Still confused with SMTP ports? Read this
Have you ever been in a situation where you had to enter an email service’s Simple Mail Transfer Protocol (SMTP) port number? What number did you specify? 25? 587? 465? All three TCP port numbers are associated with SMTP. SMTP differs from other network protocols in a way that it’s associated with multiple port numbers. Most network protocols are only associated with one. For example, FTP = 21, SFTP = 22, HTTP = 80 and so on.
In this blog post, we’ll examine the four most common SMTP ports — 25, 587, 465 and 2525 — and discuss when each port number should come into play. If you'd like to see real-time automation using these ports, book a no-obligation demo with a product expert.
Why it’s important to choose the right SMTP port
Choosing the right SMTP port is crucial for effective email communication. For instance, when you configure email clients like Microsoft Outlook or Apple Mail to use Gmail SMTP servers, you need to enter the right port number. Otherwise, your emails won’t send. Similarly, if you use an SMTP port number associated with email submissions in a setting that’s meant for server-to-server message relay purposes, you could encounter email delivery issues as well.
Moreover, the standard SMTP ports mentioned earlier are designed for specific types of email transmission and security protocols. For instance, email transmissions carried out over port 25 are generally unencrypted, whereas email messages sent through ports 587 and 465 can be encrypted. As such, you need to be aware of the security implications when sending sensitive information over unencrypted ports.
SMTP port 25
SMTP port 25 is the oldest SMTP port in existence. It’s included in RFC 821, the very first specification of SMTP, published in 1982. Despite being over four decades old, port 25 is still widely used. Organizations that still employ port 25 use it mainly for SMTP relay purposes.
Mail server admins use this port to relay messages from one mail server to another. To be more specific, server admins use port 25 when they need to relay messages from one Mail Transfer Agent (MTA) to another or from a Mail Submission Agent (MSA) to an MTA. MTAs and MSAs are essential mail server components.
Port 25 SMTP connections are normally unencrypted. Not only that, port 25 itself is often exploited by scammers and other cybercriminals that spread spam emails and malware. For this reason, many Internet Service Providers (ISPs) and cloud hosting providers block this port. These restrictions can adversely impact the deliverability of your emails.
SMTP port 587
While port 25 is used for email server to email server transmissions, port 587 is the default SMTP port for message submissions. That is, submissions from an email client to an email server. Hence, port 587 is also known as the SMTP submission port. This is clearly stated in RFC 6409, which says, "Port 587 is reserved for email message submission..."
Port 587 is a secure SMTP port. For instance, before an SMTP service that uses port 587 allows an email client to start sending it email messages, the service requires the client to authenticate with it first. Authentication ensures that only legitimate users are able to logon and use the service.
In addition to its authentication feature, port 587 also supports Transport Layer Security (TLS), which provides data-in-transit encryption. TLS is the same cryptographic protocol used by Hypertext Transfer Protocol Secure (HTTPS), the protocol used by secure websites. TLS succeeds the still-popular but now obsolete Secure Sockets Layer (SSL).
This means when a mail client connects to an SMTP server via port 587, it has the option to encrypt the connection. It can do so by issuing the STARTTLS command. Once the mail client and server have established a TLS connection, all messages sent through that connection will be encrypted.
SMTP port 465
Port 587 isn’t the only SMTP port that offers data-in-transit encryption. Port 465 offers that capability as well. However, unlike a port 587 SMTP connection, in which a client can upgrade from a plaintext (a.k.a. cleartext) SMTP connection to a TLS-encrypted connection by issuing the STARTTLS command, a port 465 SMTP connection applies TLS encryption automatically.
This alternate SMTP email encryption mechanism, wherein a TLS connection is established right from the start, is known as Implicit TLS. The use of Implicit TLS for email submission and access is defined in RFC 8314 and applies not only to SMTP, but also to Post Office Protocol v3 (POP3) and Internet Message Access Protocol (IMAP). SMTP, IMAP and POP3 are all TCP protocols for email.
Port 465’s ascension to internet standards status was a bit of a bumpy ride. Port 465 was first registered with the Internet Assigned Numbers Authority (IANA) in 1997 as SMTPS. However, because the Internet Engineering Task Force (IETF) standardized port 587/STARTTLS as the encryption protocol for SMTP submission, port 465 and SMTPS were both removed from the IANA registry. Alas, many organizations had already gotten used to port 465 as their SMTP encryption method of choice. This led to the creation of RFC 8314, which we already mentioned earlier.
Today, some organizations use 587 for SMTP relay, while others use 465.
SMTP port 2525
We already know that some ISPs block port 25. To circumvent that restriction, some email service providers offer 2525 as an alternative port. Port 2525 isn’t a standard SMTP port. It’s not recognized by either the IETF or IANA. However, it serves as a workaround in case port 25 is blocked. And because port 2525 also supports TLS, some organizations use it as an alternative to ports 587 and 465 as well.
Automating data exchanges with SMTP, POP3 and IMAP services
Should you wish to automate data exchanges with SMTP, POP3 and IMAP services from a single solution, check out JSCAPE MFT by Redwood. JSCAPE MFT is an all-in-one managed file transfer solution that enables you to automate data exchanges with a wide range of file transfer, messaging and storage services, including FTP, SFTP, AS2, Amazon S3, Google Cloud and many others — all from a single pane of glass. Curious to see how that works?
Are you a developer?
If you are and you use Java, Secure iNet Factory includes some easy-to-use Java-based components for developing applications that support SMTP, IMAP, POP3, and several other networking protocols. Download it now.
Download Secure iNet Factory.For those who use .NET, there's Email Factory for .NET as well.
Download Email Factory for. NET.