The SMTP Server:-
Whenever you send a piece of e-mail, your e-mail client interacts with the SMTP server to handle the sending. The SMTP server on your host may have conversations with other SMTP servers to deliver the e-mail.
When I set up my account at howstuffworks, I told Outlook Express the name of the mail server -- mail.howstuffworks.com. When I compose a message and press the Send button, here's what happens:
1)0utlook Express connects to the SMTP server at mail.howstuffworks.com using port 25.
2)Outlook Express has a conversation with the SMTP server, telling the SMTP server the address of the sender and the address of the recipient, as well as the body of the message.
3)The SMTP server takes the "to" address ([email protected]) and breaks it into two parts: the recipient name (jsmith) and the domain name (mindspring.com). If the "to" address had been another user at howstuffworks.com, the SMTP server would simply hand the message to the POP3 server for howstuffworks.com (using a little program called the delivery agent). Since the recipient is at another domain, SMTP needs to communicate with that domain.
4)The SMTP server has a conversation with a Domain Name Server, or DNS (see How Web Servers Work for details). It says, "Can you give me the IP address of the SMTP server for mindspring.com?" The DNS replies with the one or more IP addresses for the SMTP server(s) that Mindspring operates.
5)The SMTP server at howstuffworks.com connects with the SMTP server at Mindspring using port 25. It has the same simple text conversation that my e-mail client had with the SMTP server for HowStuffWorks, and gives the message to the Mindspring server. The Mindspring server recognizes that the domain name for jsmith is at Mindspring, so it hands the message to Mindspring's POP3 server, which puts the message in jsmith's mailbox.
@mayursuzuki, did you just copy and paste from howstuffworks?
@marylisa, you are always at the mercy of the other company's security when you employ an external vendor to handle email. I just set the mail transports to use SSL or TLS with SASL authentication, and call it a day. The default is to just send credentials in plaintext, so it's really going to depend on your setup. With different email software and APIs you can protect your security in different ways. Can you give us an example of your setup, and why you might be concerned about security, so that we can more accurately provide the information you're looking for?