So we know how a message is moved around between computers, to get from one computer system to another. But how does bob get his message to fairynet to start with?

As well as having an MTA that sends messages on to other computers, and gets messages from other computers if fairynet accepts emails, fairynet will have whats called a Mail Submission Agent (MSA) that is very similar to an MTA, except it allows users to authenticate.

The MSA accepts connections from Mail User Agents (MUAs) in use by users. These could be software like Microsoft Outlook, running on the users computer at home, or they could be programs running on a webserver for a webmail service like Google’s Gmail.

The MSA and MUA talk a version of SMTP that includes sending a user identifier such as a username, and a shared secret such as a password. This makes the conversation more sensitive.

To protect this conversation the MSA could either listen on an encrypted channel, so the SMTP conversation is encrypted before it starts, or it could allow encryption to be started after the connection is established using a command called “STARTTLS”. This command is part of the SMTP specification, and as the MSA and MTA provide very similar functions they are often the same program, if “STARTTLS” is available and understood by the MTA it can be used to protect the message over the network, but each MTA that handles the message will see the message without the protection of encryption.