What protocol actually sends an email?

Most outbound mail uses SMTP, which moves messages from your provider's sending server to the recipient's provider.

Why does email sometimes arrive late?

Delays can come from greylisting, server retries, spam filtering queues, or temporary DNS and routing issues between mail hosts.

What is the difference between SMTP and IMAP?

SMTP sends mail between servers, while IMAP lets your email app read and sync messages stored on your provider's mailbox server.

How do providers verify that a message is real?

They combine SPF, DKIM, and DMARC checks with reputation scoring and content analysis before deciding inbox, spam, or reject.

Can email work without the internet?

Not in the way people use it today. Traditional email depends on IP networks and DNS to locate and exchange messages between servers.

How Email Works | distill.md

Email feels like a single click, but the actual process is a chain of handoffs between machines that do not trust each other by default. Your provider has to find the recipient domain, negotiate delivery with the remote server, pass anti-spam and anti-forgery checks, and store the message in the right mailbox before the recipient app can display it.

The short answer

Email works by sending your message from one mail server to another using SMTP, then letting the recipient retrieve it with protocols like IMAP. Delivery depends on DNS routing, server reputation, and authentication records that prove who is allowed to send on behalf of a domain. If any of those checks fail, the message may be delayed, filtered, or rejected.

The full picture

The basic architecture

At minimum, one email transaction involves your mail client, your outbound server, the recipient domain’s inbound server, and a mailbox store. The Wikipedia email overview describes this as a store-and-forward system: messages are accepted by one server, queued, and then relayed to the next destination.

Unlike chat apps that often use one centralized platform, email is federated. Gmail can send to Outlook, Outlook can send to Proton, and a company server can send to all of them as long as protocol and trust checks pass.

What happens when you press send

First, your app submits the message to your provider using authenticated SMTP submission. Your provider then performs policy checks, signs the message if configured, and looks up MX records for the recipient domain.

Second, your server opens an SMTP session with the recipient-side infrastructure. The core SMTP flow, documented in the SMTP protocol page, includes envelope sender, recipient, and message data stages.

Third, the receiving side runs anti-abuse checks. These include sender IP reputation, SPF alignment, DKIM signature validity, and DMARC policy handling.

Fourth, the recipient mailbox system accepts, quarantines, or rejects the message. If accepted, the user can read it via webmail or IMAP.

Example one: an internal company-to-company invoice email may pass quickly because both domains have strong authentication and clean sender history.

Example two: a bulk marketing email from a new domain can be throttled or sent to spam even if technically delivered, because reputation signals are weak.

Why email delivery is not always immediate

SMTP is resilient by design, not instant by guarantee. If the recipient server is temporarily unavailable, the sending server retries later. That is why delivery can take minutes or, in some cases, hours.

Some providers also use greylisting, where unknown senders get a temporary failure and must retry. Legitimate servers retry correctly, many spam bots do not. This improves filtering quality but adds latency.

Large providers additionally queue suspicious or high-volume traffic for deeper scanning. So a message can be accepted by infrastructure before it appears in the inbox.

Authentication and trust: SPF, DKIM, DMARC

SPF tells receivers which servers are allowed to send for a domain. DKIM adds a cryptographic signature that proves message integrity and domain-level signing. DMARC tells receivers how strictly to handle failures and where to send reports.

In real life, this matters most for business domains. If a company has no DMARC policy, attackers can spoof lookalike messages more easily. If policy is strict and aligned, impersonation attempts are more likely to be rejected before users ever see them.

Practical example: a payroll phishing campaign often fails at the gateway when DMARC alignment is enforced. Without alignment, the same message may land in inboxes and rely on user caution alone.

Inbox placement is a ranking problem

People assume delivery is binary, received or not received. Modern email is more nuanced. Providers score messages using content, sender behavior, engagement patterns, and historical complaint rates.

That means technical correctness is necessary but not sufficient. A message can pass SPF and DKIM and still be routed to spam because recipient-side models predict low trust or low relevance.

This is one reason transactional email and marketing email are often split across separate subdomains and sending infrastructure.

Why it matters

Email remains the identity and recovery layer for most online services. Password resets, legal notices, invoices, account alerts, and job communication still flow through it. Understanding how delivery works helps individuals avoid scams and helps teams avoid silent business failure.

For individuals, the practical takeaway is simple: check full sender domains, not display names; treat urgent financial requests with skepticism; and use providers that surface authentication warnings clearly.

For teams, the operational takeaway is equally concrete: publish SPF, DKIM, and DMARC correctly, monitor bounce and complaint rates, and keep sending lists clean. Small configuration mistakes can block critical customer communication at scale.

Common misconceptions

“If I hit send, the recipient definitely got it.” Not necessarily. The message may be queued, filtered, rejected, or routed to spam depending on receiving policy and sender trust.

“Spam filtering is only about bad keywords.” Wrong. Modern filtering combines authentication, IP reputation, behavioral patterns, and model-based scoring, not just message text.

“Email is old, so it is simple and static.” The core standards are old, but operational email is constantly changing because abuse tactics and defensive controls evolve continuously.

Key terms

SMTP: Protocol used to transfer email between sending and receiving servers.

IMAP: Protocol that lets clients read and sync messages stored on a server mailbox.

MX record: DNS record that tells senders which mail server handles a domain’s inbound email.

SPF: DNS-based policy listing which servers may send mail for a domain.

DKIM: Cryptographic signing method that helps receivers verify a message was not altered in transit.

DMARC: Domain policy and reporting framework that coordinates SPF and DKIM outcomes with receiver action.