Protection Against Spam – Sending Only with SMTP Authentication

What is SMTP authentication?

When sending an email, mail servers require you to log in before the email can be sent. Otherwise, anyone could send an email “as us.”

SMTP authentication is the process of verifying a user through the outgoing mail server. Its purpose is to increase security by preventing unauthorized individuals from sending messages from “our” email account and enhancing the credibility of the mail server. Anyone attempting to send an email will need to enter a username and password to authenticate themselves.

Why is it important to send messages with SMTP authentication?

While it’s common to set up authentication when sending emails using a mail client (like Outlook, Thunderbird, etc.), many people forget the importance of authentication when sending messages from a server (such as a contact form or emails from an online store).

When sending messages from a server, it’s crucial to authenticate via SMTP.

Using the PHP mail() function to send emails does so without authentication. This is a poor practice, despite being the simplest method of sending emails through server scripts. However, it’s considered outdated, originating from a time when spam wasn’t an issue.

Emails sent locally from a server without authentication, even if they’re successfully sent, often fail to reach recipients properly because they lack the necessary mechanisms to ensure deliverability: SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).

Many servers reject emails that don’t have header information indicating they were sent with authentication. Therefore, sending emails without authentication (e.g., using PHP mail() ) is not recommended.