[1] SMTP as specified by Jon Postel in the 1970s did not provide for using passwords for sending email messages; each server was by design an open mail relay.
The MSA is responsible for ensuring that the message envelope contains good addresses, and may enforce local policies for the From header field.
Return-Path) used for SPF and the From address agree with the authenticated user-id is particularly important for domains that sign messages using DKIM.
RFC 4954 provides the following example ("C:" and "S:" are not part of the protocol, they indicate lines sent by the client and server, respectively): SMTP AUTH can be used also on port 25.
However, the historical trait that SMTP is not authenticated by default results in a different behavior with regard to access protocols, in some cases; for example, when using AUTH EXTERNAL after STARTTLS.
The capitalized text after the AUTH command is a list of the types of authorization that the SMTP server will accept.