Which SMTP port should I use? How to choose the right one: SMTP Server Ports 25 vs 465 vs 587 vs 2525?
When configuring your application or client to send email it's often not clear which SMTP port you're supposed to use. You may see a range of options for email relay over SMTP, such as port numbers 25, 465, 587 or 2525. All of these are valid ports but we'll look at which one you should use to send email and why.
What is SMTP and what is an SMTP port
In this article we'll cover SMTP, the protocol that servers use to send and receive email, and the main options for SMTP ports.
First, what is SMTP? The Simple Mail Transfer Protocol (SMTP) is a standard for transferring email messages from one computer or server to another.
A port refers to the opening on a computer or device that allows information to flow in and out. Ports are used by programs running on the computer, such as your email program, web browser or instant messenger software.
Each port has a number, that refers to where the opening is and it's used in conjunction with the DNS or IP address to show where the open connection is for other computers. SMTP servers use TCP/IP for communication and can use a number of different Ports 25, 465, 587 or 2525 being the most common.
SMTP vs IMAP vs POP3
There are several different protocols that an email can use, the main ones being: SMTP, IMAP and POP3. What are the differences?
SMTP: The most common of these is the SMTP protocol which stands for Simple Mail Transfer Protocol. The SMTP protocol is used for sending and receiving emails to and between mail servers. SMTP is the core for sending and receiving email.
IMAP: The next most commonly used protocol is the IMAP (Internet Message Access Protocol). IMAP is used for retrieving messages from the mail server (this is the one commonly used to fetch your email with your mail client). IMAP is useful for when you need to read your email from multiple devices. The current state of the email is kept on the server and email messages can be marked as read on the server. You can also tag messages and have those tags sync across different clients (if the server supports them). The ports typically used for IMAP are 143 and for Secure IMAP (IMAP with TLS) Port 993 is used. Many providers will only allow secure access to IMAP servers nowadays over Port 993.
POP: The third protocol would be POP3 which stands for Post Office Protocol. This is the protocol that can be used to download your messages from a mail server and it only stores them on the device you are using until they expire, which means there is a limit to how many messages can be downloaded at a time. There are also different ports for each protocol, so it's important to know which one you need when configuring your email client. POP uses ports 110 and 995 (for Secure, TLS encrypted POP).
We'll focus on SMTP for the remainder of this article.
History of SMTP ports
Let's take a look at some of the SMTP ports available and used for SMTP:
What is Port 25, the default SMTP Port?
The default SMTP port is 25. This means that an email server will use this port when communicating with other servers to establish a connection. The communication is usually initiated by the client, which is the email client or another server attempting to relay the email message to the next server until it reaches its destination.
When a server or client is attempting to send email to another server it will send via SMTP Port 25. However, using Port 25 often isn't an option when sending email from a website or application, particularly in Cloud Providers such as AWS, Azure or Google Cloud.
Why is Port 25 Blocked?
Often when attempting to connect on Port 25 you'll receive an error such as
Connection refused - connect(2) or ECONNREFUSED.
Many ISPs and Hosting providers block Port 25. This is mainly because of spammers. Historically SPAM has been sent from any connection that allowed connecting to remote SMTP servers. For this reason ISPs and hosts started to block all communication on Port 25. Effectively stopping customers (or hackers) from running SMTP servers without explicit permission. There are also a number of additional considerations when running an SMTP server, such as setting DNS PTR records correctly, but these are outside the scope of this article.
Blocking these ports means that it's not possible to use Port 25 for a number of people but there are alternatives to submit your email over SMTP.
What happened to SMTP Port 465?
In the late 1990s, a new SMTP port was used to extend email security and enable SMTPS (SMTP over SSL or secure SMTP). Port 465 encrypted all content transmitted between mail servers. By default, Port 465 expected SSL encryption to be enabled when making the connection.
Although this was more secure, it had a number of drawbacks. The main issue was that it was incompatible with SMTP servers that only supported the original Port 25 and created additional confusion as to which port to connect to.
The invention of Start TLS (the STARTTLS command) also made this method of encryption obsolete, allowing any connection to be upgraded to a TLS encrypted connection, including the default Port 25.
Importantly, Port 465 for RFC was never actually RFC compliant, and it was quickly deprecated and subsequently IANA reassigned the port to another service. RFC 8314 specifically stated:
"This registration made no sense, as the SMTP transport MX infrastructure has no way to specify a port, so Port 25 is always used."
We therefore don't recommend using Port 465.
What about Port 587 - The default for submission
Port 587 was introduced in RFC 2476 and was added to provide a dedicated port for SMTP submission as opposed to relay, which should continue to use Port 25. Coupled with STARTTLS, to enable encryption using TLS, this provides a secure method to allow submission of email that is normally available from ISPs and Hosting Providers.
Port 2525 - The Backup SMTP Port
Port 2525 is another port not officially recognised by IANA or the IETF. However, Port 2525 is outside the reserved range of ports, meaning it's free to be used as an SMTP submission port for email. For this reason many Email Service Providers (ESPs) support the use of 2525 as an additional 'backup' port. Again, STARTTLS allows this port to be encrypted with TLS.
How can you scan to find out what port an SMTP server is listening on?
The port number to use for SMTP communication depends on how the server is configured. The default configuration is usually 25 for relays but as we've seen both 587 and 2525 are also options.
If you want to know what port an SMTP server is listening on, you may see reference to tools such as the Nmap tool to scan and enumerate machines on a network. However, in many places unauthorized scanning of ports is illegal (for example in the U.S. and much of Europe).
Therefore, we recommend using a command like telnet or netcat to determine
if a server is listening on a given port and if you can reach it from your
current location:
$ telnet cloud1.cloudmailin.net 25
Trying 54.211.151.209...
Connected to cloud1.cloudmailin.net.
Escape character is '^\]'.
220 CloudMailin SMTP Server
If you see the code above then you've successfully managed to connect on Port 25. Alternatively, on Linux you can often use NetCat to do the same thing:
$ nc -vz cloud1.cloudmailin.net 587
Connection to cloud1.cloudmailin.net (54.211.151.209) 587 port \[tcp/smtp\] succeeded!
The above command uses -z to check if the port is available.
You can use the following to actually interact with the server:
$ nc -v cloud1.cloudmailin.net 25
Connection to cloud1.cloudmailin.net (54.211.151.209) 25 port [tcp/smtp] succeeded!
220 CloudMailin SMTP Server
Which port should I use to send email via SMTP?
So ultimately, which port should we use for sending email over SMTP from a website or API? Here's a quick summary:
| Port | Recommendation | Description | |
|---|---|---|---|
25 |
❌ | Leave this port for mail servers | Port 25 is often blocked by your internet provider and hosting companies. |
465 |
❌ | Don't use this | This port has been deprecated and shouldn't be used anymore. |
587 |
✅ | Use this to submit mail | This is the default port to submit mail from your website. |
2525 |
✅* | Use this if Port 587 isn't available. | This port is a good substitute if 587 isn't available. |
The best port to send email over SMTP is Port 587, the default submission port. If 587 is not available, we recommend using 2525 as a backup. We recommend that both of these ports should be used with STARTTLS to ensure that the connection is securely encrpyted with TLS.
What does CloudMailin support?
CloudMailin supports Ports 25, 587 and 2525 for both our outbound and inbound products. CloudMailin also supports sending email via HTTPS API (on Port 443 of course).
If you want to get started sending email give CloudMailin a try!
