- HOME
- Deliverability
- A complete guide to SMTP ports (2026)
A complete guide to SMTP ports (2026)
- Published : May 25, 2026
- Last Updated : May 25, 2026
- 3 Views
- 7 Min Read
SMTP stands for Simple Mail Transfer Protocol. It's the standard communication protocol used to send and transmit email messages across the internet.
Think of SMTP as the "postal service" of the internet. When you send an email, SMTP is the set of rules and procedures that governs how that message gets picked up from your mail client and delivered to the recipient's mail server.
When you hit "Send" on an email:
Your email client (e.g., Gmail, Outlook) connects to an SMTP server.
The SMTP server authenticates your credentials.
It relays the message to the recipient's mail server.
The recipient then retrieves the email using a different protocol, either IMAP or POP3.
What are SMTP ports?
When you hit "Send" on an email, a lot happens behind the scenes. Your email client hands off the message to a mail server using SMTP. But just like a building has multiple doors for different purposes, a mail server has multiple SMTP ports, each designed for a specific type of email communication.
A port is a virtual endpoint that determines how data flows between two systems. SMTP ports tell the server exactly what kind of connection is being made, like whether it's a server-to-server relay, an authenticated client submission, or a secure encrypted transfer.
Understanding SMTP ports is essential for developers, system administrators, and anyone configuring email infrastructure. The wrong port can result in blocked emails, failed authentication, or security vulnerabilities.
A brief history of SMTP
SMTP was first defined in 1982, when the internet was a much simpler place. Back then, email security wasn't a concern, and port 25 was established as the universal standard for all mail transfer.
Over time, as spam and cyberattacks grew, the email ecosystem evolved. New ports were introduced to separate server-to-server communication from client-to-server submission, and encryption became a standard requirement. Today, understanding the history of SMTP ports helps explain why multiple ports exist and why some are deprecated while others are preferred.
Common SMTP ports explained
1. Port 25: The original SMTP port
Port 25 is the oldest and most well-known SMTP port. Defined in the original SMTP specification, it was designed for server-to-server (MTA-to-MTA) email relay; that is, communication between mail transfer agents.
Key characteristics:
Used for server-to-server email relay.
Does not require authentication by default.
Rarely supports encryption natively.
Widely blocked by ISPs to prevent spam.
Should you use Port 25?
For most users and developers, the answer is no. ISPs block outbound connections on port 25 from residential and many business networks to combat spam. However, it remains the standard port for communication between mail servers (MTAs). If you're running your own mail server in a data center environment, port 25 may still be relevant for receiving inbound email.
2. Port 465: SMTPS
Port 465 was originally assigned for SMTPS (SMTP over SSL) in the late 1990s. It was designed to offer an encrypted alternative to the plaintext port 25. However, in 1998, the IANA (Internet Assigned Numbers Authority) reassigned port 465 for a different service, making its use for SMTP technically unofficial. The recommended replacement was STARTTLS over port 587.
Despite being technically deprecated for SMTP, port 465 is even now considered the default port for encrypted email transmissions using SMTPS, and some major providers like Gmail recommend it alongside port 587.
Key characteristics:
Uses implicit SSL/TLS encryption (connection is encrypted from the start).
Requires authentication.
Deprecated by IANA but still supported by major providers.
Fast connection setup due to immediate encryption.
Should you use Port 465?
If your email service provider supports it and you need implicit TLS, port 465 is a reasonable choice. Many modern guides recommend it alongside port 587, especially when implicit TLS is preferred over STARTTLS.
3. Port 587: The modern standard
Port 587 is the current recommended standard for email client submission, as defined by RFC 2476 and later RFC 5321. It was specifically created to separate the act of submitting email (client to server) from relaying email (server to server).
Port 587 uses STARTTLS, which means the connection begins unencrypted and then upgrades to TLS encryption before any authentication or message data is transmitted.
Key characteristics:
The official IETF-recommended port for mail submission.
Uses STARTTLS for opportunistic encryption.
Requires SMTP authentication (username and password).
Supported by virtually all email providers and clients.
Not typically blocked by ISPs.
Should you use Port 587?
Yes, for nearly all use cases involving sending email from an application, email client, or transactional email service, port 587 is the best choice. It balances security, compatibility, and deliverability.
4. Port 2525: The alternative submission post
Port 2525 is not an official IETF standard, but it has become a popular alternative to port 587 among email service providers. It was introduced as a workaround for environments where port 587 is blocked by firewalls or network policies.
Key characteristics:
Not an official IETF standard
Often used as a fallback when 587 is blocked
Supports STARTTLS
Requires authentication
Commonly offered by providers like SendGrid, Mailgun, and Twilio
Should you use Port 2525?
Use it as a fallback. If your hosting environment or corporate firewall blocks port 587, port 2525 is a reliable alternative that most major ESPs (Email Service Providers) support.
SMTP Port Comparison Table
Port | Protocol | Encryption | Use Case | Status |
|---|---|---|---|---|
25 | SMTP | None / STARTTLS | Server-to-server relay | Active (often blocked by ISPs) |
465 | SMTPS | Implicit SSL/TLS | Authenticated client submission | Deprecated but widely used |
587 | SMTP | STARTTLS | Authenticated client submission | Recommended |
2525 | SMTP | STARTTLS | Alternative submission port | Non-standard but popular |
SMTP encryption: STARTTLS vs. Implicit TLS (SSL)
Understanding encryption helps you understand the level of encryption that your email requires. This is key to choosing the right SMTP port.
STARTTLS (Opportunistic TLS)
STARTTLS is an email protocol command that upgrades a plaintext connection to an encrypted one. The connection starts on a standard, unencrypted channel, and then both parties negotiate TLS before any sensitive data (like login credentials or message content) is sent.
In simple terms, say you and your friend in a crowded coffee shop wish to have a private conversation. You lean over and whisper loudly, "Hey, should we go somewhere more private?" The other person says "Sure!" and then you both step outside into a private room to continue the private part of the conversation. While the conversation itself is still private, the initial interaction isn't.
In summary,
Used by: Port 587, Port 25 (optionally), Port 2525
Pros: Widely compatible and flexible.
Cons: Vulnerable to "downgrade attacks" if not properly enforced. A downgrade attack is when a bad actor tricks two parties into using a weaker, less secure version of a communication method than they're both capable of, without either party realizing it happened. This is possible because the interaction is not encrypted from the first instance.
Implicit TLS (SSL/TLS from the Start)
Implicit TLS means the connection is encrypted from the very first byte. There is no initial plaintext negotiation — the client and server jump straight into a TLS handshake.
Going back to the coffee shop analogy, implicit TLS is like you and your friend immediately stepping into a private room to begin your conversation even without the initial whisper or interaction. Here, every part of the conversation from the first instance is private and encrypted.
In summary,
Used by: Port 465
Pros: More secure by design, no risk of downgrade attack.
Cons: Less universally supported in older softwares and systems.
Best practice: Regardless of the method, always ensure your SMTP connection uses TLS encryption. Sending email over an unencrypted connection exposes credentials and message content to interception.
Which SMTP port should you use?
Here's a simple cheat sheet:
Situation | Use This |
|---|---|
Setting up an email client (Outlook, Thunderbird, Apple Mail) | Port 587 (STARTTLS) — most compatible, works everywhere |
Your email provider specifically offers or recommends SSL/TLS | Port 465 (Implicit TLS) — go for it |
Sending email from an app or website you're building | Port 587 as your first try |
Port 587 is blocked on your network | Try Port 465, then Port 2525 |
You want maximum theoretical security | Port 465 (Implicit TLS) |
Common SMTP port issues and how to fix them
1. Connection timeout on Port 25
Cause: Your ISP or hosting provider blocks outbound port 25 traffic.
Fix: Switch to port 587 or 465. Contact your host if you need port 25 for server-to-server relay.
2. Authentication failure
Cause: Wrong credentials, or the mail server requires authentication and it's not configured.
Fix: Double-check your SMTP username and password. Ensure AUTH LOGIN or AUTH PLAIN is enabled in your SMTP client configuration.
3. SSL certificate errors
Cause: Mismatched certificate, expired certificate, or using the wrong port for your chosen encryption method.
Fix: Verify that your SMTP server's SSL certificate is valid. Make sure you're using port 465 for implicit TLS and 587 for STARTTLS, not vice versa.
4. Emails landing in spam
Cause: Often unrelated to port selection, but sending from an unauthenticated server can contribute.
Fix: Ensure you're using an authenticated port (587 or 465), and configure SPF, DKIM, and DMARC records for your domain.
SMTP Ports and email deliverability
Choosing the right SMTP port is one piece of the deliverability puzzle. For optimal inbox placement:
Always use authentication: Ports 587 and 465 require it, which is a good thing. Authenticated sends are trusted more by receiving servers.
Use encryption: Emails sent over unencrypted connections may be flagged or rejected by modern mail servers.
Set up SPF, DKIM, and DMARC: These DNS records verify your sender identity and work alongside SMTP authentication.
Use a reputable ESP: Services like Zoho ZeptoMail manage IP reputation and handle SMTP configuration for you.
Avoid port 25 for client sends: It's associated with spam and is blocked in most consumer and cloud environments.
Wrapping up
SMTP ports are a foundational element of email infrastructure. While the landscape of ports has evolved over four decades—from the original port 25 to the modern, secure port 587—understanding each port's purpose, encryption method, and appropriate use case is essential for anyone building or managing email systems.
By choosing the right port and pairing it with proper authentication and encryption, you set the foundation for reliable, secure, and deliverable email communication.
