Skip to main content
SMTP (Simple Mail Transfer Protocol) is the standard protocol used to transmit email between servers across the internet. Every email you send through Lettr — whether via the REST API or SMTP relay — ultimately travels between servers using SMTP. Understanding how SMTP works helps you diagnose delivery failures, choose the right sending method, and interpret bounce codes. This guide covers the protocol itself: how an SMTP conversation works, which ports are used, how encryption is negotiated, and where things can go wrong.

What SMTP Does

SMTP handles one specific job: moving an email message from one server to another. It does not handle reading email (that’s IMAP or POP3), rendering email (that’s the email client), or storing email long-term (that’s the mailbox server). SMTP is purely a transmission protocol. When you send an email through Lettr’s API, Lettr constructs the message and then uses SMTP to deliver it to the recipient’s mail server. When you send via Lettr’s SMTP relay, your application speaks SMTP directly to Lettr, and Lettr then relays the message onward via SMTP to the destination.

The SMTP Conversation

An SMTP transaction is a structured back-and-forth between two servers: the client (the sender) and the server (the receiver). The conversation follows a strict sequence of commands and responses.
1

Connection

The client opens a TCP connection to the server on the appropriate port. The server responds with a 220 greeting, indicating it is ready to communicate.
2

EHLO / HELO

The client identifies itself using the EHLO command (Extended HELO) or the older HELO command. EHLO is preferred because it enables SMTP extensions like authentication and TLS. The server responds with a list of supported extensions.
3

STARTTLS (Encryption)

If both sides support TLS, the client issues the STARTTLS command to upgrade the connection from plaintext to encrypted. After the TLS handshake completes, the client sends a new EHLO to restart the session over the encrypted channel.
4

MAIL FROM

The client specifies the envelope sender (also called the Return-Path or bounce address). This is where bounce notifications are sent if delivery fails. It may differ from the From header the recipient sees.
5

RCPT TO

The client specifies one or more recipient addresses. Each recipient requires a separate RCPT TO command. The server validates each address and responds individually.
6

DATA

The client signals that it is ready to transmit the message content. The server responds with 354, and the client sends the full message (headers and body). The message ends with a single line containing only a period (.).
7

QUIT

The client closes the session. The server confirms and terminates the connection.

SMTP Ports

SMTP uses different ports depending on the type of connection and its purpose.
When connecting to Lettr’s SMTP relay, use port 587 with STARTTLS or port 465 with implicit TLS. Port 25 is not available for submission to Lettr — it is reserved for server-to-server relay and is commonly blocked by ISPs and cloud providers.

Which Port Should You Use?

  • Port 587 — The default choice for most applications. Connect in plaintext, then upgrade to TLS via STARTTLS. This is the most widely supported option.
  • Port 465 — Use if your application or library supports implicit TLS and you want encryption from the first byte. Some modern libraries prefer this.
  • Port 25 — You will rarely use this directly. It is the port receiving mail servers listen on for inbound delivery. Lettr uses port 25 when delivering your messages to recipient mail servers, but your application does not need to interact with port 25.

Encryption: TLS and STARTTLS

Email transmitted over unencrypted SMTP can be read by anyone who intercepts the traffic between servers. TLS (Transport Layer Security) encrypts the connection to prevent this.

STARTTLS

STARTTLS is an SMTP extension that upgrades an existing plaintext connection to an encrypted one. The conversation starts unencrypted on port 587 (or 25), and after the STARTTLS command, both sides negotiate a TLS session before continuing.

Implicit TLS

On port 465, the connection is encrypted from the moment it is established. There is no plaintext phase and no STARTTLS negotiation. This is sometimes called “SMTPS” and behaves similarly to how HTTPS works for web traffic.

Opportunistic vs Enforced TLS

Lettr uses opportunistic TLS by default when delivering messages to recipient mail servers, ensuring the widest possible delivery coverage. The vast majority of major mailbox providers support TLS, so most messages are encrypted in transit.

SMTP Authentication

When submitting email to a relay server (like Lettr’s SMTP endpoint), the server requires the client to authenticate before accepting messages. This prevents unauthorized users from sending through the relay. Common SMTP authentication mechanisms:

Authenticating with Lettr’s SMTP Relay

To send via Lettr’s SMTP relay, use your API key as the authentication credential:
  • Host: smtp.lettr.com
  • Port: 587 (STARTTLS) or 465 (implicit TLS)
  • Username: Your Lettr API key ID
  • Password: Your Lettr API key secret

SMTP vs REST API

Lettr supports both SMTP relay and a REST API for sending email. Each approach has trade-offs.
If you are starting a new integration with Lettr, the REST API is the recommended approach. It provides access to all Lettr features including templates, merge tags, and event metadata. SMTP relay is ideal when migrating from another provider or when your application already uses SMTP (e.g., WordPress, legacy systems).

Common Mistakes

Port 25 is intended for server-to-server relay, not for application-to-relay submission. Many ISPs and cloud providers (AWS, Google Cloud, Azure) block outbound port 25 entirely to prevent spam. Use port 587 (STARTTLS) or 465 (implicit TLS) when connecting to Lettr’s SMTP relay.
If your application sends the AUTH command before issuing STARTTLS, credentials are transmitted in plaintext and can be intercepted. Always establish TLS first — either via STARTTLS on port 587 or by using implicit TLS on port 465.
The MAIL FROM command sets the envelope sender (Return-Path), which is used for bounce handling. The From header is what the recipient sees. These can be different — and in most ESP setups, they are. Lettr sets the envelope sender to a bounce-processing address while your From header shows your brand’s address. This is normal and expected.
SMTP connections can stall due to network issues, DNS resolution delays, or overloaded receiving servers. If your application sends via SMTP, configure reasonable timeouts (30–60 seconds for connection, 300 seconds for data transfer) and implement retry logic. When using Lettr’s REST API, timeout handling is managed for you.

How Email Delivery Works

End-to-end overview of the email delivery pipeline from API call to inbox.

Bounce Codes Reference

Complete reference of SMTP response codes and what they mean.

SPF, DKIM & DMARC

How email authentication protocols verify your messages.

Email Headers Explained

What common email headers mean and how they affect delivery.