMTP clients to try either HELO or QUIT. Each service extension is defined in an approved format in subsequent RFCs and registered with the Internet Assigned Numbers Authority. The first definitions were the RFC 821 optional services: SEND, SOML, SAML, EXPN, HELP, and TURN. The format of additional SMTP verbs was set and for new parameters in MAIL and RCPT. Some relatively common keywords used today are:
SMTPUTF8 – Allow UTF-8 encoding in mailbox names and header fields, RFC 6531
UTF8SMTP – Allow UTF-8 encoding in mailbox names and header fields, RFC 5336
The ESMTP format was restated in RFC 2821 and updated to the latest definition in RFC 5321 in 2008. Support for the EHLO command in servers became mandatory, and HELO designated a required fallback. Non-standard, unregistered, service extensions can be used by bilateral agreement, these services are indicated by an EHLO message keyword starting with "X", and with any additional parameters or verbs similarly marked. SMTP commands are case-insensitive. They are presented here in capitalized form for emphasis only. An SMTP server that requires a specific capitalization method is a violation of the standard.
The following servers can be configured to advertise 8BITMIME, but do not perform conversion of 8-bit data to 7-bit when connecting to non-8BITMIME relays:
Exim and qmail do not translate eight-bit messages to seven-bit when making an attempt to relay 8-bit data to non-8BITMIME peers, as is required by the RFC. This does not cause problems in practice, since virtually all modern mail relays are 8-bit clean.
Microsoft Exchange Server 2003 advertises 8BITMIME by default, but relaying to a non-8BITMIME peer results in a bounce. This is allowed by .
SMTP-AUTH
The SMTP-AUTH extension provides an access control mechanism. It consists of an authentication step through which the client effectively logs into the mail server during the process of sending mail. Servers that support SMTP-AUTH can usually be configured to require clients to use this extension, ensuring the true identity of the sender is known. The SMTP-AUTH extension is defined in RFC 4954. SMTP-AUTH can be used to allow legitimate users to relay mail while denying relay service to unauthorized users, such as spammers. It does not necessarily guarantee the authenticity of either the SMTP envelope sender or the RFC 2822 "From:" header. For example, spoofing, in which one sender masquerades as someone else, is still possible with SMTP-AUTH unless the server is configured to limit message from-addresses to addresses this AUTHed user is authorized for. The SMTP-AUTH extension also allows one mail server to indicate to another that the sender has been authenticated when relaying mail. In general this requires the recipient server to trust the sending server, meaning that this aspect of SMTP-AUTH is rarely used on the Internet.
