• Email DIY

Which SMTP Port Should I Use? Understanding Ports 25, 465, & 587

Mailgun Team
5 min read

It's a common question that we receive here at Mailgun about SMTP port numbers. To ensure connectivity to our Simple Mail Transfer Protocol (SMTP) endpoint, Mailgun offers multiple SMTP port options, but which one should you use to send email messages? We’ll take a historical look at each SMTP port and then we'll discuss today's methodology for outgoing mail usage. If you're not a history buff, go to "Which SMTP port should you use?" for the most common SMTP ports.

What is an SMTP port?

Before our trip through history, we’ll clarify some basic definitions.

SMTP stands for Simple Mail Transfer Protocol—put simply, it’s the process by which emails are sent across the Internet. Computer ports are how individual computers connect to a network and complete electronic processes. An SMTP port is a combination of both: a port designed to send email through a network and to its recipient.

Of course, just as there are multiple computer ports, there are many SMTP ports that can be used. Let’s take a look at their development.

SMTP Ports: A Historical Perspective

In 1982, the University of Southern California submitted a proposal to the Internet Engineering Task Force (IETF). Request For Comments (RFC) 821 was published, establishing port 25 as the default transmission channel for internet email. 30 years later, we still use port 25 as the primary means of transmitting email between two mail servers. A few RFCs have obsoleted the initial SMTP RFC. However, the basis for SMTP connections remains the same or similar.

In December of 1998, R. Gellens and J. Klensin submitted RFC 2476 in support of adding a new specification for internet email communications. The RFC proposed a split of the traditional message submission and message relay concept. The RFC defined that message submission should occur over port 587 to ensure new policy and security requirements don't interfere with the traditional relay traffic over message relay port 25.

sign up

It's easy to get started. And it's free.

See what you can accomplish with the world’s best email delivery platform.

Sign Up For Free

What about port 465?

Interestingly, port 465 was never published as an official SMTP transmission or submission channel by the IETF. Instead, the Internet Assigned Numbers Authority (IANA), who maintains much of the core internet infrastructure, registered port 465 for SMTPS. The purpose was to establish a port for SMTP to operate using Secure Sockets Layer (SSL). SSL is commonly used for encrypting communications over the internet.

The port was assigned for about one year when it was revoked in support of securing SMTP communications using Transport Layer Security (TLS). The nail in the coffin was a new protocol command "STARTTLS," introduced in RFC 2487. This command allows SMTP servers to communicate over existing ports by advertising whether the destination server supports TLS encryption. If so, the sending server can upgrade the connection using the "STARTTLS" SMTP command.

Mailgun supports TLS connections, which you can verify by connecting and issuing an "ehlo" from a command line interface. The resultant "250 STARTTLS" confirms the endpoint accepts TLS connection requests.

1> telnet smtp.mailgun.org 587
3Connected to smtp.mailgun.org.
4Escape character is '^]'.
5220 ak47 ESMTP ready
6> ehlo blog.mailgun.com
9250-SIZE 52428800

You can test using the same command sequence on any SMTP server. Try Gmail or Yahoo, "telnet gmail-smtp-in.l.google.com 25" or "telnet mta7.am0.yahoodns.net 25".

Which SMTP port should you use?

What about today? How are these standard ports different? Have any deprecated over time?

Port 25:

SMTP port 25 continues to be used primarily for SMTP relaying. SMTP relaying is the transmission of email from email server to email server.

In most cases, modern SMTP email clients (Microsoft Outlook, Mail, Thunderbird, etc.) shouldn't use this port. It is traditionally blocked by residential ISPs and Cloud Hosting Providers, to curb the amount of spam that is relayed from compromised computers or servers. Unless you're specifically managing a mail server, you should have no traffic traversing this port on your computer or server. 

Port 465:

IANA has reassigned a new service to this port, and it should no longer be used for SMTP communications.

However, because it was once recognized by IANA as valid, there may be legacy systems that are only capable of using this connection method. Typically, you will use this port only if your application demands it. A quick Google search, and you'll find many consumer Inbox Service Providers' (ISPs) articles that suggest port 465 as the recommended setup. However, we do not recommend it, as it is not RFC compliant.

Port 587:

This is the default mail submission port. When an email client or outgoing server is submitting an email to be routed by a proper mail server, it should always use SMTP port 587 as the default port.

This port, coupled with TLS encryption, will ensure that email is submitted securely and following the guidelines set out by the IETF.

All Mailgun customers should consider using port 587 as their default SMTP port unless you're explicitly blocked by your upstream network or hosting provider.

Port 2525:

This port is not endorsed by the IETF nor IANA. Instead, Mailgun provides it as an alternate port, which mirrors port 587, in the event the above ports are blocked. Because 2525 is a non-traditional high port number, it is typically allowed on consumer ISPs and Cloud Hosting providers, like Google Compute Engine. If you’ve tried the above ports, but experience connectivity issues, try port 2525. This port also supports TLS encryption.

Wait, what about POP and IMAP?

POP (Post Office Protocol, with the latest version being POP3) and IMAP (Internet Message Access Protocol) are two of the very first protocols developed on the consumer Internet that allowed for email clients - like Outlook, Thunderbird and others - to retrieve mail from a mail server.

The ports typically used for POP are TCP ports 110 and 995, and for IMAP are TCP ports 143 and 993, for insecure and secure sessions respectively. They were each good at doing different things, like reflecting the state of an email back to the server (whether it was read, flagged, or marked as junk), or for preserving a copy of the message on a local machine for easy offline access.  The latest version of POP, POP3, can be used with or without an SMTP.

This does not affect which port you can use with Mailgun. Mailgun doesn’t host mailboxes, so these aren’t protocols we support.

Using SMTP with Mailgun

SMTP has been around for years, and many folks ask us whether they should use SMTP or Mailgun's API endpoint. Deciding whether you should use an email API or SMTP to send your emails might not be an easy choice.

We certainly recognize there is some level of vendor lock-in associated with building around an API. However, SMTP is extremely "chatty" and may lead to less performant mail submission to Mailgun.

For example, consider the typical TLS mail conversation between my computer and Mailgun's SMTP endpoint:

1> openssl s_client -starttls smtp -crlf -connect smtp.mailgun.org:587
3> ehlo blog.mailgun.com
6250-SIZE 52428800
9> AUTH PLAIN AHBvc3RtYXN0ZXJAc2FtcGxlcy5tYWlsZ3VuLm9yZwAza2g5dW11am9yYTU=
10235 2.0.0 OK
11> MAIL FROM:<test@samples.mailgun.org>
12250 Sender address accepted
13> RCPT TO:<recipient@samples.mailgun.org>
14250 Recipient address accepted
15> DATA
16354 Continue
17> This is a test of SMTP over port 587.
18> .
19250 Great success
20> QUIT
21221 See you later. Yours truly, Mailgun

As you can see, the above communication is quite cumbersome with lots of back and forth between sender and receiver. We open a connection to the SMTP server, issue the EHLO command, authenticate, set the MAIL FROM, set the RCPT TO, DATA command, send the data, period to close, and finally receive confirmation the message was queued.

Compare this with an HTTPs payload:

1> openssl s_client -connect api.mailgun.net:443
2> POST /v2/samples.mailgun.org/messages HTTP/1.1
3> Authorization: Basic YXBpOmtleS0zYXg2eG5qcDI5amQ2ZmRzNGdjMzczc2d2anh0ZW9sMA==
4> Content-Type: application/x-www-form-urlencoded
5> Content-Length: 126
7> from=test%40samples.mailgun.org&to=recipient%40samples.mailgun.org&subject=Testing&
8> text=This+is+a+test+of+HTTP+over+port+443!
9HTTP/1.1 200 OK

Here, we initiate a connection, pass the HTTP POST payload and receive a 200 OK from the API endpoint. We don't have to issue a sequence of commands and wait for a response from the server after each command.

What should you remember about SMTP ports?

In summary, where performance is desired, Mailgun recommends utilizing our API endpoint. The amount of back and forth “chatting” is much less. And with our API SDKs, connecting up is pretty simple. If you’re not interested in connecting via API, our SMTP endpoints are ready for your mail. Just don’t forget – port 587 is where the party is at as far as secure SMTPs are concerned!

To learn more, check out our Documentation for more info, or contact us and we can answer any questions you may have about SMTP ports or our email services.

sign up

It's easy to get started. And it's free.

See what you can accomplish with the world’s best email delivery platform.

Sign Up For Free

Last updated on September 24, 2020

  • Related posts
  • Recent posts
  • Top posts
View all

Always be in the know and grab free email resources!

No spam, ever. Only musings and writings from the Mailgun team.

Mailgun is committed to protecting your privacy. Please read ourPrivacy Policybefore providing us with your details.

sign up
It's easy to get started. And it's free.
See what you can accomplish with the world's best email delivery platform.
Sign up for Free