June 05, 2008
Does sending e-mail via TCP port 587 instead of 25 would allow for a better deliverability
Got a great question this afternoon wondering whether sending e-mail via TCP port 587 instead of 25 would allow for a better deliverability. Does it make a difference? Does the SMTP bounce message "Proper Authentication Required) have something to do with this?
If your talking about bulk mail delivery, port 587 it's not used for that. It's used normally for personal one to one email.
ISP's used to allow you to use port 25 on their mail server or mail servers that are not hosted on their network until the virus and spam issue exploded a few years back. So today, some Internet service providers have blocked access to SMTP port 25 for sending mail OUTSIDE of their network to curb viruses and spam when they try to send email from your computer at home. This means you can use their mail server (their email accounts) to send email, but if you 0wn3d (owned) your own domain and mail server outside of their control, you can't send email to it on normal port 25. You have to use port 587 which is authenticated (hopefully since you set it up) to send email to it and then that server will deliver it to the receiptant via port 25.
Another example of using it is some hotels and other free Wi-Fi (Starbucks) also hijack (sniff/watch) port 25 connections leaving their network so they can check for spam or other virus laden issues. When those issues happen it's their network that ends up in trouble. If you don't like them reading your email, using port 587 to your mail server. They are of the same mind set that port 25 is to open and un-authenticated to send email on from their network,
See, it's understood today that email clients (Outlook) or computers shouldn't be sending email in port 25. A mail server sends email on that port. We are in essence saying mail servers will send email on port 25 to each other, but when submitting a message to your mail server for delivery to someone else or to a system not on the same network, use port 587.
Check out this article as well which explains the use of it.
Use TCP Port 587 For Mail Submission
http://www.pcmag.com/article2/0,1759,1838667,00.asp
-Dennis
Eloqua
Y'know, Dennis .. I used to have an idea way back when, about providing a separate MTA, on a different IP from our regular MXs, and allow inbound bulk mail from trusted / whitelisted senders from that IP, which would be restricted to specific sender IPs by router ACLs.
Then, after I (very quickly) realized that
1. Its too much work to replicate mailserver architecture like that
2. Senders are a small, small part of total mail traffic, bot spam has them licked ..
3. It'd turn out "too expensive"
I dropped that idea. Pity. Anyway it seems like something that might work if backed with a paid whitelist targeted at high value transactional mail, like goodmail ..
Posted by: Suresh Ramasubramanian | June 05, 2008 at 11:29 AM
This could be an interesting approach Suresh... You could even limit the time frame in which they can send so it is off peak. I wonder how many ISPs/Email Service Providers would be interested in doing that.
Posted by: Brandon | June 06, 2008 at 09:05 AM
Dennis - As for the original post I think it would be interesting to test this but I do believe you would still have to go through their anti-spam filtering. Regardless of port or method most systems will still monitor and provide the same anti-spam mechanisms on a system wide scale. Not to mention it could turn out to be very slow.
Posted by: Brandon James | June 06, 2008 at 09:08 AM
One word: UUCP.
Posted by: Jeff | June 06, 2008 at 07:56 PM
Regarding deliverability, Direct send emails cannot be used when your Internet Service Provider blocks port 25 connections, or MX record lookup is unavailable. This is a typical situation for corporate users located behind a corporate firewall.
Posted by: Upcoming Phones | September 26, 2008 at 05:13 PM
Hi, just wondering if port 587 supports some sort of encryption while establishing a handshake connection to it and while using it to send email. Port 465 is SMTP over a SSL connection, so I would like to know what are the benefits of using 587 instead of using 465? If 587 does not provide SSL as 465 does, it should be better recommend using 465 and Not 587.
Posted by: Tarzan | April 07, 2009 at 07:34 AM
Adding to Tarzan's comment.
I thought that TCP 465 is SMTP over SSL and TCP 587 is SMTP with authentication required.
Can someone confirm this meaning , if I used TCP 465 , SMTP will be encrypted but their is no authentication so a virus can be pushed through that port encrypted ????
Posted by: scuba19 | August 31, 2009 at 03:16 PM
you can use SSL over 587 as well. I do...
Posted by: Dennis Dayman | August 31, 2009 at 03:40 PM