If your team is asking which SMTP port should I use, choose based on submission mode and provider requirements.
Decision framework
- Start with
587for authenticated submission with STARTTLS. - Use
465only if provider requires implicit TLS. - Use
2525as fallback if587is blocked and provider supports alternate submission. - Reserve
25mostly for server-to-server relay scenarios.
Port decision matrix
| Port | Use when | Avoid when |
|---|---|---|
587 | Standard app submission with auth | Provider does not support STARTTLS |
465 | Provider requires implicit TLS | You are configured for STARTTLS only |
2525 | Alternate submission route needed | Provider does not support this port |
25 | Relay between MTAs | App-level submission in restricted networks |
Common failure patterns by port
587 misconfigured as implicit TLS
If you treat 587 as implicit TLS instead of STARTTLS, handshakes can fail.
465 used with STARTTLS assumptions
465 generally expects TLS from connection start.
25 blocked in cloud environments
Many cloud providers restrict or throttle outbound 25 traffic for abuse prevention.
Security checks to run with port selection
- verify auth mechanism support
- verify TLS mode and certificate behavior
- verify sender-domain alignment (SPF, DKIM, DMARC)
References:
Validate real outcomes before release
A working SMTP handshake is not enough. Validate inbox outcomes and message quality.
Use:
FAQ
Which SMTP port is most commonly recommended?
Port 587 with STARTTLS for authenticated submission.
Should I still support port 465?
Support it if your provider or customer environments require implicit TLS.
Why are there multiple SMTP ports?
Different ports support different transport modes and operational contexts (submission vs relay).