Skip to main content
BusinessPrivate
LoginRegister now

Answers for private customers

The Knowledge Base for private customers is already largely up to date. A few individual articles are currently being revised and adapted. We thank you for your understanding and look forward to providing you with up-to-date information on using mailbox.

Please note: The knowledge base has changed slightly. Categories have been adapted and URLs stored in the old knowledge base may no longer be valid.

Overview Mailserver

Mail Server – Short Explanation

A mail server is an interaction of specialized services (MTA, MDA, MUA, and filtering components) that together ensure stable and largely failure-resistant communication. Many requirements that arise in support can only be understood within the context of this architecture. This overview is intended to help explain technical relationships clearly and set realistic expectations—for customers as well as for support.

Mail servers are among the most complex yet stable infrastructure services on the internet. To ensure that messages are reliably sent, transported, filtered, and delivered, several specialized systems work together. This article provides an accessible overall overview of how a mail server is structured, which components are involved, and why certain customer requirements are technically not possible or only feasible to a limited extent. The content is based in part on the detailed technical documentation for Debian Buster by Thomas Leister.

Background – Why the Mail Server Topic Is So Important

Many challenges in daily support work can be traced back to the fundamental functioning of the email ecosystem. Understanding how messages are transported, signed, checked, and delivered helps explain why some expectations—such as reliable read receipts, absolutely delay-free synchronization, or certain forwarding behaviors—reach technical limits. This article aims to provide a solid foundation for exactly that.

Components of a Mail Server

A mail server does not consist of a single piece of software but several services, each fulfilling a clearly defined role.

The Mail Transfer Agent (MTA) is responsible for transporting messages between servers. Applications such as Postfix, Exim, or OpenSMTPD accept incoming connections via SMTP, verify sender, recipient, and the technical integrity of the message, and then decide which destination server the mail should be forwarded to. Routing decisions are based primarily on DNS entries such as MX records. Authentication mechanisms like SPF, DKIM, and DMARC are additionally used to assess incoming messages and determine whether they should be accepted, flagged, or rejected.

For internal processing, a mail server uses a Mail Delivery Agent (MDA). After successful acceptance, it delivers the message to the correct mailbox and often performs further processing steps—such as spam checks, sorting, or server-side rules, often in combination with specialized filtering services. Only after the MDA has completed its work is the message available in the account’s mailbox.

For user access, the Mail User Agent (MUA) is responsible—programs such as Outlook, Thunderbird, Apple Mail, or mobile mail apps. They typically use IMAP or POP3 to read, delete, or move messages, and SMTP to send outgoing messages.

The Domain Name System (DNS) plays a central role in all these processes. MX records define which servers are responsible for a domain. SPF, DKIM, and DMARC entries additionally define which systems are allowed to send mail on behalf of a domain, which signatures are used for authentication, and which policies apply when checks fail. Without correct DNS configuration, reliable delivery and domain reputation are practically impossible.

How a Mail Is Delivered – Step by Step

When a user sends a message, it is first transferred from the MUA to the provider’s MTA via SMTP. The MTA checks whether the message is technically valid and whether the sender is authorized to use this address or domain (authentication, anti-spam rules, size limits, etc.).

The MTA then queries the MX record of the recipient domain via DNS and establishes a connection to the target MTA. There, the message undergoes further checks:

  • Is the recipient valid and does the mailbox exist?
  • Does the technical sender (Envelope-From / Return-Path) comply with the SPF policy?
  • Is the DKIM signature valid and aligned with the sender domain?
  • How should the message be treated according to the DMARC policy if checks fail or are not aligned (e.g., only mark, move to spam, or reject)?

Additional checks frequently run in parallel, such as spam and malware filtering, blacklist lookups, or heuristics that detect suspicious content.

Only when all checks pass—or when the policy allows acceptance—is the message accepted and passed to the MDA. The MDA stores it in the mailbox, applies filters, and ensures that it becomes visible via IMAP or POP3. This results in a fully traceable path from sending to delivery.

Why Certain Support Requests Do Not Work Technically

Many customer requests relate to technical limitations of the email ecosystem.

Forwarding is a common issue because it often leads to SPF failures and consequently DMARC warnings: the forwarding server becomes the new technical sender but is not included in the original domain’s SPF policy. DMARC also requires alignment between the visible From address, the SPF return path, and/or the DKIM signing domain. Simple forwarding easily breaks this alignment. Mechanisms like DKIM or ARC can compensate for this in some cases but not reliably in all situations. This is not a provider-specific problem but a systemic characteristic of current email standards.

Similar limitations apply to the expectation of “real-time synchronization.” IMAP is a very reliable protocol and, with extensions like IDLE, can operate nearly in real time. In practice, however, connections experience timeouts, reconnections, mobile and Wi-Fi fluctuations, and client-specific polling intervals. Delays of several seconds or even minutes are therefore completely normal and technically unavoidable.

Read receipts are also unreliable. Technically, they rely on optional mechanisms such as Message Disposition Notifications (MDN) or Delivery Status Notifications (DSN). Whether a read receipt is sent depends entirely on the receiving client or the user. Many programs ignore such requests, ask for confirmation each time, or do not support the feature at all. A reliable, enforceable read receipt is therefore not possible in the open email ecosystem.

Other common topics include spam filtering, deliverability issues, or blocked senders. These are often related to global reputation mechanisms (e.g., IP and domain reputation, blacklists), content filters, or security policies on the recipient side—not a malfunction of the sending provider. Even correctly configured mail servers can be rejected if the receiving system is configured with strict policies.

  • LinkedIn icon
  • Mastodon icon
  • Bluesky icon
  • RSS icon

Heinlein Gruppe