Glossary · 3 min read

SMTP Ports Explained: 25, 465, 587, and 2525

Understand the four SMTP ports, when to use each one, the difference between STARTTLS and implicit TLS, and why ISPs block port 25.

SMTP Ports Explained: 25, 465, 587, and 2525

SMTP uses different ports depending on whether the connection is between mail servers, between a client and server, and whether encryption is required. Choosing the correct port is essential for reliable email delivery.

Port 25: Server-to-Server Relay

Port 25 is the original SMTP port, defined in RFC 5321, and remains the standard for MTA-to-MTA communication (server-to-server email relay).

  • When your outbound mail server delivers a message to the recipient's server, it connects to port 25 on the destination MX host.
  • Port 25 supports STARTTLS for opportunistic encryption, but encryption is not required by the protocol.
  • ISP blocking: Most residential and many business ISPs block outbound port 25 to prevent compromised machines from sending spam directly. This is why you cannot typically run a mail server from a home internet connection without special arrangements.

Port 25 should not be used for mail client submission. It is reserved for server-to-server traffic.

Port 587: Submission with STARTTLS

Port 587 is the standard mail submission port, defined in RFC 6409. This is the port your email client (Outlook, Thunderbird, Apple Mail) should use to send outgoing email.

  • Requires SMTP AUTH (authentication with username and password).
  • Requires STARTTLS to upgrade the connection to TLS encryption before credentials are transmitted.
  • This port separates authenticated user submission from unauthenticated relay traffic (port 25), making it easier to enforce security policies.

If you are configuring a mail client or application to send email, port 587 with STARTTLS is the correct choice in nearly all cases.

Port 465: Implicit TLS (SMTPS)

Port 465 has a complicated history. It was briefly assigned to SMTPS (SMTP over implicit SSL) in the 1990s, then reassigned to a different protocol. RFC 8314 (2018) officially reclaimed it for email submission over implicit TLS.

  • The TLS handshake occurs immediately upon connection (no STARTTLS upgrade step).
  • Requires authentication, like port 587.
  • Supported by most modern mail clients and providers.

The practical difference from port 587: on port 465, encryption starts before any SMTP commands are exchanged. On port 587, the connection starts in plaintext and upgrades via STARTTLS. Both achieve encryption, but port 465 eliminates the possibility of a downgrade attack.

Port 2525: Unofficial Alternative

Port 2525 is not defined in any RFC and is not an official SMTP port. It exists as a practical workaround when port 587 is blocked by a firewall or hosting provider.

  • Many cloud platforms (AWS, Google Cloud, Azure) restrict outbound port 25 and sometimes 587.
  • Email service providers like SendGrid, Mailgun, and Postmark accept connections on port 2525 as an alternative submission port.
  • Supports STARTTLS, just like port 587.

Use port 2525 only when 587 is unavailable. It is a convention, not a standard.

Port Summary

Port Purpose Encryption Authentication
25 Server-to-server relay Optional STARTTLS Not required
587 Client submission Required STARTTLS Required
465 Client submission Implicit TLS Required
2525 Alternative submission STARTTLS Required

Verifying Your Configuration

Incorrect port configuration is a common cause of email sending failures. Verify your domain's MX records and mail server availability with our MX lookup tool, and run a full domain analysis to confirm that your sending infrastructure is properly configured and authenticated.

Stay on top of your email infrastructure. Sign up for the InboxTooling newsletter for deliverability tips, tool updates, and best practices.

More glossary terms

DNS Ports Explained

Understand which network ports DNS uses, including port 53 for standard queries, port 443 for DNS over HTTPS, and port 853 for DNS over TLS.

DNS Record Types: A Complete Reference Guide

A technical reference for all major DNS record types including A, AAAA, MX, CNAME, TXT, NS, SOA, PTR, SRV, and CAA. Includes example values and use cases.

How Do IP Addresses Work?

Understand how IP addresses work, including IPv4 vs IPv6 formats, public vs private addresses, static vs dynamic assignment, NAT, and CIDR notation.

What Is DKIM (DomainKeys Identified Mail)?

Learn how DKIM uses cryptographic signatures to authenticate email, including selector records, public/private key pairs, and the verification process per RFC 6376.

What Is DMARC?

Understand DMARC, how it builds on SPF and DKIM with alignment checks, policy options (none, quarantine, reject), and aggregate vs forensic reporting per RFC 7489.

What Is DNS (Domain Name System)?

Learn how the Domain Name System works, including recursive and iterative queries, root servers, caching, and TTL values. A technical overview referencing RFC 1035.

What Is Secure DNS (DoH and DoT)?

Learn about secure DNS protocols including DNS over HTTPS, DNS over TLS, and DNSSEC. Understand why standard DNS is insecure and how to protect your queries.

What Is a Domain Name?

Learn what a domain name is, how domains map to IP addresses via DNS, the difference between TLD types, and how subdomains, URLs, and hostnames relate.

What Is a Gateway IP Address?

Learn what a gateway IP address is, how default gateways route traffic between networks, and how to find your gateway address on any operating system.

What Is a Reverse Lookup?

Understand reverse lookups including reverse DNS (PTR records), reverse IP lookups, and reverse email lookups. Learn how each works, common use cases, and limitations.

What Is a Reverse Proxy?

Learn how reverse proxies work, the difference between forward and reverse proxies, and common use cases including load balancing, SSL termination, and caching.

What Is an Email Bounce?

Understand email bounces, the difference between hard and soft bounces, common SMTP error codes, and how bounces affect sender reputation.

What Is an Email Domain Name?

Learn what an email domain is, how the @domain.com part of email addresses works with MX records to route messages, and the difference between free and custom email domains.

What Is an SMTP Server?

Learn how SMTP servers work, the difference between MTA, MSA, and MDA, and how email is delivered hop by hop using the SMTP protocol defined in RFC 5321.

What Is an SPF Record?

Understand SPF records, how they authorize email senders, the TXT record format, and how receivers evaluate SPF results including pass, fail, and softfail.

What Is an SSL Certificate?

Learn how SSL/TLS certificates encrypt internet traffic, how the chain of trust works, the difference between DV, OV, and EV certificates, and why TLS replaced SSL.