Demystifying SMTP ports: When to use port 25, 587, 465 or 2525

Learn the differences between ports 25, 587, 465, and 2525, their security implications, and when to use each for reliable email delivery.
  1. Blog

When you’re tasked with configuring Simple Mail Transfer Protocol (SMTP) settings to connect to an email server, you need to get two main values right. Otherwise, your email delivery processes will fail. These values are the endpoint’s domain name or IP address and its port number. Getting the correct domain name or IP address is usually straightforward. The SMTP port number? Not always.

Unlike most other network protocols, SMTP uses different ports depending on the email transmission use case. The most common SMTP ports are 25, 587, 465 and 2525. We’ll cover how each of these ports is typically used. In the meantime, let’s discuss some of the scenarios where you’ll need to enter SMTP port numbers.

Top scenarios that require SMTP port numbers

  1. Configuring an email client for outgoing email: When setting up an email client like Microsoft Outlook, Apple Mail or a mobile email app, you must enter the SMTP server’s address and the corresponding port number. This could be your own SMTP server or a third-party SMTP service, such as Gmail.
  2. Setting up a website’s contact form: Certain plugins or modules for Content Management Systems (CMSes) like WordPress allow you to add contact forms. You sometimes need to set up SMTP settings for those forms so inquiries can be sent to an administrator’s email.
  3. Configuring automation software: Some automation solutions allow you to specify SMTP settings so that admins and users can receive relevant notifications related to important events. For example, you might want to:

  4. Setting up an SMTP relay server: Businesses and organizations that operate their own mail servers or need a dedicated relay server for sending bulk or transactional emails often configure SMTP settings to relay messages.

All these examples were carried out using JSCAPE MFT Server by Redwood, a solution that allows you to automate file transfer workflows. If you want to know how it can streamline your business processes, you may schedule a quick demo now.

SMTP port 25

SMTP port 25 is the oldest SMTP port in existence. It’s the only port number mentioned in RFC 821, the very first specification of SMTP, published in 1982. Despite being over four decades old, you can still see port 25 in many email communication setups. Organizations use it mainly for SMTP relay purposes— that is, when a mail server needs to relay messages to another mail server, it connects to port 25 on that second server.

SMTP port 25

Technically speaking, you normally use port 25 when you want to relay messages from one Mail Transfer Agent (MTA) to another or from a Mail Submission Agent (MSA) to an MTA. MTAs and MSAs are email communication endpoints. An MTA relays and routes emails between mail servers, whereas an MSA accepts email from clients and then submits it to an MTA for delivery.

Port 25 SMTP connections are typically unencrypted. Moreover, by default, port 25 doesn’t require connecting parties to authenticate. This leads to a vulnerable SMTP service configuration known as an open relay, which allows any application to send email to that service without restrictions. A mail server intentionally or accidentally configured as an open relay will forward emails from any sender to any recipient, regardless of where those emails originated.

Due to these security deficiencies, port 25 is often exploited by spammers, scammers and other cybercriminals who use it distribute spam emails, phishing emails and malware. To mitigate this risk, many Internet Service Providers (ISPs) and cloud hosting providers often block port 25. Unfortunately, these countermeasures can sometimes negatively impact email deliverability.

Since it’s the port SMTP users often use for relay, port 25 may not be going away soon. You just have to make sure it’s secure. To protect port 25 from abuse, you can:

  • Require authentication through a third-party solution
  • Disable open relay or restrict relay permissions to only trusted IP addresses or authenticated users
  • Use IP access control lists to restrict access to port 25, allowing only specific IP addresses or ranges to connect to it

SMTP port 587

While port 25 is used for relaying email messages from server to server, port 587 is the default SMTP port for message submissions. When a mail client submits messages to your email server, that client typically connects via port 587. The role of port 587 is clearly stipulated in RFC 6409, which says, "Port 587 is reserved for email message submission..." No wonder port 587 is also known as the SMTP submission port.

SMTP port 587

Unlike port 25, port 587 is considered secure. Before an SMTP service listening on port 587 allows an email client to start sending it email messages, the service requires the client to authenticate with it first. Authentication ensures that only legitimate email users and applications are able to log on and use the service.

In addition to its built-in authentication feature, port 587 also supports TLS or Transport Layer Security, which provides data-in-transit encryption. TLS encryption prevents attackers from eavesdropping on an SMTP connection. TLS is the same cryptographic protocol used by Hypertext Transfer Protocol Secure (HTTPS), the protocol used by secure websites. TLS succeeds the now obsolete Secure Sockets Layer (SSL).

TLS isn’t activated right from the start. Rather, when a mail client connects to your SMTP server via port 587, it’s given the option to encrypt the connection. It can take advantage of encryption by issuing the STARTTLS command. Once the mail client and server have established a TLS connection, only then will all messages sent through that connection be encrypted.

Because it’s recognized as a secure SMTP port, port 587 is widely accepted by ISPs, cloud providers and email providers. Emails you send through port 587 are less likely to be flagged as spam and are likewise less likely to encounter deliverability issues.

SMTP port 465

587 isn’t the only SMTP port known for its security properties. Port 465 is also recognized by some organizations as a secure SMTP port. However, unlike a port 587 SMTP connection, where a client must issue the STARTTLS command to upgrade from a plaintext (a.k.a. cleartext) SMTP connection to a TLS-encrypted connection, a port 465 SMTP connection applies TLS encryption automatically.

This alternate SMTP email encryption mechanism, wherein a TLS connection is established right from the start, is known as Implicit TLS. The use of Implicit TLS for email submission and access is defined in RFC 8314 and applies not only to SMTP, but also to Post Office Protocol v3 (POP3 ) and Internet Message Access Protocol (IMAP). SMTP, IMAP and POP3 are all Transmission Control Protocol (TCP) protocols for email.

Port 465’s journey to internet standards status was not without hitches. Port 465 was first registered with the Internet Assigned Numbers Authority (IANA) in 1997 as SMTPS. SMTPS meant SMTP over SSL, since SSL was the standard cryptographic protocol for data-in-transit encryption at that time. However, because the Internet Engineering Task Force (IETF) standardized port 587/STARTTLS as the encryption protocol for SMTP submission, port 465 and SMTPS were both removed from the IANA registry.

Nevertheless, many organizations had already gotten used to port 465 as their secure email port of choice. This led to the creation of RFC 8314, which we already mentioned earlier. So, while most organizations use 587 for SMTP email submission, some continue to use 465.

SMTP port 2525

To circumvent ISP restrictions that block port 25, some email service providers (ESPs) offer 2525 as an alternative port. Port 2525 is not recognized by either the IETF or IANA as a standard SMTP port. However, many ESPs do use it as a workaround when port 25 is blocked. It helps that port 2525 also supports TLS encryption, allowing users to transmit messages securely.

What ports do POP3 and IMAP use?

SMTP isn’t the only protocol used in email-related applications. Depending on your situation, you may also have to deal with POP3 and/or IMAP. Thus, you may also need to be familiar with the functions of those protocols and the port numbers they’re associated with.

We already discussed POP3 and IMAP, and even compared them SMTP, in the article “SMTP vs. IMAP vs. POP3: Knowing the difference”, so let me just share with you a table featuring their port numbers. Both protocols use different port numbers for unencrypted and encrypted (SSL/TLS) connections.

Protocol Port number for unencrypted connections Port number for encrypted connections
POP3 110 995
IMAP 143 193

Picking the right SMTP port: A cheat sheet

Before you leave, here’s a cheat sheet you can use whenever you’re tasked to configure SMTP settings. I hope it helps.

SMTP port number Security Common use case
25 Normally lacks encryption and authentication Standard port for SMTP relay between mail servers. Often blocked by ISPs and cloud hosting providers for outgoing mail to prevent spam and phishing email distribution
587
  • Supports authentication
  • Uses SSL/TLS if the client issues a STARTTLS command
Widely supported port for secure submission of messages from email clients to mail servers
465 Always uses SSL/TLS Sometimes used for secure mail submission on legacy systems. Still supported by some providers
2525 Uses SSL/TLS if the client issues a STARTTLS command Common alternative for SMTP submission. Often used by email service providers when other ports are blocked