Common SMTP Ports
Port 25 — Original SMTP. Used for server-to-server (MTA) mail relay. Blocked by most ISPs and cloud providers for outbound use (anti-spam). Usually no authentication.
Port 465 — SMTPS (SMTP over implicit SSL). Deprecated by RFC but still widely used by hosting providers and ISPs for client submission. TLS starts immediately.
Port 587 — SMTP Submission (RFC 6409). The recommended port for client mail submission. Uses STARTTLS to upgrade to TLS. Requires authentication (SASL).
Port 2525 — Alternative submission port. Not an official standard but used by some providers when 587 is blocked.
TLS Modes
Plain (no TLS) — Connection is unencrypted. Credentials and messages are sent in the clear. Never use this over the public internet.
SSL/TLS (implicit) — TLS is established immediately on connect. Used on port 465.
STARTTLS (explicit) — Connection starts plain, then upgrades to TLS after the server advertises STARTTLS in EHLO response. Standard for port 587 and common on port 25.
Reading EHLO Response
After connecting, send EHLO hostname — the server replies with a list of supported extensions. Key ones to look for:
250-STARTTLS — Server supports TLS upgrade.
250-AUTH LOGIN PLAIN — Supported authentication methods.
250-SIZE 52428800 — Maximum message size (bytes).
250-8BITMIME — Supports 8-bit MIME content.
250-PIPELINING — Can accept multiple commands at once (faster).