Tutorial - Which SMTP Port Should I Use? Understanding Ports 25, 465, & 587 | Vevioz Developers

Tutorial Which SMTP Port Should I Use? Understanding Ports 25, 465, & 587


Linux Systems Engineer
Oct 18, 2019
Reaction score
Novosibirsk, Russia
It's a common question that we receive here at Mailgun about SMTP port numbers. To ensure connectivity to our Simple Mail Transfer Protocol (SMTP) endpoint, Mailgun offers multiple SMTP port options, but which one should you use to send email messages? We’ll take a historical look at each SMTP port and then we'll discuss today's methodology for outgoing mail usage. If you're not a history buff, go to "Which SMTP port should you use?" for the most common SMTP ports.

What is an SMTP port?​

Before our trip through history, we’ll clarify some basic definitions.

SMTP stands for Simple Mail Transfer Protocol—put simply, it’s the process by which emails are sent across the Internet. Computer ports are how individual computers connect to a network and complete electronic processes. An SMTP port is a combination of both: a port designed to send email through a network and to its recipient.

Of course, just as there are multiple computer ports, there are many SMTP ports that can be used. Let’s take a look at their development.

SMTP ports: A historical perspective​

In 1982, the University of Southern California submitted a proposal to the Internet Engineering Task Force (IETF). Request For Comments (RFC) 821 was published, establishing port 25 as the default transmission channel for internet email. 30 years later, we still use port 25 as the primary means of transmitting email between two mail servers. A few RFCs have obsoleted the initial SMTP RFC. However, the basis for SMTP connections remains the same or similar.

In December of 1998, R. Gellens and J. Klensin submitted RFC 2476 in support of adding a new specification for internet email communications. The RFC proposed a split of the traditional message submission and message relay concept. The RFC defined that message submission should occur over port 587 to ensure new policy and security requirements don't interfere with the traditional relay traffic over message relay port 25.

What about port 465?

Interestingly, port 465 was never published as an official SMTP transmission or submission channel by the IETF. Instead, the Internet Assigned Numbers Authority (IANA), who maintains much of the core internet infrastructure, registered port 465 for SMTPS. The purpose was to establish a port for SMTP to operate using Secure Sockets Layer (SSL). SSL is commonly used for encrypting communications over the internet.

The port was assigned for about one year when it was revoked in support of securing SMTP communications using Transport Layer Security (TLS). The nail in the coffin was a new protocol command "STARTTLS," introduced in RFC 2487. This command allows SMTP servers to communicate over existing ports by advertising whether the destination server supports TLS encryption. If so, the sending server can upgrade the connection using the "STARTTLS" SMTP command.

Mailgun supports TLS connections, which you can verify by connecting and issuing an "ehlo" from a command line interface. The resultant "250 STARTTLS" confirms the endpoint accepts TLS connection requests.

> telnet smtp.mailgun.org 587
Connected to smtp.mailgun.org.
Escape character is '^]'.
220 ak47 ESMTP ready
> ehlo blog.mailgun.com
250-SIZE 52428800

You can test using the same command sequence on any SMTP server. Try Gmail or Yahoo, "telnet gmail-smtp-in.l.google.com 25" or "telnet mta7.am0.yahoodns.net 25".

Which SMTP port should you use?​

What about today? How are these standard ports different? Have any deprecated over time?

Port 25:​

SMTP port 25 continues to be used primarily for SMTP relaying. SMTP relaying is the transmission of email from email server to email server.

In most cases, modern SMTP email clients (Microsoft Outlook, Mail, Thunderbird, etc.) shouldn't use this port. It is traditionally blocked by residential ISPs and Cloud Hosting Providers, to curb the amount of spam that is relayed from compromised computers or servers. Unless you're specifically managing a mail server, you should have no traffic traversing this port on your computer or server.

Port 465:​

IANA has reassigned a new service to this port, and it should no longer be used for SMTP communications.

However, because it was once recognized by IANA as valid, there may be legacy systems that are only capable of using this connection method. Typically, you will use this port only if your application demands it. A quick Google search, and you'll find many consumer Inbox Service Providers' (ISPs) articles that suggest port 465 as the recommended setup. However, we do not recommend it, as it is not RFC compliant.

Port 587:​

This is the default mail submission port. When an email client or outgoing server is submitting an email to be routed by a proper mail server, it should always use SMTP port 587 as the default port.

This port, coupled with TLS encryption, will ensure that email is submitted securely and following the guidelines set out by the IETF.

All Mailgun customers should consider using port 587 as their default SMTP port unless you're explicitly blocked by your upstream network or hosting provider.

Port 2525:​

This port is not endorsed by the IETF nor IANA. Instead, Mailgun provides it as an alternate port, which mirrors port 587, in the event the above ports are blocked. Because 2525 is a non-traditional high port number, it is typically allowed on consumer ISPs and Cloud Hosting providers, like Google Compute Engine. If you’ve tried the above ports, but experience connectivity issues, try port 2525. This port also supports TLS encryption.

Wait, what about POP and IMAP?​

POP (Post Office Protocol, with the latest version being POP3) and IMAP (Internet Message Access Protocol) are two of the very first protocols developed on the consumer Internet that allowed for email clients - like Outlook, Thunderbird and others - to retrieve mail from a mail server.

The ports typically used for POP are TCP ports 110 and 995, and for IMAP are TCP ports 143 and 993, for insecure and secure sessions respectively. They were each good at doing different things, like reflecting the state of an email back to the server (whether it was read, flagged, or marked as junk), or for preserving a copy of the message on a local machine for easy offline access. The latest version of POP, POP3, can be used with or without an SMTP.

This does not affect which port you can use with Mailgun. Mailgun doesn’t host mailboxes, so these aren’t protocols we support.

Using SMTP with Mailgun​

SMTP has been around for years, and many folks ask us whether they should use SMTP or Mailgun's API endpoint. Deciding whether you should use an email API or SMTP to send your emails might not be an easy choice.

We certainly recognize there is some level of vendor lock-in associated with building around an API. However, SMTP is extremely "chatty" and may lead to less performant mail submission to Mailgun.

For example, consider the typical TLS mail conversation between my computer and Mailgun's SMTP endpoint:

> openssl s_client -starttls smtp -crlf -connect smtp.mailgun.org:587
> ehlo blog.mailgun.com
250-SIZE 52428800
> AUTH PLAIN AHBvc3RtYXN0ZXJAc2FtcGxlcy5tYWlsZ3VuLm9yZwAza2g5dW11am9yYTU=
235 2.0.0 OK
> MAIL FROM:<test@samples.mailgun.org>
250 Sender address accepted
> RCPT TO:<recipient@samples.mailgun.org>
250 Recipient address accepted
354 Continue
> This is a test of SMTP over port 587.
> .
250 Great success
221 See you later. Yours truly, Mailgun

As you can see, the above communication is quite cumbersome with lots of back and forth between sender and receiver. We open a connection to the SMTP server, issue the EHLO command, authenticate, set the MAIL FROM, set the RCPT TO, DATA command, send the data, period to close, and finally receive confirmation the message was queued.

Compare this with an HTTPs payload:

> openssl s_client -connect api.mailgun.net:443
> POST /v2/samples.mailgun.org/messages HTTP/1.1
> Authorization: Basic YXBpOmtleS0zYXg2eG5qcDI5amQ2ZmRzNGdjMzczc2d2anh0ZW9sMA==
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 126
> from=test%40samples.mailgun.org&to=recipient%40samples.mailgun.org&subject=Testing&
> text=This+is+a+test+of+HTTP+over+port+443!
HTTP/1.1 200 OK

Here, we initiate a connection, pass the HTTP POST payload and receive a 200 OK from the API endpoint. We don't have to issue a sequence of commands and wait for a response from the server after each command.

What should you remember about SMTP ports?​

In summary, where performance is desired, Mailgun recommends utilizing our API endpoint. The amount of back and forth “chatting” is much less. And with our API SDKs, connecting up is pretty simple. If you’re not interested in connecting via API, our SMTP endpoints are ready for your mail. Just don’t forget – port 587 is where the party is at as far as secure SMTPs are concerned!

To learn more, check out our Documentation for more info, or contact us and we can answer any questions you may have about SMTP ports or our email services.
Top Bottom