What SMTP port should I use?
Is one SMTP port better than the other?
When configuring a mail system or an app, these are the most common questions people ask. You might see most people suggesting 25, 465, 587, or 2525 SMTP ports. But how do SMTP ports differ from one another in terms of functionality and email security? What is the best option to make your email connection secure?
Here is what you need to know about SMTP ports and how to utilise them to make your email connection secure.
What is an SMTP Port?
SMTP or Simple Mail Transfer Protocol is the process mail servers use to send messages over the Internet. Other applications such as Apple Mail or Outlook also use SMTP to exchange emails with other mail servers. Computer ports are synonymous with doors using which devices connect to the network and carry out electronic processes. Similarly, an SMTP port sends an email to its recipient through a network. It also refers to the part of the Internet address used for sending emails. Similar to other Internet protocols, SMTP also has multiple ports.
Which Port Does SMTP Use?
Port 25
Port 25 is the oldest standard SMTP port used primarily for SMTP relay. However, except for server-server SMTP relaying, you do not want to use port 25 as most residential ISPs, and cloud hosting providers block port 25 to prevent spamming.
Port 587
Port 587 is the default port used by modern email servers. While other ports are available, port 587 should be used as the default unless other ports are necessary due to specific reasons. Port 587 is also the most secure port for email delivery as it supports TLS — meaning you can encrypt your email before submitting it. It prevents any third party from reading your email content even if they intercept the channel.
Port 465
Port 465, which was initially registered for SMTPS or SMTP over SSL, was reassigned after a brief period of time and was later deprecated. Even though it is no longer an accepted standard, many ISPs and cloud hosting providers still support port 465 for SMTP submission.
Port 2525
Even though port 2525 is not an official SMTP port, many ISPs and cloud hosting providers use it as an alternative to port 587. Port 2525 is usually used in cases where port 587 is not available for reasons such as being blocked by certain ISPs or email service providers. Similar to port 587, port 2525 supports TLS encryption.
How to Find Out Your Current SMTP Port
To secure your email connection using ports, first, you need to find out what your current SMTP port is. You can find your configured SMTP port number within the config file under the “smtp-listener” directive in PowerMTA. Go to /etc/pmta/config on a Linux server and C:\pmta\config.dat on Windows Server to fetch the config file.
Which SMTP Port Should You Use For Email Security?
As mentioned previously, the default SMTP port 25 is widely used by cyberattackers for spreading malware and spam. Using port 25 increases the chances of your email ending up in your recipient’s spam folder. Additionally, it doesn’t offer any encryption, which means anyone intercepting the channel can read the content of your email.
Port 587 is the best choice for email security as the majority of email hosting servers support it, and it offers TLS encryption. It also improves email deliverability by reducing the rate of rejected messages. If port 587 is blocked due to technical reasons, port 2525 is a good alternative that offers similar benefits. Despite it not being an officially recognized SMTP port, most email service providers still support and use it. Port 2525 is also a good choice for email security as it provides SSL/TLS encryption.
So, how can you change your port number?
Simply open the configuration panel of the SMTP server. Locate the port section (set at 25 by default) and change it to either 587 or 2525. Click OK to complete the process.
Choosing a suitable SMTP port is essential in making email connections secure and improving email deliverability. Another important aspect of email security is to limit your email address visibility on the Internet. Typically, attackers collect email addresses when visible on the web, either on social networking sites or other spam lists. To mitigate the risks of cyberattacks and secure your email connection, you need to check the visibility of your email address.
To check your email address visibility, go to Sniff Email — an online platform dedicated to finding out if your email address exists on the Internet. Enter your email address in the search field and click fetch to find out if your email address exists on the web within a few seconds. Based on the results, you can take appropriate action to remove it.
Featured Photo by Taylor Vick on Unsplash