Mail submission agent
Encyclopedia
A mail submission agent is a computer program
or software agent
that receives electronic mail messages from a mail user agent (MUA) and cooperates with a mail transfer agent
(MTA) for delivery of the mail. It uses a variant of the Simple Mail Transfer Protocol
(SMTP), as specified in RFC 6409.
Many MTAs perform the function of an MSA as well, but there are also programs that are specially designed as MSAs without full MTA functionality. Historically in Internet mail, both MTA and MSA functions use port number 25. The MTA accepts locally-destined mail from other domains, and an MSA accepts submitted mail from local users.
One benefit is that an MSA, since it is interacting directly with the author's MUA, can correct minor errors in a message's format (such as a missing Date, Message-ID, To fields, or an address with a missing domain name) and/or immediately report an error to the author so that it can be corrected before it is sent to any of the recipients. An MTA accepting a message from another site cannot reliably make those kinds of corrections, and any error reports generated by such an MTA will reach the author (if at all) only after he has already sent the message.
One more benefit is that with a dedicated port number, 587, it is always possible for users to connect to their domain to submit new mail. Many Internet service providers and enterprise or institutional networks
restrict the ability to connect to remote MTAs on port 25. Availability of a Mail Submission Agent on port 587 enables nomadic users to continue to send mail via their preferred submission servers even from within others' networks. Using a specific submission server is a requirement when sender policies
or signing practices are enforced.
Another benefit is that separating the MTA and MSA functions makes it easier for an MTA to deny relaying, that is to refuse any mail that is not addressed to a recipient at a domain that is served locally. By contrast, an MSA must generally accept mail for any recipient on the Internet, though it only accepts such mail from authors who are authorized to use that MSA and who have established their identity to the MSA via authentication. In times when both mail submission and acceptance of incoming mail were usually accomplished using the same protocol and the same server, the ability to send mail to arbitrary destinations without authentication allowed spammers to use MTAs as a means of distributing spam
(since a single message transaction can request that an MTA relay a message to a large number of recipients), and also made it more difficult to trace a message to its origin.
Yet another benefit is that MSAs and MTAs can have different policies for filtering of spam. Most MSAs require authentication in the form of a username and password provided by the author. Any messages received by such an MSA are therefore traceable to an author who has a direct relationship with the MSA, and who can be held accountable for his actions. This allows the MSA to have either no spam filtering, or more permissive spam filtering than an MTA that exists for the purpose of accepting incoming email from other domains. It is difficult to establish trust in mail sent between arbitrary domains, because there is generally no direct relationship between those domains via which trust, or even identity, can be established. In the absence of such trust, an MTA must generally rely on heuristics and third-party reputation services to distinguish spam from legitimate traffic, and both of these mechanisms have a history of being error-prone. The separation of MSA and MTA therefore avoids the use of unreliable spam recognition mechanisms during mail submission, and increases the probability for legitimate mail to be delivered successfully.
, public key certificate
s, or (the mostly obsolete) POP before SMTP
.
Computer program
A computer program is a sequence of instructions written to perform a specified task with a computer. A computer requires programs to function, typically executing the program's instructions in a central processor. The program has an executable form that the computer can use directly to execute...
or software agent
Software agent
In computer science, a software agent is a piece of software that acts for a user or other program in a relationship of agency, which derives from the Latin agere : an agreement to act on one's behalf...
that receives electronic mail messages from a mail user agent (MUA) and cooperates with a mail transfer agent
Mail transfer agent
Within Internet message handling services , a message transfer agent or mail transfer agent or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture...
(MTA) for delivery of the mail. It uses a variant of the Simple Mail Transfer Protocol
Simple Mail Transfer Protocol
Simple Mail Transfer Protocol is an Internet standard for electronic mail transmission across Internet Protocol networks. SMTP was first defined by RFC 821 , and last updated by RFC 5321 which includes the extended SMTP additions, and is the protocol in widespread use today...
(SMTP), as specified in RFC 6409.
Many MTAs perform the function of an MSA as well, but there are also programs that are specially designed as MSAs without full MTA functionality. Historically in Internet mail, both MTA and MSA functions use port number 25. The MTA accepts locally-destined mail from other domains, and an MSA accepts submitted mail from local users.
Benefits
Separation of the MTA and MSA functions produces several benefits:One benefit is that an MSA, since it is interacting directly with the author's MUA, can correct minor errors in a message's format (such as a missing Date, Message-ID, To fields, or an address with a missing domain name) and/or immediately report an error to the author so that it can be corrected before it is sent to any of the recipients. An MTA accepting a message from another site cannot reliably make those kinds of corrections, and any error reports generated by such an MTA will reach the author (if at all) only after he has already sent the message.
One more benefit is that with a dedicated port number, 587, it is always possible for users to connect to their domain to submit new mail. Many Internet service providers and enterprise or institutional networks
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
restrict the ability to connect to remote MTAs on port 25. Availability of a Mail Submission Agent on port 587 enables nomadic users to continue to send mail via their preferred submission servers even from within others' networks. Using a specific submission server is a requirement when sender policies
Sender Policy Framework
Sender Policy Framework is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF...
or signing practices are enforced.
Another benefit is that separating the MTA and MSA functions makes it easier for an MTA to deny relaying, that is to refuse any mail that is not addressed to a recipient at a domain that is served locally. By contrast, an MSA must generally accept mail for any recipient on the Internet, though it only accepts such mail from authors who are authorized to use that MSA and who have established their identity to the MSA via authentication. In times when both mail submission and acceptance of incoming mail were usually accomplished using the same protocol and the same server, the ability to send mail to arbitrary destinations without authentication allowed spammers to use MTAs as a means of distributing spam
E-mail spam
Email spam, also known as junk email or unsolicited bulk email , is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE...
(since a single message transaction can request that an MTA relay a message to a large number of recipients), and also made it more difficult to trace a message to its origin.
Yet another benefit is that MSAs and MTAs can have different policies for filtering of spam. Most MSAs require authentication in the form of a username and password provided by the author. Any messages received by such an MSA are therefore traceable to an author who has a direct relationship with the MSA, and who can be held accountable for his actions. This allows the MSA to have either no spam filtering, or more permissive spam filtering than an MTA that exists for the purpose of accepting incoming email from other domains. It is difficult to establish trust in mail sent between arbitrary domains, because there is generally no direct relationship between those domains via which trust, or even identity, can be established. In the absence of such trust, an MTA must generally rely on heuristics and third-party reputation services to distinguish spam from legitimate traffic, and both of these mechanisms have a history of being error-prone. The separation of MSA and MTA therefore avoids the use of unreliable spam recognition mechanisms during mail submission, and increases the probability for legitimate mail to be delivered successfully.
Mandatory Authentication
RFC 6409 requires that clients are authorized and authenticated to use the mail submission service, e.g., as described in SMTP-AUTH (ESMTPA), or by other means such as RADIUSRADIUS
Remote Authentication Dial In User Service is a networking protocol that provides centralized Authentication, Authorization, and Accounting management for computers to connect and use a network service...
, public key certificate
Public key certificate
In cryptography, a public key certificate is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth...
s, or (the mostly obsolete) POP before SMTP
POP before SMTP
POP before SMTP or SMTP after POP is a method of authorization used by mail server software which helps allow users the option to send e-mail from any location, as long as they can demonstrably also fetch their mail from the same place....
.
Policy enforcement
The MSA must check that the submitted mail is syntactically valid and conforms to the relevant site policies. RFC 6409 contains some optional features:- Enforce submission rights guarantees that the envelope sender addressBounce addressA bounce address is an e-mail address to which bounce messages are delivered. There are many variants of the name, none of them used universally, including return path, reverse path, envelope from, envelope sender, MAIL FROM, 5321-FROM, return address, From_, Errors-to, etc...
is valid and authorized with the used authentication. This in essence complies with the SPFSender Policy FrameworkSender Policy Framework is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF...
model specified in RFC 4408. - May add sender permits to add a Sender address header field if the envelope sender addressBounce addressA bounce address is an e-mail address to which bounce messages are delivered. There are many variants of the name, none of them used universally, including return path, reverse path, envelope from, envelope sender, MAIL FROM, 5321-FROM, return address, From_, Errors-to, etc...
does not match any author address in the "From" header field. This roughly complies with the Sender IDSender IDSender ID is an anti-spoofing proposal from the former MARID IETF working group that tried to join Sender Policy Framework and Caller ID. Sender ID is defined primarily in Experimental RFC 4406, but there are additional parts in RFC 4405, RFC 4407 and RFC 4408.- Principles of operation :Sender ID...
model specified in RFC 4406 - ignoring the tricky case of Resent-From header fields not covered in RFC 6409.
See also
- E-mail authenticationE-mail authenticationEmail authentication is the effort to equip messages of the email transport system with enough verifiable information, so that recipients can recognize the nature of each incoming message automatically...
- SMTP AUTH
- Simple Mail Transfer ProtocolSimple Mail Transfer ProtocolSimple Mail Transfer Protocol is an Internet standard for electronic mail transmission across Internet Protocol networks. SMTP was first defined by RFC 821 , and last updated by RFC 5321 which includes the extended SMTP additions, and is the protocol in widespread use today...
- List of mail servers
- Comparison of mail serversComparison of mail serversThis is a comparison of mail servers: mail transfer agents, mail delivery agents, and other computer software which provide e-mail services.- Feature comparison :- Authentication :- Antispam Features :...
- Smart hostSmart hostA smart host is a type of mail relay server which allows an SMTP server to route e-mail to an intermediate mail server rather than directly to the recipient’s server. Often this smart host requires authentication from the sender to verify that the sender has privileges to have mail forwarded...
- E-mail agent (infrastructure) (MxA)
- Mail delivery agentMail delivery agentA mail delivery agent or message delivery agent is a computer software component that is responsible for the delivery of e-mail messages to a local recipient's mailbox...
(MDA) - Mail transfer agentMail transfer agentWithin Internet message handling services , a message transfer agent or mail transfer agent or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture...
(MTA) - Mail user agent (MUA)