How Email Works: From DNS Queries to Secure Mail Delivery

1. Introduction

Although instant messaging tools are increasingly popular, enterprises still rely on email for inter‑company communication, making it essential for operations staff to understand the underlying principles. This article gradually introduces the components of an email system, their functions, and the overall workflow.

2. Relationship Between Mail Servers and DNS

In the early Internet, sending mail was simple because each host had a fixed IP address and was always online. As personal computers became prevalent and users were no longer constantly connected, a dedicated mail server was needed to receive, store, and forward messages for a domain. DNS is used to locate the mail server responsible for a domain via MX (Mail eXchange) records. When multiple MX records exist, the one with the lowest priority value is preferred, providing load balancing or backup capabilities.

MX Lookup Process

① The sending side queries DNS for the recipient's MX record.
② DNS returns the MX information.
③ The sender selects the highest‑priority mail server (mail1).
④ If the primary server is busy or offline, the mail is sent to a secondary server (mail2).
⑤ When the primary server becomes available, mail2 forwards the queued messages back to mail1.

3. Mail Transfer Programs

MUA (Mail User Agent) : Provides user interface for composing and reading mail and sends messages outward.

MTA (Mail Transfer Agent) : Handles the transmission of mail between servers (often an smtpd service).

MDA (Mail Delivery Agent) : Stores received mail into the appropriate mailbox.

MRA (Mail Retrieval Agent) : Retrieves mail from a mailbox for the user via POP3/IMAP4.

4. Email Sending Process

The following diagram illustrates the end‑to‑end flow from a user composing a message to delivery on the recipient’s server.

① User eric logs into mail.pangxie.com, writes a mail to [email protected], and sends it.
② mail.windchaser.com invokes its smtp program.
③ smtp sees a domain name and calls the DNS client.
④ DNS client queries the DNS server for MX records.
⑤ DNS server returns the target mail server information.
⑥ smtp establishes a TCP connection (three‑way handshake) with the recipient’s server and transfers the mail.
⑦ The recipient’s smtp daemon stores the mail in /var/spool/mail/<username> if the address is local, otherwise it forwards it.
⑧ wqp logs into mail.windchaser.com and retrieves the mail via the mail command.
⑨ The mail is moved to the user’s mbox directory.

5. Open Relay (Open Relay Proxy)

An open relay forwards mail to other domains when the local server cannot deliver directly, which is convenient but also a source of spam.

6. Desktop Clients (MUA) Sending Mail

Typical desktop clients such as Outlook or Foxmail use the configured SMTP server to send mail. The workflow is:

① User opens the MUA program.
② After composing the mail, the client contacts the configured SMTP server.
③ The local smtp server checks whether the recipient is local; if not, it forwards the mail.
④ The mail is handed to the MDA, placed in a public mailbox, and then DNS is consulted for the recipient’s MX record to deliver it outward.

7. Receiving Mail via MUA (POP3/IMAP4)

After the local smtp daemon delivers mail to the mailbox, a POP3 or IMAP4 service allows the user to retrieve it using credentials.

① User runs the MUA.
② The client connects to the POP3 service with username/password.
③ POP3 authenticates the user and invokes the MRA.
④ MRA fetches the mail from the mailbox and returns it to the client.

8. Webmail

Webmail requires a web server and CGI scripts to act as a bridge between the browser and the mail system. The browser sends credentials, the CGI calls the local smtp to send mail, and uses POP3/IMAP4 to retrieve mail for display.

9. Authentication of Sending Users (SASL)

SMTP alone does not authenticate senders, so Simple Authentication Security Layer (SASL) is used to verify user credentials before allowing relay.

① User provides username/password to the mail server.
② The server invokes SASL.
③ SASL checks the credentials against a backend (plain, login, MySQL, LDAP, etc.).
④ If authentication fails, the server rejects the mail.
⑤ If successful, the server proceeds with MX lookup and delivery.

10. Encryption of Mail Transmission

SMTP, POP3, and IMAP4 transmit data in clear text. To protect confidential mail, TLS/SSL is used for POP3S/IMAPS, while SMTP requires S/MIME or GPG for end‑to‑end encryption.

11. Spam and Virus Filtering

Because SMTP is simple, additional components such as SpamAssassin for spam detection and ClamAV for virus scanning are employed via a caller program (e.g., MailScanner, mmedefang, amavisd‑new) before mail is accepted.

① User eric sends mail to mail.pangxie.com.
② The server resolves the recipient MX record and forwards the mail.
③ Upon receipt, mail.windchaser.com invokes the caller.
④ The caller runs the virus scanner.
⑤ The caller runs the spam filter.
⑥ If both checks pass, the mail is stored in the user’s mailbox.

12. Summary

1. Core mail transfer programs: MUA, MTA, MRA, MDA. 2. Because SMTP is simple, additional components such as DNS, web interfaces, POP3/IMAP4 (or their TLS variants), SASL, and caller programs are required for a complete, secure mail system. 3. The complete flow of [email protected] sending to [email protected] is illustrated in the final diagram.