Email “FROM” MIME Header Field vs “MAIL FROM” Command in SMTP Session

In the SMTP (Simple Mail Transfer Protocol) protocol, the “FROM” header field and the “MAIL FROM” command in the SMTP session serve different purposes and play distinct roles in the process of sending an email message:

FROM Header Field:

The “FROM” header field is part of the email message itself and is used to indicate the sender of the email. It is a standard email header that is included in the email message’s content. The “FROM” header specifies the email address of the person or entity who is sending the email. This email address is typically displayed to the recipient in their email client, allowing them to see who the sender is. For example:


The “FROM” header field is mainly used for display purposes and provides information to the recipient about the sender’s identity. However, it is essential to note that the “FROM” header can be easily forged or manipulated by malicious actors, so it is not a reliable indicator of the actual sender of the email.

MAIL FROM Command in SMTP Session:

The “MAIL FROM” command is part of the SMTP communication process between email servers. It is used to initiate the email transmission and is the first step in the SMTP session when sending an email. The “MAIL FROM” command specifies the actual sender’s email address, which is different from the “FROM” header in the email message. For example:


The “MAIL FROM” command helps the recipient’s email server identify the origin of the email and plays a crucial role in email authentication and spam prevention. It establishes a connection between the sending mail server and the recipient’s mail server and provides a mechanism to verify that the email is coming from a legitimate source.

When the recipient’s email server receives an email, it checks the “MAIL FROM” command to verify that the sender is authorized to send emails from the claimed email address. This process is part of various email authentication techniques, such as SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance), which help prevent email spoofing and phishing attempts.

Tags :