You click "Send" and a moment later your friend receives your message. It feels instant and magical. But behind that click, your email has passed through at least three different servers, spoken two different protocols, been reformatted, re-addressed, queued, and delivered — all without you seeing any of it.

Email is a perfect lesson in how the internet's application-layer protocols work. Unlike a phone call that goes directly from person to person, email follows the metaphor of the postal service: you drop it at your local post office (outgoing server), it travels to a sorting centre (relay), arrives at the destination post office (incoming server), and waits in a mailbox until your friend picks it up. Each stage uses a different protocol designed specifically for that job.

Email Protocols

SMTP: Simple Mail Transfer Protocol

SMTP (RFC 5321) is the protocol for sending email. It operates on:

Port 25: Server-to-server relay (MTA to MTA)
Port 587: Client-to-server submission (your email client to your provider's server)
Port 465: SMTP over SSL (older, still used)

Here is an actual SMTP conversation between two mail servers — the protocol is text-based and surprisingly readable:

Client: EHLO mail.sender.com
Server: 250-mail.receiver.com Hello
        250-SIZE 52428800
        250-STARTTLS
        250 OK

Client: MAIL FROM:<alice@sender.com>
Server: 250 OK

Client: RCPT TO:<bob@receiver.com>
Server: 250 OK

Client: DATA
Server: 354 Start input; end with <CRLF>.<CRLF>

Client: From: alice@sender.com
        To: bob@receiver.com
        Subject: Hello Bob
        Date: Mon, 02 Jun 2026 10:00:00 +0000

        Hi Bob, how are you?
        .
Server: 250 Message accepted for delivery

Client: QUIT
Server: 221 Bye

SMTP only handles sending and relaying — it has no mechanism for reading mail from a mailbox. That's where POP3 and IMAP come in.

POP3: Post Office Protocol v3

POP3 (RFC 1939) operates on port 110 (995 for SSL/TLS). It follows the physical-mailbox model:

Connect to the mail server
Download all messages to local device
Delete from server (by default)
Disconnect

POP3 works well when you access email from a single device and want local storage. But it has a critical limitation: once downloaded to your laptop, the email is gone from the server. Open your phone — the inbox is empty.

IMAP: Internet Message Access Protocol

IMAP (RFC 3501) operates on port 143 (993 for SSL/TLS). It follows the cloud-sync model:

Messages stay on the server permanently
Your devices download headers first, bodies on demand
Read/unread status, folders, and flags are synchronised across all devices
Deleting on phone deletes on all devices

This is why Gmail, Outlook, and Apple Mail work seamlessly across your laptop, phone, and tablet simultaneously — they all use IMAP, all talking to the same server-side mailbox.

Feature	POP3	IMAP
Port	110 / 995 (SSL)	143 / 993 (SSL)
Messages stored	On device	On server
Multi-device sync	No	Yes
Offline access	Yes (downloaded)	Limited (cached)
Bandwidth use	High (full download)	Lower (on-demand)
Best for	Single device, local backup	Multiple devices, cloud access

FTP: File Transfer Protocol

FTP (RFC 959) is one of the oldest internet protocols, dating to 1971. It transfers files between a client and a server. FTP uses two separate connections:

Control connection (port 21): Commands and responses (text-based, like SMTP)
Data connection (port 20 or dynamic): Actual file data

Active vs. Passive Mode

FTP's dual-connection design creates firewall problems. The mode determines who initiates the data connection:

ACTIVE MODE:
Client ──────────────────────────── Server
Port 21 (control): Client connects to server ✓
Port 20 (data):    Server connects BACK to client ✗
                   (Firewall blocks incoming connection!)

PASSIVE MODE:
Client ──────────────────────────── Server
Port 21 (control): Client connects to server ✓
Port > 1023 (data): Client connects to server ✓
                    (Client initiates both — firewall happy!)

In Active mode, the server opens a connection back to the client on port 20. Modern firewalls and NAT block this incoming connection. Passive mode solves this: the server tells the client "open a data connection to me on port X," and the client initiates it. Nearly all modern FTP clients default to passive mode.

Secure FTP Alternatives

Plain FTP sends everything in cleartext — username, password, and file contents are all visible to network eavesdroppers.

Protocol	Description	Port	How It Works
FTP	Original, insecure	21	Cleartext, dual connection
FTPS	FTP over TLS	21/990	Adds TLS encryption to FTP
SFTP	SSH File Transfer	22	Completely different protocol, runs over SSH

Despite similar names, SFTP and FTP are unrelated protocols. SFTP is actually part of the SSH protocol suite, not an extension of FTP.

DHCP: Dynamic Host Configuration Protocol

Before DHCP, giving a device network access required manually typing in an IP address, subnet mask, default gateway, and DNS server. For home networks with 20+ devices, this would be impractical. DHCP (RFC 2131) automates this entirely.

The DHCP process follows the DORA sequence:

Client                              DHCP Server
  │                                      │
  │──── DISCOVER (broadcast) ───────────>│
  │     "I need an IP address!"          │
  │                                      │
  │<─── OFFER ───────────────────────────│
  │     "How about 192.168.1.105?        │
  │      Lease: 24 hours"                │
  │                                      │
  │──── REQUEST (broadcast) ────────────>│
  │     "Yes, I'll take 192.168.1.105"   │
  │                                      │
  │<─── ACKNOWLEDGE ─────────────────────│
  │     "Confirmed. IP is yours for      │
  │      24 hours (lease time)"          │
  │                                      │

Discover → Offer → Request → Acknowledge = DORA

DHCP delivers not just an IP address but a complete network configuration:

IP address and subnet mask
Default gateway (your router)
DNS server addresses
Lease duration

Leases have a duration. Before expiry, clients renew automatically. If a device leaves the network, its IP eventually returns to the pool for reuse. This is why your laptop might get a different IP address each day.

NTP: Network Time Protocol

NTP (RFC 5905) synchronises clocks across networked devices, operating on UDP port 123. It sounds trivial until you consider what breaks without accurate time:

SSL/TLS certificates have validity periods — if your clock is wrong, certificates appear expired or not-yet-valid
Kerberos authentication (used in corporate Windows networks) rejects logins if the client and server clocks differ by more than 5 minutes
Log correlation across multiple servers becomes impossible if each server's timestamps differ
DNSSEC signatures, financial transactions, and distributed databases all depend on accurate time

NTP uses a stratum hierarchy:

Stratum 0: Atomic clocks, GPS receivers (not on network)
Stratum 1: Servers directly connected to Stratum 0
Stratum 2: Servers synced from Stratum 1 (e.g., time.google.com)
Stratum 3: Your router, synced from Stratum 2
Stratum 4: Your laptop, synced from your router

Your devices typically sync from a Stratum 2 or 3 server. Accuracy within a few milliseconds is standard. GPS-disciplined Stratum 1 servers achieve nanosecond accuracy.

Protocol Reference Table

Protocol	Port(s)	Purpose	Secure Version
SMTP	25, 587	Sending/relaying email	SMTPS (465), STARTTLS
POP3	110	Download email to device	POP3S (995)
IMAP	143	Sync email across devices	IMAPS (993)
FTP	21 (control), 20 (data)	File transfer	FTPS (TLS), SFTP (SSH)
DHCP	67 (server), 68 (client)	Automatic IP assignment	DHCPv6
NTP	123 (UDP)	Clock synchronisation	NTS (RFC 8915)

Summary

Email relies on three protocols working in sequence: SMTP routes messages between servers, while POP3 or IMAP deliver them to clients — POP3 downloads and removes, IMAP syncs and retains. FTP transfers files but its dual-connection model requires passive mode behind firewalls, and SFTP over SSH is now the secure standard. DHCP automates network configuration using the DORA handshake, making plug-and-play networking possible. NTP synchronises clocks across the internet, underpinning security protocols, authentication systems, and distributed applications that all depend on consistent time. Together, these protocols handle the day-to-day operational needs of networked systems.

💬 DiscussionPowered by GitHub Discussions

📱

Get this course's notes on Telegram!

Free cheat sheets, summaries & practice exercises

Get Notes Free →

25 minLesson 14 of 17

Course Contents(17 lessons)

▾

Chapter 1: Network Foundations

What Is a Computer Network? Types and Topologies22 min

Network Devices: Hubs, Switches, Routers Explained25 min

Chapter 2: OSI and TCP/IP Models

The 7-Layer OSI Model: A Layer-by-Layer Journey35 min

TCP/IP Model: How the Internet Actually Works28 min

Data Encapsulation: How Packets Are Built and Unwrapped25 min

Chapter 3: Network and Data Link Layers

IP Addressing: IPv4, Subnets, and CIDR Notation35 min

IPv6: Why We Needed It and How It Works25 min

Routing Algorithms: How Packets Find Their Way30 min

MAC Addresses and the Data Link Layer25 min

Chapter 4: Transport Layer

TCP vs UDP: Reliability vs Speed30 min

TCP Deep Dive: Handshake, Flow Control, Congestion32 min

Chapter 5: Application Layer Protocols

DNS: How Domain Names Become IP Addresses30 min

HTTP and HTTPS: The Web's Foundation32 min

Email, FTP, and Other Application Protocols25 min

Chapter 6: Network Security

Network Security: Threats, Attacks, and Defenses30 min

Firewalls, VPNs, and Network Access Control28 min

SSL/TLS: How HTTPS Encrypts Your Data30 min