Here are interesting things I’ve come across when learning more about email topics
SMTP ports
Frequently, articles mention three different ports used for the Simple Mail Transfer Protocol (SMTP):
25/tcp465/tcp587/tcp
It’s confusing, why are there three? Which one is which? Which one should I use?
Port 25
Your Internet Service Provider (ISP) may be preventing you from sending emails through TCP port 25 from
your local network. This happens through a policy called outbound port 25
blocking, OP25B. SMTP over 25/tcp is the original way of sending emails.
It’s associated with sending spam emails through open relays. An open relay is
a Mail Transfer Agent (MTA) that forwards emails without verifying the sender.
Two ways exist to make the email infrastructure more secure for all. Sender Policy Framework (SPF) and Domain Mail Authentication, Reporting, and Conformance (DMARC). These somewhat help mitigate spam related issues. Yet, having an open relay server that just accepts any email is bad practice. A lack of access controls in public-facing IT infrastructure is a common cause of security incidents.
Internet assigned numbers authority
The Internet Assigned Numbers Authority (IANA) assigns port numbers. You can search their Service Name and Transport Protocol Port Number Registry here. Searching for the preceding three ports, we find the following:
| Service Name | Port Number | Transport Protocol | Description |
|---|---|---|---|
smtp |
25 | tcp |
Simple Mail Transfer |
smtp |
25 | udp |
Simple Mail Transfer |
submissions |
465 | tcp |
Message Submission over TLS protocol |
submission |
587 | tcp |
Message Submission |
submission |
587 | udp |
Message Submission |
The IANA designates the last three entries in this table for message submission.
A Mail Submission Agent (MSA) receives email from Mail User Agents (MUA) on ports 465 and 587. Mail user agents in turn are often included in your email client. Examples for email clients that have a MUA are Thunderbird or Outlook. Even Mutt contains a MUA, which I didn’t know.
A mail submission agent can choose between the port for submissions or
submission. There’s one key difference between these two ports. submissions
runs on top of the transport layer security (TLS) protocol. This means that
mail user agent and mail submission agent talk over an encrypted and
authenticated communication channel. Conversely, submission has optional TLS
encryption through the STARTTLS extension.
RFC 3207 defines STARTTLS
for SMTP.
References
Read more about the port distinction in RFC 8314