What’s the difference between ports 465 & 587?
It is a pretty common question that comes up when sending email, but to answer this question fully we need to know a little bit more.
SMTP stands for Simple Mail Transfer Protocol, and it is the protocol used to send email over the internet. It was originally proposed in August 1982 through RFC 821.
Internet services and ports
There are two groups responsible for regulating certain technologies and assignments.
- The Internet Assigned Number Authority (IANA) regulates three aspects of the internet; domain names, numbers resources, and protocol assignments.
- The Internet Engineering Task Force (IETF) publishes standards that enhance the functionality of the internet. The IETF makes recommendations in the form of RFCs, or Requests for Comments.
In this article, we will mainly focus on the RFCs surrounding SMTP, ports 465 and 587.
Early in 1997, a proposal was published for a new standard for sending SMTP messages encrypted. In order to accommodate this, the port number 465 with the service description SMTPS was registered with the IANA. Despite this, since this was only registered via IANA and not submitted as an RFC to the IETF, it was never fully approved as an encrypted port for SMTP. Similarly, the IETF standardised STARTTLS on port 587 as an encryption protocol for SMTP submissions that same year.
The default port for message submission has always been 587. It is believed that the confusion between ports 465 and 587 dates back to 1997, when the standard for encrypted transit was being discussed. The protocol that was finally chosen was STARTTLS. Using the same port, a user can send plaintext or upgrade their connection to TLS. For this reason, this approach is preferred.
TLS vs STARTTLS
TLS is referred to as Implicit TLS. Implicit TLS means that the initial connection is established using an SSL or TLS certificate.
STARTTLS, by contrast, starts as a plaintext conversation and, if possible, upgrades it to TLS. Since one port can handle both plaintext and TLS, this is the preferred method.
Port 465 is used for implicit TLS.
The connection must start with encrypted TLS. If this fails, the email sending process will fail.
Port 587 uses STARTTLS.
If possible, the connection will auto-negotiate to encrypted TLS. If this fails, the email sending process will fail back to pain text and send as normal.
Which is best?
When you can, use port 587. If you can’t, then use port 465. If you have no other options, then use port 25.