Email appears almost instant — you click Send and seconds later a message arrives on the other side of the world. Behind that simplicity lies a chain of protocols, servers, and file transfers working together. At KS3, understanding how email works builds a foundation for networking, protocols, and cyber security topics in your exam.
What is email and how is it different from instant messaging?
Email (electronic mail) is an asynchronous digital messaging system. Unlike instant messaging, where both parties are expected to be online at the same time, email is designed so that the sender's message is stored on a server until the recipient is ready to retrieve it — much like leaving a letter in a physical postbox rather than shouting across a room.
Each email address has two parts separated by @:
- The local part identifies the user's mailbox (e.g.
alice) - The domain identifies the mail server (e.g.
gmail.com)
So alice@gmail.com means "the mailbox called alice on the mail servers at gmail.com".
What are the email protocols: SMTP, POP3, and IMAP?
A protocol is a set of agreed rules for how data is formatted and transmitted. Email uses three main protocols:
| Protocol | Full name | Direction | Purpose |
|---|---|---|---|
| SMTP | Simple Mail Transfer Protocol | Outgoing | Sends email from client to server and between servers |
| POP3 | Post Office Protocol v3 | Incoming | Downloads email from server to device; usually deletes server copy |
| IMAP | Internet Message Access Protocol | Incoming | Syncs email between server and device; keeps server copy |
SMTP handles sending. When you press Send, your email client (e.g. Outlook, Gmail) uses SMTP to push the message to your outgoing mail server.
POP3 was the original retrieval protocol. It downloads messages to your device and (in default settings) deletes them from the server. This means you can only read them on the device you downloaded them to — awkward if you use multiple devices.
IMAP is the modern standard. It keeps messages on the server and synchronises them across all your devices. Reading an email on your phone marks it as read on your laptop too. This is why most webmail services (Gmail, Outlook.com) use IMAP.
What is the step-by-step journey of an email?
Here is what happens between Alice pressing Send and Bob seeing the message arrive:
- Alice composes a message in her email client (e.g. Gmail) addressed to
bob@school.ac.uk. - Alice presses Send. Her client uses SMTP to connect to her outgoing mail server (e.g.
smtp.gmail.com) on port 587. - Alice's mail server looks up the MX (mail exchange) record for
school.ac.ukin the DNS — this tells it the address of Bob's mail server. - Alice's server uses SMTP to deliver the message directly to Bob's incoming mail server (
mail.school.ac.uk). - Bob's mail server stores the message in Bob's mailbox (a directory on its storage).
- Bob opens his email client. It uses IMAP (or POP3) to connect to
mail.school.ac.ukand retrieves the message. - Bob reads the email.
The entire process — steps 2 through 6 — typically takes between one second and a few minutes, depending on server load and network conditions.
How is email secured?
Plain email transmitted via standard SMTP is not encrypted by default — any device along the route could theoretically read the contents. Modern email systems add several security layers:
TLS (Transport Layer Security) encrypts the connection between mail servers, so the message cannot be read in transit. Most major providers enforce TLS by default.
Spam filters analyse incoming messages for suspicious patterns: known malicious domains, unusual header fields, and high rates of identical messages. Spam email (unsolicited bulk messages) represents approximately half of all global email traffic.
Phishing detection looks for emails pretending to be from trusted organisations (banks, HMRC, schools) designed to trick recipients into revealing passwords or clicking malicious links. At KS3, recognising phishing attempts — checking the actual sender address, hovering over links before clicking, being suspicious of urgent demands — is an important cyber security skill.
DKIM and SPF are technical standards that allow receiving servers to verify that an email genuinely came from the domain it claims to be from, reducing impersonation.
How does email connect to the wider computing curriculum?
Email provides a concrete, familiar context for several abstract KS3 topics:
- Networking protocols — SMTP, POP3, and IMAP are all layer-7 protocols in the TCP/IP model.
- Client-server model — your email client is the client; the mail server stores and routes messages.
- DNS — email routing relies on DNS to look up MX records.
- Cyber security — phishing, spam, and encryption all arise naturally from studying email.
- Data representation — attachments are encoded (using Base64) to transmit binary files as text across a text-based protocol.
The DfE programme of study asks students to understand how networks are used and how online services can be kept safe (gov.uk/government/publications/national-curriculum-in-england-computing-programmes-of-study). Email is one of the richest real-world examples for all of these strands simultaneously.
Frequently asked questions
What is SMTP and what is it used for?
SMTP stands for Simple Mail Transfer Protocol. It is the protocol used to send email from your mail client to your outgoing mail server, and then between mail servers until the message reaches its destination. SMTP operates over TCP on port 25 (server-to-server) or port 587 (client-to-server submission with authentication). It only handles outgoing mail; incoming mail retrieval requires POP3 or IMAP.
What is the difference between POP3 and IMAP?
POP3 (Post Office Protocol version 3) downloads messages from the server to your device and typically deletes the server copy. This is simple but means messages are only accessible on the device that downloaded them. IMAP (Internet Message Access Protocol) keeps messages on the server and synchronises their state — read, unread, deleted, moved — across all your devices. IMAP is now the standard for webmail and any user who accesses email from more than one device.
Why does email sometimes end up in a spam folder?
Spam filters examine the content, headers, and origin of incoming messages. They flag messages that match patterns associated with unsolicited bulk email: unusual sending IP addresses, misleading subject lines, domains with no established reputation, or content containing suspicious links. False positives — legitimate mail flagged as spam — happen occasionally. Checking your spam folder and marking false positives as "not spam" trains the filter to improve.
How can you spot a phishing email?
Key warning signs include: the sender's actual email address does not match the organisation it claims to be from (e.g. noreply@hmrc-tax-refund.xyz rather than noreply@hmrc.gov.uk); urgent language pressuring you to act immediately; requests for passwords, payment details, or personal information; links whose URLs (revealed by hovering, not clicking) go to suspicious domains; and attachments you were not expecting. When in doubt, contact the supposed sender through an official channel — not by replying to the suspicious message.
For Socratic computing tutoring at KS3 and GCSE — see aitutors.me.