Why is port 587 preferred over port 465 in SMTP?

Why is port 587 preferred?

Any document claiming so is historic. Today, port 465 is preferred.

The reason it used to be preferred (by some, not all operators):

  • after STARTTLS was formalized, compatibility & security considerations were different
  • a suitable and already used TCP port number had been reassigned by IANA

The reason we should now all prefer implicit TLS:

  • unnecessary workarounds and compatibility layers added to otherwise robust security mechanisms are considered undesirable
  • an alternate port usage has been assigned to resolve the port conflict
  • we now have little use case left for offering optional transport security

Everyone is advised to migrate to implicit TLS. Please only send mail using secure transports. Please discourage or remove unnecessary complexity and failure modes.


It is currently the other way around. On the question why, RFC 8314, 3 has the reasoning:

Although this [STARTTLS] mechanism has been deployed, an alternate mechanism where TLS is negotiated immediately at connection start on a separate port (referred to in this document as "Implicit TLS") has been deployed more successfully. To encourage more widespread use of TLS and to also encourage greater consistency regarding how TLS is used, this specification now recommends the use of Implicit TLS for POP, IMAP, SMTP Submission, and all other protocols used between an MUA and an MSP.