We send emails every single day.
A quick message to a friend.
An internship application.
A password reset request.
A late-night “Please find attached” email.
And honestly, for most of us, sending an email feels incredibly simple:
- Open Gmail
- Write the message
- Add the recipient
- Click Send
Done.
But have you ever stopped and wondered:
“What actually happens after I click that Send button?”
How does your email travel across the world in just a few seconds?
How does Gmail know you’re the real sender?
How does Yahoo trust that the email genuinely came from Gmail and not from a hacker pretending to be you?
Behind that tiny Send button is an entire backend ecosystem quietly working in milliseconds.
And trust me — it’s way more interesting than it looks.
Let’s Take a Real Example
Suppose I send an email from:
diksha@gmail.com
to:
tom@yahoo.com
From my perspective, I just typed a message and clicked Send.
But in reality, multiple systems, protocols, security checks, DNS servers, and mail servers immediately start working behind the scenes.
Let’s break down the complete journey of that email.
Step 1 — Gmail First Verifies Me
Before Gmail even sends my email, Google already knows who I am because I logged into my Gmail account earlier.
When I signed in, Google verified:
- my username and password
- session tokens
- authentication status
So when I hit Send, Gmail already knows:
Yes, this is actually Diksha.
This is important because otherwise anyone could pretend to be me and send emails from my address.
Step 2 — Gmail’s SMTP Server Takes Over
The moment I press Send, Gmail hands my email to its SMTP server:
smtp.gmail.com
SMTP stands for:
Simple Mail Transfer Protocol
Think of SMTP as the internet’s digital post office.
Its job is to:
- send emails
- route emails
- relay emails between mail servers
At this point, Gmail starts preparing my email for delivery.
Step 3 — Hidden Email Headers Are Added
Now Gmail secretly adds metadata to the email.
Things like:
- sender address
- receiver address
- timestamps
- routing information
- message identifiers
For example:
From: diksha@gmail.com
To: tom@yahoo.com
These headers help email servers understand:
- where the email came from
- where it should go
- how it should be processed
Step 4 — Gmail Digitally Signs the Email
Now comes one of the coolest parts.
Gmail adds something called a:
DKIM Signature
This is basically a digital signature added using cryptography.
Imagine Google placing an official tamper-proof stamp on the email saying:
“Yes, this email genuinely came from us.”
This signature helps prove:
- the email is authentic
- the message wasn’t modified during transit
If even one word changes while traveling across the internet, the signature breaks.
Step 5 — Gmail Needs to Find Yahoo’s Mail Server
Now Gmail asks:
“Where should I deliver this email?”
It looks at the recipient address:
tom@yahoo.com
and extracts:
yahoo.com
But computers don’t understand names like humans do.
They need server information.
So Gmail performs a DNS lookup.
Step 6 — DNS and MX Records Come Into Play
DNS is basically the internet’s phonebook.
Gmail asks DNS:
“Which mail server handles emails for yahoo.com?”
DNS checks something called an:
MX Record
and replies with Yahoo’s mail server details.
Something like:
yahoo.com MX 10 mta5.am0.yahoodns.net
Meaning:
“Send Yahoo emails here.”
Now Gmail knows exactly where to deliver the email.
Step 7 — The Email Travels Across the Internet
Now the actual journey begins.
The email:
- gets broken into packets
- travels through routers
- crosses ISPs and networks
- moves across multiple systems
all within seconds.
Eventually, it reaches Yahoo’s mail server.
But here’s the important part:
Yahoo does NOT blindly trust the email.
And this is where cybersecurity becomes extremely important.
Step 8 — Yahoo Starts Verifying the Email
Yahoo now asks:
“Did this email really come from Gmail?”
Because attackers constantly try to:
- spoof emails
- send phishing emails
- impersonate trusted domains
So Yahoo performs multiple security checks.
SPF Verification
First, Yahoo checks something called:
SPF
SPF stands for:
Sender Policy Framework
This tells Yahoo:
“Which servers are allowed to send emails for gmail.com?”
Yahoo checks Gmail’s DNS SPF record.
If the sending server is officially authorized:
- SPF PASS
Otherwise:
- SPF FAIL
This helps prevent fake mail servers from impersonating Gmail.
DKIM Verification
Next, Yahoo verifies the DKIM signature added earlier.
It:
- retrieves Gmail’s public key from DNS
- validates the signature
- checks whether the email was modified
If valid:
- DKIM PASS
If tampered:
- DKIM FAIL
This ensures email integrity.
DMARC — The Final Decision Maker
Now Yahoo checks:
DMARC
DMARC basically tells receiving servers:
“What should you do if SPF or DKIM fails?”
The policy may say:
- allow
- quarantine
- reject
For example:
v=DMARC1; p=reject
means:
Reject unauthenticated emails.
An example of sample promotional mail:
This is one of the biggest protections against phishing and spoofing today.
Step 9 — Spam and Malware Detection
Even if authentication passes, Yahoo still scans the email for:
- suspicious links
- malware attachments
- phishing keywords
- sender reputation
- blacklists
- spam behavior
Modern email systems even use:
- AI-based spam filtering
- behavioral analysis
- threat intelligence
to detect malicious emails.
Step 10 — Inbox, Spam, or Rejection
Finally, Yahoo decides:
| Result | Action |
|---|---|
| Trusted | Inbox |
| Suspicious | Spam |
| Dangerous | Rejected |
Only after passing all these checks does the email finally appear inside Tom’s inbox.
But Wait… How Does Tom Read the Email?
Now Tom opens Yahoo Mail.
At this stage:
- IMAP or
- POP3
comes into the picture.
IMAP vs POP3
IMAP
IMAP keeps emails synced across devices.
So if Tom reads the email on:
- laptop
- phone
- tablet
everything stays synchronized.
POP3
POP3 downloads emails locally to one device.
Older systems used this more often.
Today, IMAP is much more common.
The Most Interesting Part?
All of this happens in just a few seconds.
What feels like a simple “Send” button is actually:
- cryptography
- DNS infrastructure
- server-to-server communication
- authentication
- threat detection
- internet routing
- mailbox synchronization
working together silently in the background.
And honestly, once you understand how email works, you’ll never look at your inbox the same way again.
Top comments (0)