惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Register - Security
The Register - Security
云风的 BLOG
云风的 BLOG
U
Unit 42
F
Fortinet All Blogs
The GitHub Blog
The GitHub Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
D
Docker
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
S
Secure Thoughts
Hacker News: Ask HN
Hacker News: Ask HN
Vercel News
Vercel News
S
Security @ Cisco Blogs
GbyAI
GbyAI
Stack Overflow Blog
Stack Overflow Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
I
Intezer
MongoDB | Blog
MongoDB | Blog
AI
AI
MyScale Blog
MyScale Blog
Engineering at Meta
Engineering at Meta
Y
Y Combinator Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Proofpoint News Feed
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
W
WeLiveSecurity
博客园 - 叶小钗
S
SegmentFault 最新的问题
N
News | PayPal Newsroom
WordPress大学
WordPress大学
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
D
DataBreaches.Net
小众软件
小众软件
Microsoft Azure Blog
Microsoft Azure Blog
Spread Privacy
Spread Privacy
H
Help Net Security
美团技术团队
博客园 - 司徒正美
T
Threat Research - Cisco Blogs
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
K
Kaspersky official blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
V
Vulnerabilities – Threatpost
TaoSecurity Blog
TaoSecurity Blog
N
Netflix TechBlog - Medium
L
Lohrmann on Cybersecurity
J
Java Code Geeks
量子位
Martin Fowler
Martin Fowler
博客园_首页

Buttondown's blog

Email could have been X.400 times better The physicists who convinced Fermilab to send Brazil's emails Better in-app previews Analytics 3.0 Subscriber ID variables Comments! Send latest premium action Automation filtering Free API subscribers Surveys in automations Reply to replies Labels for RSS feeds How Jeremy Singer-Vine curates curious datasets for readers 2023 (and what's next) Email vs web content Sort by engagement Better gift subscriptions How Andy Dehnart built a career reviewing television New email template Email-based automations Opt-in reply tracking Automatic alt text More social network integrations Sort by metadata Overlarge image warnings Automation tag actions Pause emails mid-flight Search tags and automations Gift via automations Subscriber-driving emails Programmatic webhooks Email page views Tag statistics Discord webhook formatting Automatic subscriber cleanup RSS subscriber count Weekly subscriber reports More list columns Customizable list views How Max Voltar turned a side gig into a trusted keyboard resource How Nick Disabato runs two newsletters from one design consultancy Made-for-you share images Automation improvements End-of-email surveys Filter by date Survey-triggered automations More automation functionality New webhooks How France Insider built a news service with paid subscribers Email as primary key How John Willshire unites two businesses in one newsletter Confirmation reminders Email churned subscribers Email-to-draft Subscriber metadata columns ChatGPT integration Faster web archives Referral program Better search results TikTok embeds Subscriber timeline Spotify embeds Improved RSS-to-email Subscribe page OG image New analytics page Google Tag Manager Even more subscriber types Integrating Duda with Buttondown Linktree integration guide Advanced and enterprise plans Framer integration guide API requests page Team collaboration In-email surveys Better CSS settings Better RSS automation fetching! Editor toolbar improvements Smart filters Faster emails page RSS automations Faster email analytics Zapier error codes Image accessibility checks Tags vs newsletters OG image picker Image editor improvements API bulk actions Improved OpenAPI spec Mastodon support Better subscriber filtering Better subscriber validation Hotkey support! Programmatic access to analytics Stronger bulk actions Faster archive page Custom canonical URLs Email slug and metadata Improved writing interface Generating a Typescript router in Django Filter emails by source
Email was into agents before they were cool
Ryan Farley · 2026-03-20 · via Buttondown's blog

Email is the dinosaur that keeps surviving asteroids. It weathered the transition from ARPANET, BITNET, and FidoNet over to the one and only Internet. It remained relevant as computers moved from universities to offices to homes, and from dial-up to broadband to cellular. When legacy software and protocols fell behind the move to smartphones, web-based apps, and social media, email plodded on, a resilient relic.

Forty-five years of consensus-driven iteration means that sending emails today bears little resemblance to how it worked at first. Messages have always had a To: field, filled with some variation of user@host above the email's content. But attachments, formatted text, message routing and forwarding, mailing lists, and even subject lines had to be proposed and debated over months and years. Now, when you send an email, the app you compose it in is several steps removed from your recipient's inbox.

The companies that send our emails, forcing AI into the mix, might look like another asteroid in the sky for our archaic addresses. Take a look at how sending and receiving works, though, with email agents scurrying behind the scenes for 20+ years now, and you’ll see that this too will miss our unassuming dinosaur.

Your email app is not the only email app

The client you use to write your emails is responsible for assembling all of the bits that make sure your recipients actually see your message. It adds headers like From:, To:, and Message-ID, all of which have been in use since 1977. Your email app also encodes attachments, formatted text, and non-English characters into 7-bit ASCII, an upgrade that dates back to 1992. When all is said and done, what leaves your inbox is plain text, ferried along by an email-specific language that every email program shares.

If you have a Gmail address, for example, your emails will travel from your on-device outbox to one of Google's mail servers. Your phone or laptop will initiate that connection using the Simple Mail Transfer Protocol, a standard that hails from the year of our Lord 1982. Back then, email servers relied on the HELO command, while today most have upgraded to EHLO, an "extended hello" documented in the 1993 revision of SMTP as:

Client: EHLO ymir.claremont.edu  
Server: 250-dbc.mtview.ca.us says hello  
Client: [the usual HELO chit-chat]

The client and server tell each other which authentication methods they support and agree to use the best one that both share. And from there on out, it's difficult to pin down precisely what happens to your email. When two distinct and unrelated mail servers talk to each other, they have to stick with SMTP conventions to understand each other. But there are a ton of checkpoints and deliverability decisions that happen outside of server-to-server interactions. Gmail's servers may perform tests and checks on your email that are different from the ones Outlook conducts before sending your message.

Those that work in email had to come up with a shared vocabulary for these internal and proprietary programs, all handling the same generalized email tasks in slightly different ways. They decided to call them agents.

Agents all the way down

Much like today’s AI agents, the authors of SMTP's 2001 revision complained that "these terms are used with at least the appearance of great precision in other environments, the implied boundaries between [agents] often do not accurately match common, and conforming, practices with Internet mail." And so, depending on who you ask, the first of these agents may or may not be called a Message Submission Agent.

Whether it's Gmail's version of an MSA or AOL's, the MSA's job is to make sure your email has all the required headers, your From: address matches the account credentials your inbox provider has in its database, and there's no obviously bad-faith content in the message. There's no point in placing an email in the sending queue if it can be rejected with a quick glance.

If everything looks on the up and up, the Message Submission Agent hands your email over to a Message Transfer Agent. SMTP doesn't care what you call it as long as there's a timestamped Received header tacked on before the transfer itself is initiated. In fact, Gmail even adds a Received breadcrumb when two Gmail users email each other, despite the fact that the message never leaves Google's infrastructure.

When a transfer agent does need to figure out where your email goes next, it looks for something called an MX record. You can see what one looks like, including the IP addresses the record resolves to, with a site like mxtoolbox.com. Next, MTAs will add a DKIM-Signature header as a way to verify that the message hasn't been altered since it left the sending domain, and off it goes.

Sometimes, there are intermediary transfer agents. Buttondown, for instance, lets you draft an email in your own client and send it to a relay address that converts your message into a beautified newsletter before sending it to your list. That entails:

  1. Your inbox provider's MTA adding Received and DKIM-Signature headers before looking up and sending to Buttondown’s IP address;
  2. Buttondown's MTA adding its own Received and DKIM-Signature headers, looking up each of your subscribers' mail servers, and sending to each of them;
  3. MTAs from each of your subscribers' inbox providers adding yet another Received header, this time without adding DKIM because the email is almost (but not quite!) ready for the recipient's inbox.

Somewhere amidst the litany of SMTP updates, those working on the protocol realized that an email client could assemble an email that checks all of the required boxes, the associated domain and its mail server could add a DKIM signature promising everything looks good, and the message could still be entirely untrustworthy. And so a slew of anti-spam measures were added to the mix.

Unsolicited and unwanted email

When transfer agents receive emails from third-party domains, they almost always check them against public blocklists, rejecting anything that's been flagged by groups like Spamhaus. Then, MTAs look at the sending domain's SPF and DMARC records, both of which broke the mold by originating outside of the typical RFC process. The Sender Policy Framework idea first popped up in a Usenet conversation in 2000 and Domain-based Message Authentication, Reporting and Conformance, as the name suggests, was published in 2012 by a handful of enterprise senders.

DKIM, SPF, and DMARC still aren't enough, though! MTAs pass email content through a spam filter, check it for malware, and look for untrustworthy URLs before…drumroll…rejecting it. This "graylisting" is the frequent practice of temporarily blocking an email simply because legitimate MTAs always try again while spam MTAs typically give up after one try.

At this stage, many inbox providers have their MTAs hand off approved emails to a Message Delivery Agent for the last digital mile. MDAs put the journey-weary message in the recipient's cloud-based inbox, where it can be downloaded to their device from their email client of choice.

The user opens their email client—or, as I neglected to mention, what SMTP documentation sometimes calls the Message User Agent (that’s four agents, for anyone who’s counting)—and checks with their inbox provider's mail server for any new mail.

The email client downloads messages using either POP3, IMAP, or the nascent JMAP. Plain text is converted back into HTML (including tracking pixels) and attachments before everything is passed through the on-device spam filter (that's three spam checks since the email hit the first server, for anyone who’s counting). Finally, the email can rest its weary headers, its journey complete. Unless the recipient forwards it, which is anything but straightforward.

Lots of agents and zero AI

This account of every email’s journey isn’t even the whole story. It’s an oversimplified and dumbed down version of what happens several hundred billion times per day. And it works just fine without large language models and machine learning bots. Even better, email will be fine if inbox providers try to force AI agents that delete messages without permission. Because despite all of the mail servers and message agents, email is really just a shared language. Don’t like the dialect your inbox provider has adopted? There are countless other options.

Spinning up your own email server is unrealistic even for those with technical backgrounds—the gatekeepers effectively unavoidable. But at least you get to choose who handles your email. You get to send newsletters from your own domain, building a deliverability reputation all your own. And when you want to move to another platform, no one can stop you.