I have done quite some Googling, but couldn't find answers to my specific questions.
I understand the syntax of mail() and the step to edit php.ini files. But why would the SMTP server accept connection request when I don't provide authentication information?
For example, if I want to send email through my gmail account, I would have to log in using my email address and password. But it appears that using PHP mail() enables me to completely bypass this step.
How does the mail() function work behind the scene?
As per the manual on PHP's mail() function and related RFC's
and listed under:
"Note: The following RFCs may be useful: » RFC 1896, » RFC 2045, » RFC 2046, » RFC 2047, » RFC 2048, » RFC 2049, and » RFC 2822."
From RFC 2049 http://www.faqs.org/rfcs/rfc2049.html
[RFC-1421]
Linn, J., "Privacy Enhancement for Internet Electronic
Mail: Part I -- Message Encryption and Authentication
Procedures", RFC 1421, IAB IRTF PSRG, IETF PEM WG,
February 1993.
http://www.faqs.org/rfcs/rfc1421.html
Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures
1. This RFC's measures are restricted to implementation at
endpoints and are amenable to integration with existing
Internet mail protocols at the user agent (UA) level or
above, rather than necessitating modifications to existing
mail protocols or integration into the message transport
system (e.g., SMTP servers).
2. The set of supported measures enhances rather than restricts
user capabilities. Trusted implementations, incorporating
integrity features protecting software from subversion by
local users, cannot be assumed in general. No mechanisms
are assumed to prevent users from sending, at their
discretion, messages to which no PEM processing has been
applied. In the absence of such features, it appears more
feasible to provide facilities which enhance user services
(e.g., by protecting and authenticating inter-user traffic)
than to enforce restrictions (e.g., inter-user access
control) on user actions.
3. The set of supported measures focuses on a set of functional
capabilities selected to provide significant and tangible
benefits to a broad user community. By concentrating on the
most critical set of services, we aim to maximize the added
privacy value that can be provided with a modest level of
implementation effort.