What is the difference between ports 465 and 587

Question

These ports 465 and 587 are both used for sending mail  submitting mail  but what is the real difference between them

User · Answer

587 vs  465 These port assignments are specified by the Internet Assigned Numbers Authority  IANA    Port 587   SMTP  Message submission  SMTP-MSA   a service that accepts submission of email from email clients  MUAs   Described in RFC 6409  Port 465  URL Rendezvous Directory for SSM  entirely unrelated to email   Historically  port 465 was initially planned for the SMTPS encryption and authentication    wrapper    over SMTP  but it was quickly deprecated  within months  and over 15 years ago  in favor of STARTTLS over SMTP  RFC 3207   Despite that fact  there are probably many servers that support the deprecated protocol wrapper  primarily to support older clients that implemented SMTPS  Unless you need to support such older clients  SMTPS and its use on port 465 should remain nothing more than an historical footnote  The hopelessly confusing and imprecise term  SSL  has often been used to indicate the SMTPS wrapper and TLS to indicate the STARTTLS protocol extension  For completeness  Port 25  Port 25  Simple Mail Transfer  SMTP-MTA   a service that accepts submission of email from other servers  MTAs or MSAs   Described in RFC 5321   Sources   IANA Service Name and Transport Protocol Port Number Registry    Revoking the smtps TCP port    - Email from Internet Mail Consortium director Paul Hoffman  12 Nov 1998  RFC 6409 - Message Submission for Mail RFC 5321 - Simple Mail Transfer Protocol RFC 3207 - SMTP Service Extension for Secure SMTP over Transport Layer Security RFC 4607 - Source-Specific Multicast for IP

User · Answer

The correct answer to this question has been changed by the publication of RFC 8314  As a result  port 465 and 587 are both valid ports for a mail submission agent  MSA   Port 465 requires negotiation of TLS SSL at connection setup and port 587 uses STARTTLS if one chooses to negotiate TLS  The IANA registry was updated to allow legitimate use of port 465 for this purpose  For mail relay  only port 25 is used so STARTTLS is the only way to do TLS with mail relay  It s helpful to think of mail relay and mail submission as two very different services  with many behavior differences like requiring auth  different timeouts  different message modification rules  etc   that happen to use a similar wire protocol

User · Answer

I use port 465 all the time   The answer by danorton is outdated  As he and Wikipedia say  port 465 was initially planned for the SMTPS encryption and quickly deprecated 15 years ago  But a lot of ISPs are still using port 465  especially to be in compliance with the current recommendations of RFC 8314  which encourages the use of implicit TLS instead of the use of the STARTTLS command with port 587   See section 3 3   Using port 465 is the only way to begin an implicitly secure session with an SMTP server that is acting as a mail submission agent  MSA    Basically  what RFC 8314 recommends is that cleartext email exchanges be abandoned and that all three common IETF mail protocols be used only in implicit TLS sessions for consistency when possible  The recommended secure ports  then  are 465  993  and 995 for SMTPS  IMAP4S  and POP3S  respectively   Although RFC 8314 certainly allows the continued use of explicit TLS with port 587 and the STARTTLS command  doing so opens up the mail user agent  MUA  the mail client  to a downgrade attack where a man-in-the-middle intercepts the STARTTLS request to upgrade to TLS security but denies it  thus forcing the session to remain in cleartext

User · Answer

SMTP protocol  smtps  port 465  v  msa  port 587   Ports 465 and 587 are intended for email client to email server communication - sending out email using SMTP protocol   Port 465 is for smtps SSL encryption is started automatically before any SMTP level communication   Port 587 is for msa It is almost like standard SMTP port  MSA should accept email after authentication  e g  after SMTP AUTH   It helps to stop outgoing spam when netmasters of DUL ranges can block outgoing connections to SMTP port  port 25   SSL encryption may be started by STARTTLS command at SMTP level if server supports it and your ISP does not filter server s EHLO reply  reported 2014      Port 25 is used by MTA to MTA communication  mail server to mail server   It may be used for client to server communication but it is not currently the most recommended  Standard SMTP port accepts email from other mail servers to its  internal  mailboxes without authentication

User · Answer

Port 465   IANA has reassigned a new service to this port  and it should no longer be used for SMTP communications   However  because it was once recognized by IANA as valid  there may be legacy systems that are only capable of using this connection method  Typically  you will use this port only if your application demands it  A quick Google search  and you ll find many consumer ISP articles that suggest port 465 as the recommended setup  Hopefully this ends soon  It is not RFC compliant   Port 587   This is the default mail submission port  When a mail client or server is submitting an email to be routed by a proper mail server  it should always use this port   Everyone should consider using this port as default  unless you re explicitly blocked by your upstream network or hosting provider  This port  coupled with TLS encryption  will ensure that email is submitted securely and following the guidelines set out by the IETF   Port 25   This port continues to be used primarily for SMTP relaying  SMTP relaying is the transmittal of email from email server to email server   In most cases  modern SMTP clients  Outlook  Mail  Thunderbird  etc  shouldn t use this port  It is traditionally blocked  by residential ISPs and Cloud Hosting Providers  to curb the amount of spam that is relayed from compromised computers or servers  Unless you re specifically managing a mail server  you should have no traffic traversing this port on your computer or server

User · Answer

I don t want to name names  but someone appears to be completely wrong   The referenced standards body stated the following  submissions     465     tcp     Message Submission over TLS protocol     IESG    IETF Chair     2017-12-12       RFC8314      If you are so inclined  you may wish to read the referenced RFC   This seems to clearly imply that port 465 is the best way to force encrypted communication and be sure that it is in place  Port 587 offers no such guarantee

[email] What is the difference between ports 465 and 587?

587 vs. 465

For completeness: Port 25

Sources:

Examples related to email

Examples related to smtp

Examples related to port

Examples related to postfix-mta

Examples related to email-client