ONLINE
Bento

Choosing the Right SMTP Port: Port 25, 465, 587 Explained

By TanukiFebruary 14, 202510 min read

Three ports handle email sending: 25, 465, and 587. Each works differently. Pick the wrong one, and your emails get blocked or fail to send. Pick the right one, and everything works smoothly.

Many developers hit this problem when setting up email for the first time. You configure everything correctly, but emails won't send. The culprit? You're using port 25, which your ISP blocks. Switch to port 587, and suddenly it works.

This guide explains which SMTP port to use, why it matters, and how to configure it properly. If you'd rather not worry about any of this and you'd prefer to send transactional and marketing emails without needing a PhD in email infrastructure, just use Bento.

TL;DR: Quick SMTP Port Reference

Port 587 (Use This One):

  • What it is: SMTP with STARTTLS encryption
  • When to use: Sending emails from apps, websites, or email clients
  • Encryption: Starts plain, upgrades to encrypted (STARTTLS)
  • ISP blocking: Works everywhere

Port 465 (Also Good):

  • What it is: SMTP with immediate SSL/TLS
  • When to use: When you need encryption from the start
  • Encryption: Always encrypted (SSL/TLS)
  • ISP blocking: Works everywhere

Port 25 (Usually Won't Work):

  • What it is: Original SMTP port
  • When to use: Only for server-to-server mail relay
  • Encryption: None by default
  • ISP blocking: Blocked by most ISPs

Quick tip: Use port 587 for almost everything. If that doesn't work, try 465. Avoid port 25 unless you're running a mail server.

For SMTP basics, see our everything about SMTP guide. For service comparisons, check best SMTP email services.

What Are SMTP Ports?

Think of SMTP ports like different doors into a mail server. Each door has its own rules about who can enter and what security checks they need to pass.

Your email client or application knocks on one of these doors when it wants to send mail. The port you choose determines whether you need a special key (encryption), whether the door is even open (ISP blocking), and what kind of mail you're allowed to send.

The three main ports serve different purposes. Port 25 was the original door, built when the internet was smaller and spam wasn't a problem. Port 465 and 587 came later, adding security features to protect against spam and eavesdropping.

Port 587: SMTP with STARTTLS (Your Best Bet)

Port 587 is the standard for sending emails from applications and email clients. Almost every email service supports it, and it works reliably across different networks.

Here's how port 587 works: Your email client connects to the server using a regular connection. Then it asks "Hey, can we encrypt this?" The server says yes, and they switch to an encrypted connection. This two-step process is called STARTTLS.

The beauty of STARTTLS is flexibility. If a server doesn't support encryption (rare these days), the connection can still work unencrypted. But modern servers always upgrade to encryption, keeping your emails secure.

Port 587 became the standard because it solved a real problem. ISPs were blocking port 25 to stop spam, but people still needed to send legitimate emails. Port 587 gave them a dedicated port for email submission that ISPs don't block.

Gmail, Outlook, Yahoo, and virtually every major email provider uses port 587 as their primary submission port. When you configure email in Thunderbird, Apple Mail, or any email client, it defaults to port 587 for sending mail.

Port 465: SMTP over SSL/TLS (Encrypted from the Start)

Port 465 takes a different approach to security. Instead of starting unencrypted and upgrading, it requires encryption from the very first byte. The entire conversation between client and server happens inside an encrypted tunnel.

This port has an interesting history. It was officially assigned for SMTPS (SMTP over SSL) in 1997, then revoked in 1998 in favor of STARTTLS on port 587. But email providers kept using it anyway. In 2018, the IANA officially re-assigned port 465 for "submissions" (email submission with implicit TLS).

Today, port 465 is just as valid as port 587. Microsoft uses it for Outlook.com. Google supports it for Gmail. Most modern email services offer both ports.

Some developers prefer port 465 because the encryption is simpler. There's no STARTTLS negotiation to worry about. The connection is either encrypted or it fails. This makes debugging easier and ensures encryption is always used.

The main limitation is compatibility with very old email servers that don't support implicit TLS. But if you're connecting to any mainstream email service, port 465 works perfectly.

Port 25: Standard SMTP (The Original Port)

Port 25 is the granddaddy of SMTP ports, defined in the original 1982 specification. It was designed for one purpose: moving mail between mail servers.

When someone@gmail.com emails someone@yahoo.com, Gmail's servers connect to Yahoo's servers on port 25 to deliver the message. This server-to-server communication is what port 25 was built for, and it still handles billions of messages every day.

But here's the catch: port 25 was never meant for regular users or applications to submit email. It was designed for mail servers talking to each other. When spammers figured out they could connect directly to port 25 and send spam, ISPs started blocking it.

Today, most home and office internet connections can't reach port 25 on external servers. Comcast, AT&T, Verizon, and most ISPs block it completely. Even if your ISP doesn't block it, many email services refuse connections from residential IP addresses on port 25.

You only need port 25 if you're running your own mail server that receives email from other servers. For sending email from applications or email clients, port 25 is effectively dead.

How to Choose the Right SMTP Port

Picking an SMTP port is simple once you know what you're building.

For 99% of use cases, start with port 587. It works with every major email service, passes through firewalls, and handles encryption properly. If your email service specifically tells you to use port 465, use that instead. Both are equally secure and reliable.

Only consider port 25 if you're building infrastructure that receives email from other mail servers. Even then, you'll still use port 587 or 465 when your server needs to send outbound mail through a relay service.

Some legacy applications only support specific ports. Old versions of Microsoft Exchange might require port 25. Some embedded systems only know port 465. In these cases, use what works. But for new development, stick with port 587.

Common SMTP Port Configurations

Here's how major providers configure their SMTP ports. Notice the pattern: everyone supports port 587, most support port 465, and nobody recommends port 25 for client connections.

Gmail (Google Workspace):

  • Server: smtp.gmail.com
  • Port: 587 (recommended) or 465
  • Encryption: STARTTLS (port 587) or SSL/TLS (port 465)
  • Authentication: OAuth2 or app-specific password

Microsoft 365 / Outlook.com:

  • Server: smtp.office365.com or smtp-mail.outlook.com
  • Port: 587
  • Encryption: STARTTLS
  • Authentication: Modern authentication (OAuth2) preferred

SendGrid:

  • Server: smtp.sendgrid.net
  • Port: 587, 465, or 25 (not recommended)
  • Encryption: TLS required on all ports
  • Authentication: API key as password

Amazon SES:

  • Server: email-smtp.[region].amazonaws.com
  • Port: 587, 465, 25, or 2587
  • Encryption: STARTTLS (587) or TLS Wrapper (465)
  • Authentication: IAM credentials

Notice how providers offer multiple ports but always recommend 587. They support other ports for compatibility, not because they're better options.

Debugging SMTP Port Problems

When email won't send, the port is often the problem. Here's how to diagnose port issues quickly.

First, test if you can reach the SMTP server. Use telnet or nc (netcat) to check connectivity. If you can't connect, either the port is blocked or the server is down.

# Test port 587 connectivity
telnet smtp.gmail.com 587

# Or using netcat
nc -zv smtp.gmail.com 587

If the connection times out, your network is blocking that port. This happens often with port 25 on home and office networks. Try port 587 or 465 instead.

Connection refused means the server isn't listening on that port. Double-check the server address and port number. Make sure you're using the right combination.

If you connect but get authentication errors, the port is working fine. The problem is with your credentials or authentication method. Modern services often require app-specific passwords or OAuth2 tokens instead of regular passwords.

Encryption mismatches cause subtle problems. Port 587 expects STARTTLS. Port 465 expects immediate SSL/TLS. Using the wrong encryption method creates confusing error messages. Match your client's encryption setting to what the port expects.

Firewall rules can block specific ports. Corporate networks often block port 25 and sometimes port 465. Port 587 usually gets through because it's the standard submission port. If you control the firewall, open the ports you need. If not, use whatever port works.

Security Considerations for SMTP Ports

All three SMTP ports can be secure, but they handle security differently.

Port 587 with STARTTLS starts unencrypted, then upgrades to encryption. This creates a brief window where an attacker could theoretically prevent the upgrade (called a STARTTLS downgrade attack). In practice, modern email servers require STARTTLS, making this attack ineffective.

Port 465 doesn't have this theoretical vulnerability because encryption starts immediately. But it's not inherently more secure than properly configured STARTTLS. Both provide the same level of encryption once the secure connection is established.

Port 25 usually runs without encryption for server-to-server mail delivery. Servers can use STARTTLS on port 25, but many don't. This is slowly changing as email providers push for universal encryption.

Authentication is separate from port choice. All three ports support the same authentication methods: plain passwords, OAuth2, API keys, client certificates. The port doesn't determine authentication strength.

For maximum security, use port 587 or 465 with strong authentication. Enable two-factor authentication on your email account. Use app-specific passwords or API keys instead of your main password. Monitor your SMTP logs for unauthorized access attempts.

Where Bento Fits: SMTP Port Support

If you need SMTP access for your application, Bento provides it with both port 587 and port 465 support. You get standard SMTP credentials plus the deliverability infrastructure to ensure your emails actually reach inboxes.

The platform includes authentication setup (SPF, DKIM, DMARC), reputation monitoring, and send rate controls. These features come standard, not as expensive add-ons. Your SMTP-sent emails benefit from the same deliverability infrastructure as emails sent through the API.

Bento works well when you need reliable SMTP sending with port 587 or 465, want deliverability features included in the base price, and care about inbox placement for your transactional or marketing emails.

Other services might fit better if you need port 25 for receiving inbound email, require extremely high volumes (millions per day), or want the absolute lowest price regardless of deliverability.

Start Sending with the Right Port

Getting SMTP ports right is straightforward. Use port 587 for sending email from applications and clients. Test your connection before going to production. Monitor your email delivery to catch problems early.

Most SMTP port problems have simple solutions. Wrong port? Switch to 587. Port blocked? Try 465. Still having issues? Check your encryption settings and credentials.

Pick port 587, configure your authentication, and start sending. It really is that simple.

Enjoyed this article?

Get more email marketing tips delivered to your inbox. Join 4,000+ marketers.

No spam, unsubscribe anytime.

Keep Reading

Broadcast Email Best Practices: How to Email Every Day Without Annoying Your Subscribers
Tanuki
Tanuki
How to Personalize Your Website with RightMessage + Bento
Jesse Hanley
Jesse Hanley
Transactional vs Marketing Email: Key Differences Explained
Anja
Anja

Ready to try better email marketing?

Start your 30-day free trial. Cancel anytime.

Free30-day trial·No credit card required·Book a demo