Mail server fun


SMTP means Simple Mail Transfert Protocol.

As usual, when there’s the word simple somewhere in the name of a protocol or API, it’s a big warning sign.

So today I forgot to enable the LOGIN authentication mechanism in the SSL connection of my SMTP mail server. The following happens with Windows Live Mail when sending a mail:

  • it tries to authenticate but fails silently
  • it tries to then send the email directly (like a spammer would do)

This is a good example of over engineering which comes back to bite you hard. Trying to send an email directly (that is, connecting ot the SMTP server of the recipient) should work in theory. In practice, most servers will reject this because most dynamic connections end up in many anti spam lists. The funny thing is that Windows Live Mail is completely silent about this. It doesn’t even show a warning or anything and if I didn’t check my mail logs, I wouldn’t have figured out why a client’s email messages would frequently fail to reach their destination.

But of course the real reason is that email is a mess.