Email Fast Get a sandbox key
Glossary

SMTP ports

25, 587, and 465 each have one job. Using the right one saves an afternoon of debugging.

SMTP uses three well-known ports with different jobs: port 25 for server-to-server mail relay, port 587 for authenticated submission with STARTTLS, and port 465 for authenticated submission over implicit TLS. Only port 25 moves mail between providers; 587 and 465 exist for clients handing mail to their own server.

Why it matters

Picking the wrong port is one of the most common integration failures in email. Applications that try port 25 usually hang: residential ISPs and most cloud providers block outbound 25 by default, because a compromised machine spraying spam over port 25 is the classic botnet pattern, and blocking it at the network edge kills that abuse wholesale. The same block is why running your own mail server from home or a stock VPS mostly does not work.

In practice

PortRoleTLS
25MTA-to-MTA relay between providersOpportunistic STARTTLS
587Client submission (RFC 6409)STARTTLS upgrade, then AUTH
465Client submission (RFC 8314)Implicit TLS from the first byte

Your application talks to your provider on 587 or 465 with credentials; the provider's server then talks to Gmail or Outlook on port 25. Port 465 was once deprecated, then re-standardized for implicit TLS; today it and 587 are equally correct.

How Email Fast handles it

Email Fast accepts SMTP submission on 587 and 465, and the server refuses AUTH until TLS is established, so credentials can never cross the wire in plaintext. Port 25, and the warmup and reputation work that comes with it, is the platform's job rather than yours.

Questions, answered plainly

Which port should my app use?

587 with STARTTLS or 465 with implicit TLS; both are current standards and equally correct. Never 25, which is for server-to-server relay and is blocked from most networks anyway.

Why does my code time out on port 25?

Your ISP or cloud provider almost certainly blocks outbound port 25 to stop spam from compromised machines. Switch to an authenticated submission port, 587 or 465, and the connection will go through.

See it for yourself

Sandbox keys run the real pipeline dry — real validation, real events, a hosted inbox, no email sent. Early access is onboarding now.