The Sender SMTP Servers has the role to accept the new AuthKey, record it and then attach it to the header of the outgoing messages. In large SMTP installations, the SMTP and the MX Server are decoupled (separate) servers. The identification of the message with the new Key is done on the MX Server and it should be recorded for the SMTP Server to be used.

The Sender SMTP Server checks for X-New-Auth-Key: in the header of the incoming messages. It records the AuthKey along with the email address that is in the "To:" field in the header. In Phase I, the message can be dropped since there are no Mail Clients that are capable of recording and sending AuthKeys. In Phase II, the message could be delivered to the Mail Client for processing.

In the case where different providers manage the Authentication Server and the SMTP Servers, the SMTP Server needs to verify that the sender of the new Key is the domain's Authentication Server. The information can be found by querying the DNS Servers.

When a new message is sent from the email address, the AuthKey is attached to the message header if there is no AuthKey in the header already that was added by the Mail Client (in Phase II).

The SMTP Server puts the following header information:

X-Auth-Key: string-of-authentication-key
X-Auth-Agent: SMTP – postfix 2.1

The Mail Client puts the following header information:

X-Auth-Key: string-of-authentication-key X-Auth-Agent: Client — Mozilla Thunderbird 1.0

When mail is automatically forwarded to another recipient, the forwarding SMTP Server should not attach the AuthKey even if there is no AuthKey attached to the header. Furthermore, the final Recipient SMTP Server should handle the AuthKey Verification.