SMTP Port 587 vs 465: Which Port Should You Use?
Time to read:
SMTP Port 587 vs 465: Which Port Should You Use?
Confused about SMTP port 587 vs SMTP port 465? You're not alone. Choose the wrong port and you'll spend your afternoon troubleshooting authentication failures, bounced emails, and security vulnerabilities that could have been avoided with five minutes of reading.
Really, most developers just want their emails to send reliably and securely. The port you choose affects both, so let's cut through the port jargon and get you set up correctly.
TLDR: Use SMTP port 587
SMTP port 587 with StartTLS is your best bet. It's the current standard, widely supported, and handles both secure and non-secure connections gracefully. Port 465 works but comes with baggage. It was technically deprecated, then un-deprecated, creating confusion that persists today.
If you just need to configure your email client and move on with your life, use port 587 with StartTLS email encryption. Your emails will send, your security team won't complain, and you can focus on building features instead of debugging mail server configurations.
SMTP port 587 vs. port 465 head-to-head comparison
Different SMTP ports serve different purposes, and understanding when to use each one can save you from late-night debugging sessions.
Port | Purpose | Security | Status | When to Use |
587 | Message submission | StartTLS | Current standard | Default choice for most applications |
465 | Secure submission | Implicit TLS | Deprecated, then restored | When 587 is blocked or legacy systems |
25 | Server-to-server | None (usually) | Original standard | Only for server relay, not client submission |
2525 | Alternative submission | StartTLS | Unofficial workaround | When ISPs block other ports |
When to use SMTP port 587
Port 587 should be your default choice. It was designed for email client submission and supports StartTLS, which means connections start unencrypted and upgrade to secure as needed. This flexibility makes it work in more environments than port 465.
Use SMTP port 587 when:
Setting up email clients (Outlook, Thunderbird, mobile apps)
Configuring applications to send transactional emails
Working in corporate environments with standard firewall rules
You want maximum compatibility across email providers
Most email service providers (including Gmail, Outlook, and Twilio SendGrid) recommend port 587 as the primary choice for message submission. It requires authentication, supports encryption, and plays nicely with modern security standards.
When to use SMTP port 465
Port 465 uses implicit TLS, meaning the connection starts encrypted from the first packet. While this sounds more secure in theory, it's actually less flexible than StartTLS and can cause compatibility issues.
Use SMTP port 465 when:
Port 587 is blocked by your network or ISP
Working with legacy systems that specifically require implicit TLS
Your email provider doesn't support StartTLS on port 587 (rare)
You're maintaining existing configurations that already work
Port 465 has a complicated history, though. It was deprecated in favor of port 587, then restored years later due to widespread usage. This back-and-forth created confusion, but the port works fine for its intended purpose.
TLS vs StartTLS breakdown
The security difference between ports comes down to how encryption is handled:
StartTLS (Port 587):
Connection begins unencrypted
Client and server negotiate encryption upgrade
Falls back gracefully if TLS isn't available
More compatible across different network configurations
Implicit TLS (Port 465):
Connection starts encrypted immediately
No negotiation phase
Fails completely if TLS handshake fails
Can cause issues with some firewalls and proxies
StartTLS is generally preferred because it's more robust. If encryption isn't available, the connection can continue unencrypted (though you probably want to catch this in testing). With implicit TLS, no encryption means no connection at all.
SMTP port configuration examples
Gmail SMTP settings
Server: smtp.gmail.com
Port: 587 (recommended) or 465
Security: StartTLS (587) or SSL/TLS (465)
Authentication: Required
Outlook SMTP settings
Server: smtp-mail.outlook.com
Port: 587
Security: StartTLS
Authentication: Required
Twilio SendGrid SMTP settings
Server: smtp.sendgrid.net
Port: 587 (recommended), 465, or 2525
Security: StartTLS (587, 2525) or SSL/TLS (465)
Authentication: API key required
What about port 25 and port 2525?
Port 25 is the original SMTP port for server-to-server communication. Don't use it for client applications. Most ISPs block it to prevent spam, and it doesn't require authentication by default.
Port 2525 is an unofficial alternative that many email service providers support when standard ports are blocked. It works exactly like port 587 but on a different number. Think of it as port 587's backup plan.
Frequently asked questions
Q: Which SMTP port is most secure?
A: Both port 587 with StartTLS and port 465 with SSL/TLS are equally secure when properly configured. The difference is in how encryption is established, not the level of security provided.
Q: Why do some guides recommend port 465 over 587?
A: Usually due to outdated information or specific compatibility requirements. Port 587 is the current standard and should be your first choice unless you have a specific reason to use port 465.
Q: Can I use port 25 for sending emails?
A: Not recommended for client applications. Port 25 is for server-to-server relay and many ISPs block it. Use port 587 or port 465 instead.
Q: What if my ISP blocks all SMTP ports?
A: Try port 2525, which many email providers support as an alternative. If that doesn't work, you may need to use your ISP's SMTP server or switch to an API-based email service.
Q: Do I need different ports for sending vs receiving?
A: Yes. These ports are only for sending (SMTP). Receiving email uses different protocols and ports: POP3 (port 110/995) or IMAP (port 143/993).
Getting started with SMTP ports
Use port 587 with StartTLS for new configurations. It's the current standard, widely supported, and designed for client email submission. Fall back to port 465 if you encounter compatibility issues, and avoid port 25 for client applications entirely.
The port you choose matters less than double-checking proper authentication and encryption are configured. A misconfigured secure port is less secure than a properly configured standard port.
Ready to start sending emails through Twilio SendGrid? Sign up for a free account and get 100 emails per day with full access to our SMTP service and delivery optimization tools.
Related Posts
Related Resources
Twilio Docs
From APIs to SDKs to sample apps
API reference documentation, SDKs, helper libraries, quickstarts, and tutorials for your language and platform.
Resource Center
The latest ebooks, industry reports, and webinars
Learn from customer engagement experts to improve your own communication.
Ahoy
Twilio's developer community hub
Best practices, code samples, and inspiration to build communications and digital engagement experiences.