Back to main menu

Email

Which SMTP Port to Use? Understanding ports 25, 465, & 587

Get all the answers you need in Sinch Mailgun's guide to understanding SMTP ports...

PUBLISHED ON

PUBLISHED ON

It's a common question that we receive here at Sinch Mailgun about SMTP port numbers. To ensure connectivity to our Simple Mail Transfer Protocol (SMTP) endpoint, Mailgun offers multiple SMTP port options, but which one should you use to send email messages? We’ll take a historical look at each SMTP port and then we'll discuss today's methodology for outgoing mail usage. If you're not a history buff, go to "Today's Usage" for the most common SMTP ports.

Quick SMTP port reference guide:

  • Badge Check

    Port 25: Standard SMTP port for server-to-server email relay (often blocked for high spam use)

  • Badge Check

    Port 587: Default secure port for email submission (recommended)

  • Badge Check

    Port 465: Legacy SMTPS port (use only if required)

  • Badge Check

    Port 2525: Alternative port when others are blocked

What is SMTP

SMTP stands for Simple Mail Transfer Protocol – put simply, it’s the process by which emails are sent across the internet. Message data is sent out and the traffic is directed into ports. Once message data travels successfully through a port, other email authentications are used to validate the messages and either deliver them to the inbox, reject them, or direct them to the spam folder.

What is SMTPS?

SMTPS is more secure than SMTP in the same way that HTTPS is more secure than HTTP. In the earlier days of the internet www.http was the standard beginning to an email address. But it became easy for spammers and spoofers to intercept sensitive data. HTTPS = HTTP + SSL, or secure socket layer, which is an internet address’s extra layer of authentication. SMTPS is SMTP + TLS, or transport layer security, which uses encryption and authentication to further protect SMTP.

TLS uses a digital signature to verify the origin of traffic. In email we talk a lot about authentication to verify a senders identity with protocols like SPF or DKIM. Instead of verifying who sends a message, TLS verifies by where email traffic comes from. If the origin in the signature matches the actual origin, the data is allowed through. The default SMTP port for SMTPS is port 587, but more on that in a bit. Before we talk about default ports, we first have to know what an SMTP port is.

If you’re a sender with Sinch Mailgun you can use SMTPS by enabling TLS on your mail server. Learn more.

What is an SMTP port?

Ports are endpoints that individual servers use to connect to a network and retrieve data. Think of it like an old school switchboard with a technician plugging the incoming call into a jack to connect it to a specific phone. An SMTP port is  a port designed to direct email through a network to its recipient.

The most important SMTP ports are:

  • Port 25

  • Port 587

  • Port 465

The thing is, not all SMTP ports are equal. Choosing the wrong one could have negative consequences and reflect poorly on you as a sender.

How SMTP works

What different SMTP ports are there? Understanding ports 25, 465, 587

There are many ports to choose from, but only a few that you might want to use. Like with anything technical, where we started is not where we are now. When the SMTP protocol was first published in 1981 (the same year Lionel Richie’s Endless Love topped the charts – for perspective) it didn’t take long before the first port, port 25 was put into place to manage message traffic.

What about the rest of the ports?  How many other ports were launched over time and have they evolved? Many have, and some have even been depricated. When it comes to ports, there are many. Here’s our breakdown – or “port reduction” if you will. Sorry, we couldn’t resist.

Port 25: The standard port

The first port, port 25, was implemented as the primary message transmission channel to help mitigate against attacks like man-in-the-middle. It came out of a 1982 request from the University of Southernn California to the Internet Engineering Task Force (IETF) who are the overlords of all protocols that control movement across the internet.

Ironically, port 25 has since become favored by spammers because of its support for open relay.

SMTP port 25 continues to be used primarily for SMTP relaying. SMTP relaying is the transmission of email from email server to email server.

In most cases, modern SMTP email clients (Microsoft Outlook, Mail, Thunderbird, etc.) shouldn't use this port. It is traditionally blocked by residential ISPs and Cloud Hosting Providers, to curb the amount of spam that is relayed from compromised computers or servers. Unless you're specifically managing a mail server, you should have no traffic traversing this port on your computer or server.

Port 587: The default port

In December of 1998, after port 25 started to get spammy, R. Gellens and J. Klensin submitted RFC 2476 in support of adding a new specification for internet email communications. The RFC proposed a split of the traditional message submission and message relay concept.

The RFC defined that message submission should occur over port 587 to ensure new policy and security requirements don't interfere with the traditional relay traffic over message relay port 25.

Port 587 is the default mail submission port. When an email client or outgoing server is submitting an email to be routed by a proper mail server, it should always use SMTP port 587 as the default port.

This port, coupled with TLS encryption, will ensure that email is submitted securely and following the guidelines set out by the IETF.

All Mailgun Send customers should consider using port 587 as their default SMTP port unless you're explicitly blocked by your upstream network or hosting provider.

Port 465: The TLS port

The Internet Assigned Numbers Authority (IANA) has reassigned a new service to this port, and it should no longer be used for SMTP communications.

Because port 465 was once recognized by IANA as valid, there may be legacy systems that are only capable of using this connection method. Typically, you will use this port only if your application demands it. A quick Google search, and you'll find many consumer Inbox Service Providers' (ISPs) articles that suggest port 465 as the recommended setup. However, we do not recommend it, as it is not RFC compliant.

Interestingly, port 465 was never published as an official SMTP transmission or submission channel by the IETF. Instead, the Internet Assigned Numbers Authority (IANA), which maintains much of the core internet infrastructure, registered port 465 for SMTPS. The purpose was to establish a port for SMTP to operate using Secure Sockets Layer (SSL). SSL is commonly used for encrypting communications over the internet.

The port was assigned for about one year before it was revoked in support of securing SMTP communications using Transport Layer Security (TLS). The nail in the coffin was a new protocol command "STARTTLS," introduced in RFC 2487. This command allows SMTP servers to communicate over existing ports by advertising whether the destination server supports TLS encryption. If so, the sending server can upgrade the connection using the "STARTTLS" SMTP command.

In addition to many port options, there are also many SMTP commands. Learn more in our post on SMTP commands.

Mailgun supports TLS connections, which you can verify by connecting and issuing an "ehlo" from a command line interface. The resultant "250 STARTTLS" confirms the endpoint accepts TLS connection requests.

You can test using the same command sequence on any SMTP server. Try Gmail or Yahoo, "telnet gmail-smtp-in.l.google.com 25" or "telnet mta7.am0.yahoodns.net 25".

Learn about our Deliverability Services

Deliverability Services

Looking to send a high volume of emails? Our email experts can supercharge your email performance. See how we've helped companies like Lyft, Shopify, Github increase their email delivery rates to an average of 97%.

Both ports 587 and 465 support TLS, port 465 is used for implicit TLS but port 587 which uses startTLS is preferred because message communications aren’t restricted by clients that don’t support encryption.

Port 2525: The alternative port

This port is not endorsed by the IETF nor IANA. Instead, Mailgun provides it as an alternate port, which mirrors port 587, in the event the above ports are blocked. Because 2525 is a non-traditional high port number, it is typically allowed on consumer ISPs and Cloud Hosting providers, like Google Compute Engine. If you’ve tried the above ports, but experience connectivity issues, try port 2525. This port also supports TLS encryption.

There are several SMTP ports but not all are created equal. The most frequently used is port 25 for SMTP relays, while port 587 is the default port for mail submission.

What SMTP port should you use?

When you start talking about protocols, you know the specifics are going to matter. SMTP is no different. Your port depends on what type of sender you are.

Most used ports:

Port

Use case­

Port

Port­ 25: The stan­dard port­

Us­e for non-­encrypted conn­ections. Stil­l thou­ght of as the stan­dard SMTP­ port­, most­ resi­dential ISPs­ and host­ing prov­iders bloc­k port­ 25 due to heav­y spam­ traf­fic.

Use case­

Port­ 465:­ The TLS port­

Us­e if your­ appl­ication or comp­any requ­ire. Port­ 465 is a port­ that­ carr­ies out mess­age subm­ission over­ Impl­icit TLS prot­ocol.

Port­ 587:­ The defa­ult port­

Us­e for your­ busi­ness or for secu­re conn­ections. Port­ 587 is the defa­ult SMTP­ port­, most­ busi­nesses use this­ port­.

Alternative ports:

Port

Use case­

Port

Port­ 80: The HTTP­ port­

Us­e as the defa­ult port­ for unen­crypted webp­ages. Port­ 80 is used­ to send­ and rece­ive web-­based comm­unications and HTML­ data­ and allo­ws HTML­ data­ to rema­in in plai­n text­, vs. Port­ 443 wher­e it woul­d be encr­ypted.

Use case­

Port­ 443:­ The SSL port­

Us­e to get to an HTTP­S addr­ess. When­ you send­ a mess­age, SMTP­ tran­smits mess­ages to a spec­ific addr­ess for proc­essing. Port­ 80 is use to open­ an HTTP­ addr­ess, port­ 443 is used­ for HTTP­S, or addr­esses that­ have­ SSL secu­rity. (The­ ‘s’ in HTTP­S)

Port­ 588:­ The seco­ndary emai­l port­

Us­e if you requ­ire TLS encr­yption. Both­ port­s 587 and 588 can be coup­led with­ TLS encr­yption for add data­ priv­acy and secu­rity.

Port­ 2525­: The alte­rnate port­

Us­e as an alte­rnate if port­ 587 is bloc­ked. Mail­gun prov­ides an alte­rnate in port­ 2525­ for situ­ations when­ stan­dard port­s are bloc­ked. Most­ ESPs­ supp­ort port­ 2525­.

Why is it important to use the right SMTP port?

Using the right port helps ensure delivery and supports your sender reputation. But watch out, some ports have evolved to have a bad reputation of their own – and using these ports could keep you out of the inbox.

Choosing the wrong SMTP port could negatively impact your deliverability and sender reputation. 

SMTP ports and email security

Different ports are associated with different security measures, so choosing the right one is key to ensure you’re protecting your email communications.

Some ports transmit encrypted messages, while other ports remain open for all types of traffic. The port you use may be determined by the security standards of your organization or by the sensitive contents of the messages you send.

Port

Best­ For

Secu­rit­y

Reco­mmended Use Case­

Port

25

Serv­er rela­y

Basi­c

Lega­cy syst­ems only­

Best­ For

587

Mess­age subm­ission

TLS supp­ort

Mode­rn emai­l send­ing

Secu­rit­y

465

Lega­cy syst­ems

Impl­icit TLS

When­ spec­ifically requ­ired

Reco­mmended Use Case­

2525

Alte­rnative opti­on

TLS supp­ort

When­ othe­r port­s are bloc­ked

Understanding SMTP vs SMTPS: Security differences 

If you’re looking into SMTP, chances are you’re going to come across SMTPS. SMTPS is more secure than SMTP in the same way that HTTPS is more secure than HTTP. In the earlier days of the internet, www.http was the standard beginning to an email address. But it became easy for spammers and spoofers to intercept sensitive data. 

How SMTPS enhances security 

  • HTTPS = HTTP + SSL (Secure Socket Layer) 

  • SMTPS = SMTP + TLS (Transport Layer Security) 

  • Uses encryption and authentication 

SMTP ports and email deliverability

Choosing the right SMTP port also helps ensure you have strong deliverability. SMTP is the most used protocol by mail servers to communicate, but that doesn’t mean they’re interchangeable. Some ISPs may block certain ports, like port 25 to defend against spam, and default to another port, like port 587 that supports encryption.

Adding authentication protocols like SMTP AUTH can help improve your message delivery, but deliverability is a multi-ingredient pie. Everything from your message content to your authentication can impact your sender reputation and overall deliverability rate.

In order to determine which port is the best for you, let’s cover the most popular ports and the traffic they transmit.

Common SMTP port issues and solutions 

Connection Timeouts 

When your email client can't establish a connection to the SMTP server within the expected timeframe. This often occurs due to network issues, firewall restrictions, or when the server is experiencing high load. 

  • Check your network connectivity and try increasing the timeout setting in your email client 

  • Verify firewall rules aren't blocking SMTP traffic and test on a different network if possible 

Authentication Failures

These happen when the credentials provided (username/password) don't match what the SMTP server expects, or when using the wrong authentication method. Most commonly occurs after password changes or when using outdated credentials. 

  • Double-check your SMTP username and password are correct and regenerate API keys if needed 

  • Ensure you're using the correct authentication method (PLAIN, LOGIN, or CRAM-MD5) required by your SMTP server 

Port Blocking

ISPs or firewalls may block specific SMTP ports, especially port 25, as a spam prevention measure. If you're experiencing connection issues, try switching to port 587 or 2525 as alternatives. 

  • Try port 587 first as it's the modern standard for secure email submission 

  • If port 587 is blocked, use port 2525 as Mailgun's alternative port with identical functionality 

TLS Negotiation Issues

Problems occur when there's a mismatch between the TLS versions supported by your client and the SMTP server, or when certificates are invalid or expired. Usually resolved by updating your TLS configuration or ensuring proper certificate management. 

  • Update your client to support modern TLS versions (TLS 1.2 or higher recommended) 

  • Check your server's SSL/TLS certificates are valid and not expired in your configuration 

What are POP and IMAP protocols?

POP (Post Office Protocol, with the latest version being POP3) and IMAP (Internet Message Access Protocol) are two of the very first protocols developed on the consumer internet that allowed for email clients - like Outlook, Thunderbird and others - to retrieve mail from a mail server.

The ports typically used for POP are TCP ports 110 and 995, and for IMAP are TCP ports 143 and 993, for insecure and secure sessions respectively. They were each good at doing different things, like reflecting the state of an email back to the server (whether it was read, flagged, or marked as junk), or for preserving a copy of the message on a local machine for easy offline access.  The latest version of POP, POP3, can be used with or without SMTP.

This does not affect which port you can use with Mailgun Send. Mailgun doesn’t host mailboxes, so these aren’t protocols we support. Learn more about Pop vs IMAP in our post on the difference between these protocols

Using SMTP with Mailgun

SMTP has been around for years, and many folks ask us whether they should use SMTP or Mailgun's API endpoint. Deciding whether you should use an email API or SMTP to send your emails might not be an easy choice.

We certainly recognize there is some level of vendor lock-in associated with building around an API. However, SMTP is extremely "chatty" and may lead to less performant mail submission to Mailgun.

For example, consider the typical TLS mail conversation between my computer and Mailgun's SMTP endpoint:

As you can see, the above communication is quite cumbersome with lots of back and forth between sender and receiver. We open a connection to the SMTP server, issue the EHLO command, authenticate, set the MAIL FROM, set the RCPT TO, DATA command, send the data, period to close, and finally receive confirmation the message was queued.

Compare this with an HTTPs payload:

Here, we initiate a connection, pass the HTTP POST payload and receive a 200 OK from the API endpoint. We don't have to issue a sequence of commands and wait for a response from the server after each command.

To learn more, check out our Documentation for more info, or contact us and we can answer any questions you may have about SMTP ports or our email services.

Sign Up

It's easy to get started. And it's free.

See what you can accomplish with the world’s best email delivery platform.

Related readings

What is SMTP and how does it work?

SMTP, though a pillar of email delivery, often gets lost in the jumble of tech terms and acronyms. But if you're ready to send impactful emails, this is one of those acronyms that...

Read More

The magic behind successful email open rates

So you’ve integrated email into your platform or app. But how can you know whether your users are reading your messages? After all, sending an email is one thing, but ensuring...

Read More

Cutting through the noise when choosing an ESP

Picking an Email Service Provider is a mental tug of war: you’ll be working with that...

Read More

Popular posts

Email inbox.

Email

5 min

Build Laravel 11 email authentication with Mailgun and Digital Ocean

Read More

Mailgun statistics.

Product

4 min

Sending email using the Mailgun PHP API

Read More

Statistics on deliverability.

Deliverability

5 min

Here’s everything you need to know about DNS blocklists

Read More

See what you can accomplish with the world's best email delivery platform. It's easy to get started.Let's get sending
CTA icon