If you love your email standards, SMTP your feet: 35 years later
Granddaddy celebrates one score and 15 years of inbox-filling antics
This month marks the 35th anniversary of the sign-off of RFC 821, the first definition of the Simple Mail Transfer Protocol, that everyday staple of email comms.
Although the original spec has long been superseded, with the latest version of SMTP being contained in RFC 5321, RFC 821 laid the foundations for the billions of messages that zip through the intertubes every day.
An American consultancy estimated (PDF) that there are around 2.7 billion users of email today, and reckons that half the planet will be using email by the year 2020.
Credited to Jonathan B Postel, his 1982 paper (PDF, 72 pages) setting out the standard was published alongside David H Crocker’s RFC 822, “Standard for ARPA Internet Text Messages”. ARPA is the Advanced Research Projects Agency, an American government organisation better known today as DARPA, the US military’s technology and science research arm.
Postel’s unimprovable introduction to RFC 821 was: “The objective of Simple Mail Transfer Protocol (SMTP) is to transfer mail reliably and efficiently,” something that email has achieved remarkably well for the last three decades.
The original protocol and its modern successors are the universal standard.
Since the heady pre-WWW days of 30 years ago (that’s right, greybeards, count ‘em) SMTP has been updated again and again to keep it robust and relevant.
Of course, nobody anticipated how badly the internet would come to need secure comms, so while SMTP has also absorbed some improvements in its security, the most important one, the extension STARTTLS (under RFC 3207) in the year 2002, could not guarantee either message confidentiality or proof of server authenticity.
Last March an Internet Engineering Task Force (IETF) working group proposed a new protocol, Strict Transport Security, to beef up mail servers’ ability to recognise each other’s STARTTLS capabilities.
While everyone is interested in beefing up security, nobody disputes that email is an indispensable part of everyday modern life.
The original email spec had no anti-spoofing provisions, however, which proved to be a problem later on as more and more of the world got online – including scammers and the like. Later updates to the SMTP protocol bolted on the ability to negotiate an authentication mechanism with an SMTP server so that the client could authenticate themselves and, if they wanted to, to set up additional security on the client-server session.
Even spam, the dark side of email, is now an accepted part of our lives, with mail providers devising ever better filters even as marketers, script kiddies, malware authors and other ne’er-do-wells come up with fresh ways of putting irrelevant crap in front of our eyeballs – or simply flooding our inboxes with crap in the hope of pushing email providers out of business. Or, in the case of Virgin Media earlier this year, your ISP screws up and starts blocking legitimate messages.
And who could forget the perennial horror of the mass reply-all email chain? The NHS’s version of that particular snafu temporarily paralysed the health service’s internal comms for a full working day, late last year.
Come rain, come shine, come bad days or good, it seems a certainty that for the next 30 years, office drones will arrive in the mornings, boot their terminals – and open their email clients. Whether RFC 2549 will catch on in the future is anyone's guess, however. ®
Sponsored: Becoming a Pragmatic Security Leader