- Best Practices
It's a common question that we receive here at Mailgun about SMTP port numbers. To ensure connectivity to our Simple Mail Transfer Protocol (SMTP) endpoint, Mailgun offers multiple SMTP port options, but which one should you use to send email messages? Let's first take a historical look at each SMTP port and then we'll discuss today's methodology for outgoing mail usage. If you're not a history buff, go to "Todays Usage" for the most common SMTP ports.
In 1982, the University of Southern California submitted a proposal to the Internet Engineering Task Force (IETF). Request For Comments (RFC) 821 was published, establishing port 25 as the default transmission channel for internet email. 30 years later, we still use port 25 as the primary means of transmitting email between two mail servers. A few RFCs have obsoleted the initial SMTP RFC. However, the basis for SMTP connections remains the same or similar.
In December of 1998, R. Gellens and J. Klensin submitted RFC 2476 in support of adding a new specification for internet email communications. The RFC proposed a split of the traditional message submission and message relay concept. The RFC defined that message submission should occur over port 587 to ensure new policy and security requirements don't interfere with the traditional relay traffic over message relay port 25.
Interestingly, port 465 was never published as an official SMTP transmission or submission channel by the IETF. Instead, the Internet Assigned Numbers Authority (IANA), who maintains much of the core internet infrastructure, registered port 465 for SMTPS. The purpose was to establish a port for SMTP to operate using Secure Sockets Layer (SSL). SSL is commonly used for encrypting communications over the internet.
The port was assigned for about one year when it was revoked in support of securing SMTP communications using Transport Layer Security (TLS). The nail in the coffin was a new protocol command "STARTTLS," introduced in RFC 2487. This command allows SMTP servers to communicate over existing ports by advertising whether the destination server supports TLS encryption. If so, the sending server can upgrade the connection using the "STARTTLS" SMTP command.
Mailgun supports TLS connections, which you can verify by connecting and issuing an "ehlo" from a command line interface. The resultant "250 STARTTLS" confirms the endpoint accepts TLS connection requests.
1> telnet smtp.mailgun.org 5872Trying 18.104.22.168...3Connected to smtp.mailgun.org.4Escape character is '^]'.5220 ak47 ESMTP ready6> ehlo blog.mailgun.com7250-ak478250-AUTH PLAIN LOGIN9250-SIZE 5242880010250-8BITMIME11250-ENHANCEDSTATUSCODES12250 STARTTLS
You can test using the same command sequence on any SMTP server. Try Gmail or Yahoo, "telnet gmail-smtp-in.l.google.com 25" or "telnet mta7.am0.yahoodns.net 25".
What about today? How are these standard ports different? Have any deprecated over time?
SMTP port 25 continues to be used primarily for SMTP relaying. SMTP relaying is the transmittal of email from email server to email server.
In most cases, modern SMTP email clients (Microsoft Outlook, Mail, Thunderbird, etc.) shouldn't use this port. It is traditionally blocked by residential ISPs and Cloud Hosting Providers, to curb the amount of spam that is relayed from compromised computers or servers. Unless you're specifically managing a mail server, you should have no traffic traversing this port on your computer or server. Otherwise, you'll see a decrease in email delivery and ultimately poor deliverability as well.
IANA has reassigned a new service to this port, and it should no longer be used for SMTP communications.
However, because it was once recognized by IANA as valid, there may be legacy systems that are only capable of using this connection method. As a result, Mailgun supports SSL connections via port 465. Typically, you will use this port only if your application demands it. A quick Google search, and you'll find many consumer Inbox Service Providers' (ISPs) articles that suggest port 465 as the recommended setup. Hopefully, this ends soon! It is not RFC compliant.
This is the default mail submission port. When an email client or outgoing server is submitting an email to be routed by a proper mail server, it should always use SMTP port 587 as the default port.
This port, coupled with TLS encryption, will ensure that email is submitted securely and following the guidelines set out by the IETF.
All Mailgun customers should consider using port 587 as their default SMTP port unless you're explicitly blocked by your upstream network or hosting provider.
This port is not endorsed by the IETF nor IANA. Instead, Mailgun provides it as an alternate port, which mirrors port 587, in the event the above ports are blocked. Because 2525 is a non-traditional high port number, it is typically allowed on consumer ISPs and Cloud Hosting providers, like Google Compute Engine. If you’ve tried the above ports, but experience connectivity issues, try port 2525. This port also supports TLS encryption.
SMTP has been around for years, and many folks ask us whether they should use SMTP or Mailgun's API endpoint. We certainly recognize there is some level of vendor lock-in associated with building around an API. However, SMTP is extremely "chatty" and may lead to less performant mail submission to Mailgun.
For example, consider the typical TLS mail conversation between my computer and Mailgun's SMTP endpoint:
1> openssl s_client -starttls smtp -crlf -connect smtp.mailgun.org:5872250 STARTTLS3> ehlo blog.mailgun.com4250-ak475250-AUTH PLAIN LOGIN6250-SIZE 524288007250-8BITMIME8250-ENHANCEDSTATUSCODES9> AUTH PLAIN AHBvc3RtYXN0ZXJAc2FtcGxlcy5tYWlsZ3VuLm9yZwAza2g5dW11am9yYTU=10235 2.0.0 OK11> MAIL FROM:<firstname.lastname@example.org>12250 Sender address accepted13> RCPT TO:<email@example.com>14250 Recipient address accepted15> DATA16354 Continue17> This is a test of SMTP over port 587.18> .19250 Great success20> QUIT21221 See you later. Yours truly, Mailgun
As you can see, the above communication is quite cumbersome with lots of back and forth between sender and receiver. We open a connection to the SMTP server, issue the EHLO command, authenticate, set the MAIL FROM, set the RCPT TO, DATA command, send the data, period to close, and finally receive confirmation the message was queued.
Compare this with an HTTPs payload:
1> openssl s_client -connect api.mailgun.net:4432> POST /v2/samples.mailgun.org/messages HTTP/1.13> Authorization: Basic YXBpOmtleS0zYXg2eG5qcDI5amQ2ZmRzNGdjMzczc2d2anh0ZW9sMA==4> Content-Type: application/x-www-form-urlencoded5> Content-Length: 1266>7> from=test%40samples.mailgun.org&to=recipient%40samples.mailgun.org&subject=Testing&8> text=This+is+a+test+of+HTTP+over+port+443!9HTTP/1.1 200 OK
Here, we initiate a connection, pass the HTTP POST payload and receive a 200 OK from the API endpoint. We don't have to issue a sequence of commands and wait for a response from the server after each command.
POP (Post Office Protocol, with the latest version being POP3) and IMAP (Internet Message Access Protocol) are two of the very first protocols developed on the consumer Internet that allowed for email clients - like Outlook, Thunderbird and others - to retrieve mail from a mail server. The ports typically used for POP are TCP ports 110 and 995, and for IMAP are TCP ports 143 and 993, for insecure and secure sessions respectively. They were each good at doing different things, like reflecting the state of an email back to the server (whether it was read, flagged, or marked as junk), or for preserving a copy of the message on a local machine for easy offline access. The latest version of POP, POP3, can be used with or without an SMTP.
In short, they don't. Mailgun doesn't host mailboxes, so these aren't protocols we support.
In summary, where performance is desired, Mailgun recommends utilizing our API endpoint. The amount of back and forth “chatting” is much less. And with our API SDKs, connecting up is pretty simple. If you’re not interested in connecting via API, our SMTP endpoints are ready for your mail. Just don’t forget – port 587 is where the party is at as far as secure SMTPs are concerned! To learn more, check out our Documentation for more info, or contact us and we can answer any questions you may have about SMTP ports or our email services.
Last updated on December 16, 2019