What is SMTP AUTH and why is it important?

SMTP AUTH (SMTP Authentication) requires senders to prove their identity before a mail server accepts messages for delivery. It's a critical security mechanism preventing unauthorized use of mail infrastructure.

• How it works:
• Client connects to mail server on port 587 (submission) or 465 (SMTPS)
• Server advertises AUTH capability during EHLO handshake
• Client provides credentials (username/password, OAuth token, or certificate)
• Server validates credentials before accepting messages
• Common mechanisms: PLAIN, LOGIN (over TLS), CRAM-MD5, XOAUTH2
• Why it matters:

Early email had no authentication. Any server could relay mail from anyone. This enabled spam and abuse. Open relays that accepted unauthenticated mail became vectors for mass spam.

• SMTP AUTH ensures only authorized users can send through a server. It enables:
• Accountability (every message traces to an authenticated sender)
• Access control (only valid accounts can send)
• Abuse prevention (compromise requires credentials, not just connectivity)
• Reputation protection (sending limited to authorized users)

Modern ESPs and email servers require SMTP AUTH. Unauthenticated submission ports (25) are typically restricted to server-to-server communication, not client submission.

It's checking credentials before letting anyone load cargo onto the ship.