• Email DIY

Which SMTP Port Should I Use? Understanding Ports 25, 465, & 587

Mailgun Team
5 min read

It's a common question that we receive here at Mailgun about SMTP port numbers. To ensure connectivity to our Simple Mail Transfer Protocol (SMTP) endpoint, Mailgun offers multiple SMTP port options, but which one should you use to send email messages? Let's first take a historical look at each SMTP port and then we'll discuss today's methodology for outgoing mail usage. If you're not a history buff, go to "Todays Usage" for the most common SMTP ports.

Historical Perspective

In 1982, the University of Southern California submitted a proposal to the Internet Engineering Task Force (IETF). Request For Comments (RFC) 821 was published, establishing port 25 as the default transmission channel for internet email. 30 years later, we still use port 25 as the primary means of transmitting email between two mail servers. A few RFCs have obsoleted the initial SMTP RFC. However, the basis for SMTP connections remains the same or similar.

In December of 1998, R. Gellens and J. Klensin submitted RFC 2476 in support of adding a new specification for internet email communications. The RFC proposed a split of the traditional message submission and message relay concept. The RFC defined that message submission should occur over port 587 to ensure new policy and security requirements don't interfere with the traditional relay traffic over message relay port 25.

What about port 465?

Interestingly, port 465 was never published as an official SMTP transmission or submission channel by the IETF. Instead, the Internet Assigned Numbers Authority (IANA), who maintains much of the core internet infrastructure, registered port 465 for SMTPS. The purpose was to establish a port for SMTP to operate using Secure Sockets Layer (SSL). SSL is commonly used for encrypting communications over the internet.

The port was assigned for about one year when it was revoked in support of securing SMTP communications using Transport Layer Security (TLS). The nail in the coffin was a new protocol command "STARTTLS," introduced in RFC 2487. This command allows SMTP servers to communicate over existing ports by advertising whether the destination server supports TLS encryption. If so, the sending server can upgrade the connection using the "STARTTLS" SMTP command.

Mailgun supports TLS connections, which you can verify by connecting and issuing an "ehlo" from a command line interface. The resultant "250 STARTTLS" confirms the endpoint accepts TLS connection requests.

1> telnet smtp.mailgun.org 587
2Trying 50.56.21.178...
3Connected to smtp.mailgun.org.
4Escape character is '^]'.
5220 ak47 ESMTP ready
6> ehlo blog.mailgun.com
7250-ak47
8250-AUTH PLAIN LOGIN
9250-SIZE 52428800
10250-8BITMIME
11250-ENHANCEDSTATUSCODES
12250 STARTTLS

You can test using the same command sequence on any SMTP server. Try Gmail or Yahoo, "telnet gmail-smtp-in.l.google.com 25" or "telnet mta7.am0.yahoodns.net 25".

Today’s Usage

What about today? How are these standard ports different? Have any deprecated over time?

Port 25:

SMTP port 25 continues to be used primarily for SMTP relaying. SMTP relaying is the transmittal of email from email server to email server.

In most cases, modern SMTP email clients (Microsoft Outlook, Mail, Thunderbird, etc.) shouldn't use this port. It is traditionally blocked by residential ISPs and Cloud Hosting Providers, to curb the amount of spam that is relayed from compromised computers or servers. Unless you're specifically managing a mail server, you should have no traffic traversing this port on your computer or server. Otherwise, you'll see a decrease in email delivery and ultimately poor deliverability as well.

Port 465:

IANA has reassigned a new service to this port, and it should no longer be used for SMTP communications.

However, because it was once recognized by IANA as valid, there may be legacy systems that are only capable of using this connection method. As a result, Mailgun supports SSL connections via port 465. Typically, you will use this port only if your application demands it. A quick Google search, and you'll find many consumer Inbox Service Providers' (ISPs) articles that suggest port 465 as the recommended setup. Hopefully, this ends soon! It is not RFC compliant.

Port 587:

This is the default mail submission port. When an email client or outgoing server is submitting an email to be routed by a proper mail server, it should always use SMTP port 587 as the default port.

This port, coupled with TLS encryption, will ensure that email is submitted securely and following the guidelines set out by the IETF.

All Mailgun customers should consider using port 587 as their default SMTP port unless you're explicitly blocked by your upstream network or hosting provider.

Port 2525:

This port is not endorsed by the IETF nor IANA. Instead, Mailgun provides it as an alternate port, which mirrors port 587, in the event the above ports are blocked. Because 2525 is a non-traditional high port number, it is typically allowed on consumer ISPs and Cloud Hosting providers, like Google Compute Engine. If you’ve tried the above ports, but experience connectivity issues, try port 2525. This port also supports TLS encryption.

To SMTP or not to SMTP

SMTP has been around for years, and many folks ask us whether they should use SMTP or Mailgun's API endpoint. We certainly recognize there is some level of vendor lock-in associated with building around an API. However, SMTP is extremely "chatty" and may lead to less performant mail submission to Mailgun.

For example, consider the typical TLS mail conversation between my computer and Mailgun's SMTP endpoint:

1> openssl s_client -starttls smtp -crlf -connect smtp.mailgun.org:587
2250 STARTTLS
3> ehlo blog.mailgun.com
4250-ak47
5250-AUTH PLAIN LOGIN
6250-SIZE 52428800
7250-8BITMIME
8250-ENHANCEDSTATUSCODES
9> AUTH PLAIN AHBvc3RtYXN0ZXJAc2FtcGxlcy5tYWlsZ3VuLm9yZwAza2g5dW11am9yYTU=
10235 2.0.0 OK
11> MAIL FROM:<test@samples.mailgun.org>
12250 Sender address accepted
13> RCPT TO:<recipient@samples.mailgun.org>
14250 Recipient address accepted
15> DATA
16354 Continue
17> This is a test of SMTP over port 587.
18> .
19250 Great success
20> QUIT
21221 See you later. Yours truly, Mailgun

As you can see, the above communication is quite cumbersome with lots of back and forth between sender and receiver. We open a connection to the SMTP server, issue the EHLO command, authenticate, set the MAIL FROM, set the RCPT TO, DATA command, send the data, period to close, and finally receive confirmation the message was queued.

Compare this with an HTTPs payload:

1> openssl s_client -connect api.mailgun.net:443
2> POST /v2/samples.mailgun.org/messages HTTP/1.1
3> Authorization: Basic YXBpOmtleS0zYXg2eG5qcDI5amQ2ZmRzNGdjMzczc2d2anh0ZW9sMA==
4> Content-Type: application/x-www-form-urlencoded
5> Content-Length: 126
6>
7> from=test%40samples.mailgun.org&to=recipient%40samples.mailgun.org&subject=Testing&
8> text=This+is+a+test+of+HTTP+over+port+443!
9HTTP/1.1 200 OK

Here, we initiate a connection, pass the HTTP POST payload and receive a 200 OK from the API endpoint. We don't have to issue a sequence of commands and wait for a response from the server after each command.

Wait, what about POP and IMAP?

POP (Post Office Protocol, with the latest version being POP3) and IMAP (Internet Message Access Protocol) are two of the very first protocols developed on the consumer Internet that allowed for email clients - like Outlook, Thunderbird and others - to retrieve mail from a mail server. The ports typically used for POP are TCP ports 110 and 995, and for IMAP are TCP ports 143 and 993, for insecure and secure sessions respectively. They were each good at doing different things, like reflecting the state of an email back to the server (whether it was read, flagged, or marked as junk), or for preserving a copy of the message on a local machine for easy offline access.  The latest version of POP, POP3, can be used with or without an SMTP.

How does this figure into sending email through Mailgun, and which port to use?

In short, they don't. Mailgun doesn't host mailboxes, so these aren't protocols we support.

Conclusion

In summary, where performance is desired, Mailgun recommends utilizing our API endpoint. The amount of back and forth “chatting” is much less. And with our API SDKs, connecting up is pretty simple. If you’re not interested in connecting via API, our SMTP endpoints are ready for your mail. Just don’t forget – port 587 is where the party is at as far as secure SMTPs are concerned! To learn more, check out our Documentation for more info, or contact us and we can answer any questions you may have about SMTP ports or our email services.

sign up

It's easy to get started. And it's free.

What will you accomplish with 10,000 free emails and a 100 free validations every month?

Sign Up For Free

Last updated on October 11, 2019

  • Related posts
  • Recent posts
  • Top posts
View all

Always be in the know and grab free email resources!

No spam, ever. Only musings and writings from the Mailgun team.

Mailgun is committed to protecting your privacy. Please read ourPrivacy Policybefore providing us with your details.

sign up

It's easy to get started. And it's free.

What will you accomplish with 10,000 free emails and a 100 free validations every month?
Sign up for Free