SOURCE AUTHENTICATION
In Email Servers

During MTA processing, an MTA server will analyze incoming mail from the Inbound SMTP server for source addresses and destination addresses in order to determine whether mail should be delivered to a local mailbox or if it needs to be forwarded through the outbound SMTP server. It is here that source authentication first takes over. The following steps are, in general, what happens:

1. Should a source email address be unknown to the MTA server as an address that has not been authenticated, the MTA will hold any further processing of that message.

2. The MTA sends to the Outbound SMTP server the data necessary to generate an outbound email message to the original sender (source address) of the email.

3. The MTA will then store the original message and may discontinue processing of that message. It may also process the message for additional recipients that may not be running source authentication.

4. The Outbound SMTP server is told by the MTA that this message is unique in that if message delivery fails, then the Outbound SMTP is not supposed to deliver a bounce. Instead, it should inform the MTA to delete the original message during the next maintenance run. This step of bypassing the normal bounce mechanism saves processing time for the MTA and clears out user's quarantines of unnecessary mail.

   Some systems may decide not to delete the original message and still function properly. It is an important step to at least not deliver a bounce to the MTA to reduce overhead and prevent unnecessary bounces from making their way to the user's inbox.

5. Should a sender be legitimate, they will reply to the authorization request. The Inbound SMTP server functions as normal, accepting the auth-reply and delivering it to the MTA. The MTA will recognize the source address as being on a list of authorization requests sent out to be processed. The MTA will then find the original message and deliver it accordingly and update the whitelist of authorized senders.