SMTP was designed without any security features — messages are transmitted as unencrypted ASCII and can be easily forged. There is no mechanism for verifying sender identity or message integrity. SMTP-AUTH addresses this by requiring clients to authenticate with the mail server before sending.
SMTP Security Risks Without AUTH
- Email messages can be read by any party along the routing path.
- Messages can be forged with a fictitious or stolen “From” address.
- No message integrity or sender verification guarantees exist.
- SMTP flooding attacks overwhelm servers by opening massive numbers of simultaneous connections.
SMTP-AUTH Benefits
- Allows legitimate users to send mail from any IP worldwide — essential for mobile workers.
- Denies relay service to spammers and unauthorised users.
- Supports alternate SMTP ports, bypassing ISP blocks on the default port 25.
- Creates an audit trail for tracing the source of spoofed or abusive email.
CISSP Made Easy 