Here are interesting things I’ve come across when learning more about email topics

SMTP ports

Frequently, articles mention three different ports used for the Simple Mail Transfer Protocol (SMTP):

• 25/tcp
• 465/tcp
• 587/tcp

It’s confusing, why are there three? Which one is which? Which one should I use?

Port 25

Your ISP may be preventing you from sending emails through TCP port 25 from your local network. This happens through a policy called outbound port 25 blocking, OP25B. SMTP over 25/tcp is the original way of sending emails. It’s associated with sending spam emails through open relays. An open relay is a mail transfer agent (MTA) that forwards emails without verifying the sender.

SPF, or even DMARC, somewhat helps mitigate spam related issues. Yet, having an open relay server that just accepts any email is bad practice. A lack of access controls in public-facing IT infrastructure is a common cause of security incidents.

IANA port assignments

Searching the IANA Service Name and Transport Protocol Port Number Registry for the preceding three ports, we see:

The IANA designates the last three entries in this table for message submission.

A mail submission agent (MSA) receives email from mail user agents (MUA) on ports 465 and 587. Mail user agents in turn are often included in your email client. Examples for email clients that have a MUA are Thunderbird or Outlook. Even Mutt contains a MUA, which I didn’t know.

A mail submission agent can choose between the port for submissions or submission. There’s one key difference between these two ports. submissions runs on top of the transport layer security (TLS) protocol. This means that mail user agent and mail submission agent talk over an encrypted and authenticated communication channel. Conversely, submission has optional TLS encryption through the STARTTLS extension. RFC 3207 defines STARTTLS for SMTP.

References

Read more about the port distinction in RFC 8314