LiveChat 
Support 
SMTP Port Explained: 25, 587, 465, and Which One You Should Use
If your email client refuses to send mail, or you are wiring up an application to deliver transactional messages, the first setting you will be asked for is the SMTP port. It is also the setting most people get wrong. The confusion is understandable: there are four ports in common use, the documentation often disagrees, and one of them is deliberately blocked on most networks.
This guide cuts through that. We will define what SMTP is, explain what an SMTP port actually does, list every port you might encounter, and tell you precisely which one to use for sending mail from a client or app. By the end, the choice between port 587, port 465, and port 25 will be obvious rather than mysterious.
Key Takeaways
• SMTP (Simple Mail Transfer Protocol) is the protocol that sends and relays outgoing email between mail systems.
• An SMTP port is the numbered network channel your mail client or server connects to in order to hand off outgoing mail.
• Use port 587 with STARTTLS to send mail from an email client or application. It is the modern submission standard.
• Port 465 (implicit TLS/SSL) is a fully valid alternative and is widely supported again.
• Port 25 is for server-to-server relay only and is blocked for client connections on most networks to fight spam. Never configure a client to send on 25.
• Port 2525 is an unofficial fallback some providers offer when 587 and 465 are blocked.
What is SMTP and what does it actually do?
SMTP stands for Simple Mail Transfer Protocol. It is the standard, defined originally in the early internet RFCs and refined since, that governs how outgoing email moves from one place to another. Whenever you press send, SMTP is the protocol carrying that message off your device and toward the recipient.
It is important to be precise here, because email involves more than one protocol. SMTP handles sending and relaying outgoing mail. Retrieving mail that has already arrived in your mailbox is a separate job handled by IMAP or POP3. So when you set up an email account, you configure SMTP for the outbound path and a different protocol for the inbound path. If you want the full picture of the receiving side, see the companion piece on incoming mail protocols.
SMTP does its work in two distinct stages, and understanding that distinction is the single most useful thing you can learn about ports. First, your mail client or application submits your outgoing message to your own mail server. Second, that mail server relays the message across the internet to the recipient’s mail server. These are different jobs, and they use different ports.
What is an SMTP port?
A port is a numbered endpoint on a server that distinguishes one kind of network traffic from another. A single server has one IP address but can run dozens of services; ports are how it keeps web traffic, mail traffic, and everything else separated. When software connects to a server, it specifies both the address and the port so the server knows which service it wants.
An SMTP port is therefore the specific port number that an SMTP conversation uses. When you tell your email client to send on “port 587,” you are telling it to open a connection to your mail server on channel 587, where the SMTP submission service is listening. Pick the wrong number and the connection either fails outright or gets refused by the network in between.
The reason there are several SMTP ports rather than one is historical and functional: different ports were assigned for the relay job versus the submission job, and for encrypted versus plaintext connections. That is the whole source of the confusion, and it resolves the moment you map each port to its purpose.
What are the SMTP ports and which should you use?
Here is every SMTP port you are likely to meet, what each is for, and the practical verdict.
| Port | Purpose | Encryption | Use it? |
|---|---|---|---|
| 25 | Server-to-server mail relay | Optional/opportunistic | No, not from a client. Blocked on most networks. |
| 587 | Client submission (modern standard) | STARTTLS | Yes. This is the default choice. |
| 465 | Client submission (implicit TLS) | SSL/TLS from connect | Yes. Valid alternative to 587. |
| 2525 | Unofficial submission fallback | STARTTLS (usually) | Only if 587 and 465 are both blocked. |
Port 25 is the original SMTP port and remains the channel mail servers use to hand mail to one another across the internet. It is essential infrastructure, but it is not for you. Internet service providers routinely block outbound connections to port 25 from ordinary connections to fight spam, so a client configured to send on 25 will usually just hang and time out.
Port 587 is the modern standard for mail submission. This is the port your email client or application should use to hand your outgoing mail to your mail server. It expects authentication (username and password) and upgrades the connection to encryption using STARTTLS. When in doubt, this is the answer.
Port 465 was once deprecated, then reinstated, and is now firmly back as a valid submission port. It uses implicit TLS, meaning the connection is encrypted from the very first byte. Many providers and clients support it well, and it is a perfectly good choice, particularly if a network is interfering with port 587.
Port 2525 is not an official SMTP port, but a number some email providers expose as a last-resort fallback. If a restrictive network blocks both 587 and 465, port 2525 sometimes slips through. Treat it as a backup, not a primary.
Which SMTP port should you actually use?
For the overwhelming majority of cases, the rule is short:
- Sending from an email client or app? Use port 587 with STARTTLS and authentication. This is the right default.
- 587 not working or blocked? Use port 465 with SSL/TLS and authentication.
- Both blocked on a hostile network? Try port 2525 if your provider supports it.
- Never use port 25 from a client. It is the server’s door, not yours.
That is genuinely the whole decision. If you remember nothing else, configure 587, fall back to 465, and forget 25 exists for client purposes.
The confusion around SMTP ports dissolves the instant you separate two different jobs that happen to look the same. Port 25 is for server-to-server mail relay, where one mail server hands a message to another. Ports 587 and 465 are for client submission, where your app, your copy of Outlook, or your phone hands *your* outgoing mail to your mail server to send onward. ISPs block outbound port 25 from regular connections precisely because legitimate clients should never use it. Only spammers and misconfigured applications try to talk straight to the relay door. So the rule writes itself: sending from a client or app means port 587 (STARTTLS) or 465 (SSL) with authentication. Port 25 is not “broken” or “unfairly blocked.” You were simply knocking on the server’s door instead of the client’s.
Why is port 25 blocked for clients?
The blocking of outbound port 25 is one of the internet’s quieter but most effective anti-spam measures. In the early days, any infected machine on a home or office connection could open port 25 and blast mail directly to recipient servers worldwide, bypassing any legitimate mail server entirely. That made compromised consumer machines into ideal spam cannons.
The fix was simple and broad: network operators block outbound connections to port 25 from ordinary subscriber connections. Legitimate users lose nothing, because legitimate users never needed port 25 from their device. They submit mail to *their own* mail server on 587 or 465, and that authenticated, accountable mail server is the only thing that talks to the wider internet on 25.
This is why “my email won’t send and I’m using port 25” is such a common complaint, and why the fix is almost always “switch to 587.” The port was never meant for you, and the block is working as designed.
What is the difference between STARTTLS and implicit TLS?
Both port 587 and port 465 encrypt your connection. They just negotiate that encryption differently.
STARTTLS (port 587) begins as a plaintext connection and then issues a command to upgrade the session to encryption before any credentials or message content are exchanged. The word “STARTTLS” is literally the command that triggers the upgrade. Configured correctly, your client requires this upgrade, so nothing sensitive ever travels in the clear.
Implicit TLS (port 465) skips the negotiation. The connection is encrypted from the first byte, exactly like HTTPS. There is no plaintext phase at all.
In practice both are secure when configured properly. STARTTLS on 587 is the more common modern default; implicit TLS on 465 is equally legitimate. The one configuration to avoid is any setup that allows a plaintext fallback with no encryption at all. If your client offers options like “None,” “STARTTLS,” and “SSL/TLS,” choose STARTTLS for 587 or SSL/TLS for 465, never None.
How do you configure an email client to send mail?
Setting up outgoing mail in any client follows the same pattern, whether it is Outlook, Apple Mail, Thunderbird, or a phone. You will be asked for the same handful of values for the outgoing (SMTP) server.
| Setting | Recommended value |
|---|---|
| Outgoing server (SMTP host) | Provided by your email host, e.g. `mail.yourdomain.com` |
| Port | 587 (or 465 as alternative) |
| Encryption / security | STARTTLS for 587, SSL/TLS for 465 |
| Authentication | Required: yes |
| Username | Your full email address |
| Password | Your mailbox password |
The detail people most often miss is authentication. Modern submission requires it: your mail server will not relay mail for you unless you prove who you are with your mailbox credentials. If a client has an “outgoing server requires authentication” checkbox, it must be ticked. A full walkthrough for specific clients lives in the dedicated setup guide.
If you are configuring an application rather than a desktop client, the same values apply: SMTP host, port 587, STARTTLS, and authentication using the mailbox credentials. The concepts are identical; only the configuration screen changes. For a broader walkthrough of how the protocol behaves end to end, the SMTP explainer covers the full conversation.
How do you troubleshoot when email won’t send?
When outgoing mail fails, the cause is almost always one of three things, and they map directly to what this guide has covered.
Wrong port. If you are configured for port 25, that is your problem. Switch to 587 with STARTTLS. This single change resolves the largest share of “can’t send” complaints.
ISP or network blocking. If 587 also fails, you may be on a restrictive network that interferes with submission ports. Try 465 with SSL/TLS. If both fail and your provider offers it, try 2525. Testing on a different network, such as a mobile hotspot, quickly confirms whether the network itself is the culprit.
Authentication failure. If the connection succeeds but the server rejects your mail with an authentication error, check that “outgoing server requires authentication” is enabled, that the username is your full email address, and that the password is correct. Sending depends as much on getting mail accepted by your server as on it being delivered, and authentication is where accepted-versus-rejected is decided.
Getting your mail to *send* is only half the battle. Getting it to land in the inbox rather than spam depends on your domain’s authentication records, which is a separate topic worth understanding.
DarazHost business email and secure SMTP
DarazHost business email supports the correct, secure submission ports out of the box: 587 with STARTTLS and 465 with SSL/TLS, both requiring authentication, so your outgoing mail leaves your client or application encrypted and accountable. There is no need to wrestle with port 25 or guess at security settings.
Just as importantly, DarazHost configures proper SPF, DKIM, and DMARC for your domain, the authentication records that determine whether your mail lands in inboxes rather than spam folders. Sending securely and being delivered reliably are two different problems, and DarazHost handles both. Clear, copy-ready setup details for the outgoing server are provided for every mailbox, and 24/7 support is available to configure any client or app you use. For the wider context on running email on your own domain, see our complete guide to professional business email hosting.
Frequently asked questions
What is the best SMTP port to use? Port 587 with STARTTLS and authentication is the best default for sending mail from a client or application. It is the modern submission standard. Port 465 with SSL/TLS is an equally valid alternative if 587 is unavailable.
What is the difference between port 587 and port 465? Both are client submission ports and both are encrypted. Port 587 uses STARTTLS, upgrading an initially plaintext connection to encryption before any data is sent. Port 465 uses implicit TLS, encrypting the connection from the first byte. Either is fine when configured correctly.
Why is port 25 blocked? Internet service providers block outbound connections to port 25 from ordinary subscriber connections to stop spam. Port 25 is for server-to-server relay only. Legitimate clients submit mail on 587 or 465 instead, so the block affects only misconfigured apps and spammers.
Can I still use port 465? Yes. Port 465 was briefly deprecated years ago but has since been reinstated as a valid submission port using implicit TLS. It is widely supported and a perfectly good choice for sending mail.
What SMTP port number should I put in my email client? Enter 587 and set security to STARTTLS, with authentication enabled using your full email address and mailbox password. If that does not work on your network, try 587’s alternative, 465, with SSL/TLS.
