SMTP ports are network endpoints used for email submission or relay.

If you are choosing between , , , and , start with this practical rule:

  • + STARTTLS for most app senders
  • for implicit TLS when provider requires it
  • as fallback where supported
  • mainly for server-to-server relay

SMTP ports quick table

PortTypical roleEncryption modelApp submission default
Relay between serversOptional/variesNo
SubmissionImplicit TLSSometimes
SubmissionSTARTTLSYes
Alternate submissionProvider-specificFallback

Port-by-port guidance

Port 587

Best first choice for authenticated application submission.

Port 465

Use when provider expects TLS from first packet (implicit TLS).

Port 25

Use for relay scenarios, not typical app submission. Often blocked in cloud egress policies.

Port 2525

Useful alternate when is blocked and provider supports it.

TLS pairing rules

  • -> STARTTLS
  • -> implicit TLS
  • -> relay use, optional STARTTLS depending on peer policy

Mismatching TLS mode is a common cause of production send failures.

How to choose the right SMTP port

  1. Start with provider docs and choose recommended submission endpoint.
  2. Confirm required TLS model (STARTTLS vs implicit TLS).
  3. Validate auth behavior after transport setup.
  4. Validate receive-side outcomes before release.

Related references:

SMTP port troubleshooting checklist

Connection fails

Check network egress policy, endpoint host, and port accessibility.

AUTH fails only on one port

Verify TLS mode and AUTH order for that port.

Works locally but fails in production

Production often enforces stricter firewall/policy controls than local dev environments.

Production validation workflow

FAQ

What is the default SMTP port?

For authenticated client submission, is usually the default recommendation.

Is 465 still valid?

Yes. It is still widely used for implicit TLS submission.

Why is port 25 often blocked?

Many providers block outbound to reduce abuse and spam relay risk.

Next steps