Why is port 587 preferred over port 465 in SMTP?

ssl email smtp starttls

Why is port 587 preferred?

Any document claiming so is historic. Today, port 465 is preferred.

The reason it used to be preferred (by some, not all operators):

  • after STARTTLS was formalized, compatibility & security considerations were different
  • a suitable and already used TCP port number had been reassigned by IANA

The reason we should now all prefer implicit TLS:

  • unnecessary workarounds and compatibility layers added to otherwise robust security mechanisms are considered undesirable
  • an alternate port usage has been assigned to resolve the port conflict
  • we now have little use case left for offering optional transport security

Everyone is advised to migrate to implicit TLS. Please only send mail using secure transports. Please discourage or remove unnecessary complexity and failure modes.


It is currently the other way around. On the question why, RFC 8314, 3 has the reasoning:

Although this [STARTTLS] mechanism has been deployed, an alternate mechanism where TLS is negotiated immediately at connection start on a separate port (referred to in this document as "Implicit TLS") has been deployed more successfully. To encourage more widespread use of TLS and to also encourage greater consistency regarding how TLS is used, this specification now recommends the use of Implicit TLS for POP, IMAP, SMTP Submission, and all other protocols used between an MUA and an MSP.

Related

How can I get docker build to overwrite a file?
How to enable debug logging for GRE?
Corrupted index cache file in Dovecot
Update sudoers file in multiple servers with a bash script
How do I delete/remove a SUSE 10.3 user?
How can I set up my own VPN service that looks like in another country?
Grafana behind AWS ALB
Share gcp external load balancer across multiple projects
Trying a VNC for the first time
Are there security problems with storing public ssh keys in a database?
Google Cloud VPN connection degradation
Access SMB over a custom port