How to Choose the Right SMTP Port: A Complete Guide to 25, 465, 587, and 2525
Bulk Mail Verifier
Back to all articles
Email MarketingEmail SecurityDeliverabilityEmail Verification

How to Choose the Right SMTP Port: A Complete Guide to 25, 465, 587, and 2525

The SMTP port you choose affects whether your emails are delivered, blocked, or rejected. Here's a complete guide to SMTP ports 25, 465, 587, and 2525 — when to use each, and how they affect deliverability and security.

Published
July 17, 2023
Updated
April 1, 2026

Published by

Bulk Mail Verifier

Bulk Mail Verifier

Tools and insights for cleaner lists and better sending reputation.

Reading lane

Practical workflows for verification, deliverability, and outreach teams that want fewer bounces and cleaner campaign data.

Try the verifier
How to Choose the Right SMTP Port: A Complete Guide to 25, 465, 587, and 2525
Bulk Mail Verifier Blog Updated April 1, 2026

What Is an SMTP Port and Why Does It Matter?

SMTP (Simple Mail Transfer Protocol) is the standard protocol for sending email across the internet. When your email client or application sends an email, it connects to an SMTP server using a specific port number. The port tells the server what kind of connection to expect — unencrypted, encrypted, authenticated, or relayed.

Choosing the wrong SMTP port is a common source of email deliverability problems. A port that's blocked by your ISP or hosting provider means your emails never leave your server. A port that doesn't support TLS encryption means your emails travel in plaintext, creating security vulnerabilities. A misconfigured port can result in authentication failures that cause emails to land in spam or bounce entirely.

This guide covers the four SMTP ports you'll encounter — 25, 465, 587, and 2525 — when each is appropriate, and how to configure your email setup correctly.

How SMTP Email Transmission Works

Before diving into specific ports, it helps to understand the two stages of SMTP transmission:

Submission: The process of your email client or application sending an email to your outgoing mail server. This is the stage relevant to most email users and developers — when you click "Send," your client submits the email to your SMTP server.

Relay: The process of mail servers transferring messages between each other to deliver the email to its final destination. This happens behind the scenes, typically over port 25.

When configuring an email client, email marketing platform, or transactional email service, you're almost always configuring the submission port — not the relay port.

SMTP Port 25: The Original Standard

Port 25 was established as the default SMTP port in 1982, when the internet was a trusted academic network and spam didn't exist as a problem. It was designed for server-to-server relay — transferring messages between mail servers.

Current Status: Largely Blocked

Today, port 25 is blocked by the vast majority of ISPs, cloud hosting providers (AWS, Google Cloud, Azure), and corporate networks. The reason: port 25 became the primary vector for spam and malware distribution, so blocking it became standard security practice.

Who blocks port 25:

  • Virtually all residential ISPs (Comcast, AT&T, Verizon, etc.)
  • Most cloud providers by default (AWS blocks outbound port 25 unless explicitly requested)
  • Corporate firewalls and managed networks

When Port 25 Is Still Used

Port 25 remains in use for server-to-server relay — when one mail server transfers a message to another. This happens inside data centers and between mail servers where ISP blocking doesn't apply. If you're operating your own mail server (not a hosted email service), server-to-server relay still uses port 25.

Should you use port 25 for email submission? No. If you're configuring an email client, email marketing platform, or application to send emails, avoid port 25. Use 587 instead.

SMTP Port 465: The Legacy SSL Port

Port 465 has an unusual history. It was originally assigned by IANA (Internet Assigned Numbers Authority) in 1998 for SMTPS — SMTP over SSL. It was later revoked and reassigned, but many email providers and clients had already implemented it. As a result, it continued to be used despite no longer having official IANA assignment.

Current Status: Legacy, Still Supported by Many Providers

Port 465 is now considered deprecated by the IETF (Internet Engineering Task Force), which recommends port 587 with STARTTLS instead. However, many email providers — including Gmail — still support port 465 for backward compatibility.

Connection model: Port 465 uses implicit SSL — the connection is encrypted from the moment it's established. This differs from port 587's STARTTLS approach, which starts as a plaintext connection and upgrades to encrypted.

When Port 465 Might Be Used

  • When your email client or application requires implicit SSL and doesn't support STARTTLS
  • When connecting to a provider that requires port 465 specifically
  • For legacy systems that were built before port 587 became the standard

Should you use port 465? Use it only if your email provider requires it or if you're maintaining a legacy system. For new configurations, port 587 is preferred.

SMTP Port 587: The Modern Standard for Email Submission

Port 587 is the current recommended standard for email message submission. It was specifically designated by IANA for "Message Submission" — the process of submitting email from a client to a mail server.

Why Port 587 Is the Preferred Choice

Not blocked by ISPs: Unlike port 25, port 587 is not commonly blocked by residential ISPs or cloud providers. It's designed for client-to-server submission and treated accordingly.

STARTTLS support: Port 587 uses STARTTLS, which upgrades a plaintext connection to TLS encryption after initial connection. This provides security without the compatibility issues of implicit SSL.

Authentication required: Port 587 requires SMTP authentication (username and password), which prevents unauthorized use and helps establish sender identity.

Wide ESP support: Every major email marketing platform and transactional email service (Mailchimp, SendGrid, Postmark, AWS SES, Mailgun) supports port 587.

How to Configure Port 587

When setting up an email client, transactional email service, or SMTP relay, use:

  • Port: 587
  • Security: STARTTLS
  • Authentication: Required (username + password or API key)

Example for Gmail SMTP:

  • SMTP server: smtp.gmail.com
  • Port: 587
  • Security: STARTTLS
  • Username: your Gmail address
  • Password: App-specific password (not your regular Gmail password)

Port 587 for Email Marketing Platforms

If you're using a dedicated Email Service Provider (SendGrid, Mailchimp, Postmark, Amazon SES), their documentation specifies port 587 for SMTP relay. Follow their specific configuration instructions — the SMTP hostname, authentication credentials, and any platform-specific settings vary.

SMTP Port 2525: The Reliable Alternative

Port 2525 is not an officially assigned SMTP port, but it has become a widely used alternative when port 587 is blocked or unavailable. Many ESPs and transactional email services support it as a fallback option.

When Port 2525 Is Useful

  • Some corporate or campus networks block port 587 in addition to port 25
  • Cloud environments where both 25 and 587 are restricted
  • Testing environments where standard ports are unavailable

How Port 2525 Compares to 587

Port 2525 supports TLS encryption and authentication — functionally similar to port 587 in most configurations. The key difference is that it's not an officially standardized port, so not every provider supports it. Check your ESP's documentation to confirm whether they support port 2525.

Port Comparison Summary

Port Purpose Encryption ISP Blocking Risk Status
25 Server-to-server relay Optional High (usually blocked) Use for relay only
465 Legacy SSL submission Implicit SSL Low Deprecated, still works
587 Modern email submission STARTTLS Low Recommended
2525 Alternative submission TLS Low Unofficial fallback

The simple rule: Use port 587 for almost everything. Fall back to port 2525 if 587 is blocked in your environment. Use port 465 only when a provider requires it. Avoid port 25 for submission.

SMTP Port Configuration and Email Deliverability

SMTP port selection is one part of email deliverability configuration. Even with the right port, other factors affect whether your emails reach the inbox:

Email Authentication Records

SPF (Sender Policy Framework): A DNS record that specifies which servers are authorized to send email for your domain. Without SPF, receiving servers have no way to verify your emails are legitimate.

DKIM (DomainKeys Identified Mail): Cryptographic signatures added to your emails that verify the content hasn't been tampered with in transit. Major ESPs generate DKIM keys and provide DNS records to add to your domain.

DMARC (Domain-based Message Authentication, Reporting, and Conformance): A policy record that tells receiving servers what to do when an email fails SPF or DKIM checks — and where to send reports about failed attempts.

Proper configuration of SPF, DKIM, and DMARC is as important as port selection for email deliverability. Without them, even properly configured SMTP connections can result in spam folder placement.

List Quality

SMTP port configuration determines how your emails are sent. List quality determines whether those emails are worth sending. Invalid addresses generate hard bounces regardless of which port you use.

Verify your list with BulkMailVerifier.com before sending campaigns. Removing invalid addresses, spam traps, and disposable emails reduces bounce rates and protects the domain reputation you've built through proper SMTP configuration.

Troubleshooting SMTP Port Issues

"Connection refused" or "Connection timeout"

  • The port is likely blocked by your ISP, firewall, or cloud provider
  • Try port 2525 as an alternative if 587 is blocked
  • For cloud environments, check provider-specific restrictions (AWS requires a support request to enable outbound port 25)

Authentication failures

  • Verify your SMTP username and password are correct
  • For Gmail, use an App Password rather than your regular Gmail password
  • Check that SMTP authentication is enabled in your email provider settings

"TLS negotiation failed"

  • Confirm you're using STARTTLS for port 587 (not SSL, which is for port 465)
  • Verify the SMTP hostname is correct — a wrong hostname produces TLS certificate errors
  • Check that your server's clock is synchronized (TLS certificate validation can fail with significant time drift)

Emails sending but landing in spam

  • SMTP port configuration is not the likely cause of spam folder placement
  • Check SPF, DKIM, and DMARC configuration using MxToolbox's Email Health checker
  • Check whether your sending IP or domain is on a blacklist
  • Verify your list is clean with BulkMailVerifier.com — high bounce rates damage sender reputation

Frequently Asked Questions

Which port should I use for Gmail SMTP?

Use port 587 with STARTTLS for Gmail SMTP. Gmail also supports port 465 with SSL if your email client requires implicit SSL. Use an App Password (not your regular password) for authentication when using Gmail SMTP in third-party clients or applications.

Why does my cloud server block port 25?

Cloud providers (AWS, Google Cloud, Azure, DigitalOcean) block outbound port 25 by default to prevent abuse. This is intentional and won't be changed automatically. Use port 587 for email submission, which is not blocked by default on most cloud providers.

Do I need to configure SMTP ports when using an email marketing service?

If you're using a fully managed ESP (Mailchimp, Klaviyo, ActiveCampaign), you typically don't configure SMTP ports directly — the platform handles delivery for you. SMTP port configuration is relevant when you're using SMTP relay (sending from your own application through a transactional email service like SendGrid or Postmark) or setting up a self-hosted mail server.

What's the difference between STARTTLS and SSL/TLS in SMTP?

STARTTLS upgrades an existing plaintext connection to encrypted after the initial TCP connection. SSL/TLS (implicit) encrypts the connection from the start. Both provide similar security in practice. Port 587 uses STARTTLS; port 465 uses implicit SSL. Both are acceptable security approaches — the choice is usually determined by what your SMTP server and client support.

Can the wrong SMTP port cause my emails to land in spam?

Indirectly. If your SMTP port is blocked and you're using a fallback configuration, it may result in sending from an unexpected IP or server — which could affect reputation. More commonly, port issues cause delivery failures entirely (bounces), not spam placement. Spam placement is more often related to authentication configuration (SPF/DKIM/DMARC), content, or sender reputation.

Configure Once, Then Focus on List Quality

Port 587 is the right choice for almost all email sending scenarios. Configure it correctly with STARTTLS authentication, set up SPF/DKIM/DMARC for your domain, and you've addressed the technical side of email deliverability.

Then focus on what determines long-term deliverability: list quality. BulkMailVerifier.com verifies every address before you send — removing invalid contacts that generate bounces and damage the reputation you've built through proper configuration. Free trial available, no credit card required.