Summary
ESMTPS and ESMTPSA are extensions to the SMTP protocol related to secure email transmission. ESMTPS indicates that Transport Layer Security (TLS) was used to encrypt the email. ESMTPSA signifies that both TLS encryption and SMTP Authentication were used. Authentication generally implies a higher level of trust, ensuring that the sender has authenticated with the mail server. STARTTLS is now the preferred method for securing SMTP connections, where a plain text connection is upgraded to a secure TLS connection. Older methods such as SMTPS are deprecated. RFCs and other documentation outline the implementation of these security measures and the role of authentication in verifying users. In practice, internal handoffs often use ESMTPSA, while MTA to MX communication relies on ESMTPS.
Key findings
- ESMTPS vs ESMTPSA: ESMTPS uses TLS for encryption; ESMTPSA uses TLS and SMTP Authentication.
- Authentication Adds Trust: ESMTPSA is considered more secure due to the added authentication layer.
- STARTTLS is Preferred: STARTTLS is the current standard for securing SMTP connections, replacing older methods like SMTPS.
- ESMTP Framework: ESMTP provides the base framework for implementing these extensions.
- Internal Handoffs: Internal mail system handoffs use ESMTPSA; external communication often uses ESMTPS.
Key considerations
- Implement TLS/SSL: Always implement TLS/SSL encryption to protect email content during transmission.
- Use STARTTLS: Prefer STARTTLS over older methods for securing SMTP connections.
- Enforce Authentication: Enforce SMTP Authentication to prevent unauthorized email sending.
- Support STARTTLS: Mail servers should support and announce STARTTLS for opportunistic encryption upgrades.
- Different Security Levels: Recognize that different security levels may be appropriate for internal versus external communication.
What email marketers say
8 marketer opinions
ESMTPS and ESMTPSA are extensions to the SMTP protocol that enhance email security. ESMTPS signifies that Transport Layer Security (TLS) was used to encrypt the email transmission. ESMTPSA, in addition to TLS encryption, indicates that authentication was also used, implying a more secure connection as the sender authenticated with the mail server. While SMTPS (SMTP Secure) was an older, now deprecated method, STARTTLS is currently preferred, allowing for a plain text connection to be upgraded to a secure one using TLS. Implementing TLS/SSL encryption is crucial for securing SMTP to protect email content during transmission. The use of authentication ensures that only authorized users can send emails through the server.
Key opinions
- ESMTPS vs ESMTPSA: ESMTPS uses TLS for encryption, while ESMTPSA uses both TLS encryption and authentication.
- Trust Level: ESMTPSA is generally considered more secure due to the added layer of authentication.
- SMTPS Deprecation: SMTPS is deprecated, with STARTTLS being the preferred method for securing SMTP connections.
- STARTTLS Functionality: STARTTLS enables a plain text connection to be upgraded to a secure, encrypted connection.
- Authentication Benefit: Authentication restricts email sending to authenticated users only.
Key considerations
- Security Importance: Implementing TLS/SSL encryption and authentication are crucial for protecting email content during transmission and preventing unauthorized use.
- Protocol Choice: Opt for STARTTLS over the deprecated SMTPS for securing SMTP connections.
- Trust Implications: Recognize that ESMTPSA offers a higher level of trust due to the authentication process.
- Deprecation Impact: SMTPS usage is outdated and should be avoided as newer standards exist
Marketer view
Email marketer from MXToolbox explains that STARTTLS enables encryption for SMTP sessions. The protocol is initiated in plaintext, then upgraded to a secure, encrypted connection. It explains that STARTTLS is preferred over legacy SSL/TLS connections.
28 Oct 2023 - MXToolbox
Marketer view
Marketer from Email Geeks explains that in theory, ESMTPSA is more trusted because someone had to authenticate to the MTA to pass the message in, assuming the MTA isn't lying.
2 Jan 2023 - Email Geeks
What the experts say
2 expert opinions
In email communication, internal handoffs within a mail system often use ESMTPSA, indicating both TLS encryption and authentication. The transfer from the Mail Transfer Agent (MTA) to the receiving Mail Exchanger (MX) typically uses ESMTPS, employing TLS encryption alone. Modern email security relies on opportunistic TLS via STARTTLS, where the mail server announces TLS support for secure communication.
Key opinions
- Internal vs. External Handoff: Internal mail system handoffs use ESMTPSA (TLS + Authentication), while MTA to MX handoffs use ESMTPS (TLS only).
- Modern TLS Implementation: STARTTLS is the current standard, enabling opportunistic TLS encryption.
Key considerations
- Security Levels: Different levels of security (authentication vs. no authentication) are used at different stages of email delivery.
- STARTTLS Adoption: Ensure mail servers support and announce STARTTLS for secure email communication.
Expert view
Expert from Word to the Wise explains TLS (Transport Layer Security). The modern standard is opportunistic TLS using STARTTLS, where the mailserver announces that it supports TLS encryption.
24 Sep 2022 - Word to the Wise
Expert view
Expert from Email Geeks confirms that internal handoff is ESMTPSA and the one from the MTA to the MX is ESMTPS.
23 Jan 2023 - Email Geeks
What the documentation says
6 technical articles
The RFC documentation outlines that Extended SMTP (ESMTP) provides the framework for extensions like TLS and authentication. RFC documents explain the implementation of TLS to secure SMTP connections and the addition of authentication mechanisms where clients log in to mail servers. STARTTLS, described in Microsoft documentation, allows upgrading plain text SMTP connections to encrypted ones. These RFC documents collectively provide the underlying specifications for achieving secure email transport and authentication relevant to understanding ESMTPS and ESMTPSA.
Key findings
- ESMTP Framework: ESMTP provides the framework for extending SMTP with features like TLS and authentication.
- TLS Implementation: RFC documentation specifies the use of TLS to secure SMTP connections.
- Authentication Mechanisms: RFC defines mechanisms for client authentication to mail servers.
- STARTTLS Upgrade: STARTTLS enables upgrading plain text connections to encrypted connections.
- Authentication Requirement: SMTP Authentication mandates users to log in to send emails.
Key considerations
- Secure Transmissions: Ensure SMTP connections are secured using TLS as outlined in RFC documentation.
- Authentication Compliance: Implement SMTP Authentication to verify users before allowing them to send emails.
- STARTTLS Support: Support STARTTLS to allow opportunistic encryption upgrades from plain text connections.
Technical article
Documentation from Microsoft explains that STARTTLS (opportunistic TLS) allows an SMTP client and server to upgrade a plain text connection to an encrypted (TLS or SSL) connection. This relates to the TLS component within ESMTPS.
12 Nov 2023 - Microsoft Docs
Technical article
Documentation from IETF explains about various RFCs regarding email transport security, which directly relates to the use of TLS with SMTP for secure communication.
5 Jun 2023 - IETF
Are SPF, DKIM, and DMARC as important in B2B as in B2C email marketing?
Do I need DMARC for transactional emails from a small website, and what are the best low-cost alternatives for sending emails if my IP is blocked?
Do PTR records and HELOs impact email deliverability?
How can I identify the SMTP provider from an MX record?
How do SPF, DKIM, and DMARC email authentication standards work?
What are SPF, DKIM, and DMARC, and when are they needed?
