Quick Definition: The difference between port 25 and port 587 comes down to security. While port 25 is the standard SMTP port for email transmissions, it's unencrypted and therefore less commonly used due to security concerns. Port 587 is used for secure and encrypted email communication, and employs TLS or SSL to protect sensitive data, requires user authentication, and is often mandated for regulatory compliance. This makes port 587 a more secure option compared to port 25.
In general, securing your email communications is always important, especially if you’re dealing with sensitive data, financial info, or personally protected information. However, it may not be necessary for non-sensitive, personal conversations.
Understanding these differences is essential if you’re taking the Network+ certification exam and learning how encryption relates to port 25 and port 587. In this article, we’ll discuss the function of both these ports in relation to SMTP.
What is SMTP?
If you have ever sent an email, then you have used SMTP. SMTP, or Simple Mail Transfer Protocol, is a set of standards used to send email to and from different computers on a network. Whenever the email is unencrypted, it is sent via port 25. If the data is encrypted, it is sent via port 587.
What is a Port?
A port is a gateway or connector that allows a computer to interact with other devices or services. For example, an HDMI port is a physical connector that allows a user to access their monitor. However, in the context of application-level software, 'ports' refer to virtual ports, which are sectioned off by the computer. Virtual ports are 16-bit integers that ride on the packet and are used to identify which “doorway” a particular protocol should route to.
Simple Mail Transfer Protocol Explained
SMTP was created in 1982 to establish a standardized and reliable electronic mail (e-mail) transmission across networks. The whole point of SMTP is to simulate the flow of regular paper mail. Before SMTP, engineers were coming up with proprietary or ad hoc methods to send emails. Standardizing email transmission fostered the expansive and reliable internet we know today.
Why Does SMTP Use Multiple Ports?
SMTP uses different Ports depending on whether the data will be encrypted or unencrypted. Port 25 is the traditional port SMTP has always been on. A server, such as a Microsoft Exchange server, will have port 25 opened up and ready to send emails.
On the flipside, SMTP will leverage port 587 for encrypted messages. SMTP is not inherently secure but can be using STARTTLS. STARTTLS stands for “Start Transport Layer Security.” It is commonly used in conjunction with SMTP to provide a secure way of sending out emails. If both the client and the server support STARTTLS, they will negotiate encryption parameters and establish a secure communication channel.
STARTTLS will use port 587 to establish a secure TLS connection between the sending machine and the SMTP server. TLS stands for Transport Layer Security, and is used to encrypt transmitted data. If SMTP uses TLS for secure transmissions, what protocol is used to actually transport it? Let’s find out.
Does SMTP Rely on TCP or UDP?
SMTP uses TCP (Transmission Control Protocol) to send emails. It uses TCP because it's very important that every word of an email is sent correctly and in order.
UDP (Unigram Data Protocol) on the other hand, is used for data that can withstand a degree of packet loss – such as streaming a video. With that broad understanding in mind, let’s focus on port 25 in the next section.
What is SMTP Port 25?
Port 25 on SMTP is the standard Port for all email transmissions. If an email is sent between two SMTP servers, it’ll be sent over port 25. Unencrypted communication between a computer sending an email and the server will also be sent over port 25.
What is Port 25 Used For?
Port 25 is generally used to send SMTP emails over the internet. Port 25 connects SMTP servers to different servers so that an email can successfully route to its final destination.
Port 25 is not used quite as often from the host machine to the server because of the rise of spam. To reduce spam, servers often block port 25 in favor of port 587, allowing for better authenticated and more easily identifiable traffic.
What Devices or Technologies Use Port 25?
Any device capable of sending, receiving, or reading email uses port 25. For example, an IoT device could use port 25 to send status updates to a user.
As covered earlier, SMTP servers will use port 25 for server-to-server email routing. Often, automated logging software will use port 25 to send status updates on application or logging analytics.
Lastly, a printer or scanner could use port 25 to email a scanned document or to verify status configurations. SMTP is a varied and versatile protocol that has facilitated communication in a diverse array of settings.
Why is Port 25 Not Secure?
It is important to note that port 25 is not inherently insecure. However, it has traditionally been used as the insecure transmission port for SMTP. Since SMTP is not secure, port 25 is de facto considered insecure. Additionally, SMTP lacks authorization mechanisms. That means virtually anyone can connect to the SMTP server and pretend to be somebody they are not.
What's the Risk of Using Port 25?
Most of the risks regarding port 25 stem from SMTP’s lack of encryption and authentication. Using SMTP on port 25 means that any transmission or log in credential can potentially be intercepted and read by malicious actors. Emails sent over port 25 can be a red flag that should be checked; most data in an organization is sensitive to some degree and shouldn’t be sent unencrypted.
Also, a hacker can exploit vulnerabilities in your SMTP server to funnel spam. This can cause phishing attacks on your organization to skyrocket or increase the spreading of malware via shady links. With all of these risks, it’s a wonder why ort 25 is open at all–let’s explore that idea a little bit.
Should Port 25 Be Closed?
With all this naysaying on port 25, you may feel inclined to say the hell with it and close the port altogether. Closing a port involves stopping all network access to a computer through that specific port, resulting in any data directed to that port being denied.
Typically, this is achieved by adjusting firewall settings to prevent unauthorized access from malicious individuals trying to enter through a non-permitted port. As a best practice, all ports should be kept closed by default and only opened when a specific need exists. While that may be a viable security measure, there are some considerations to consider.
For instance, many IoT devices, printers, and scanners use port 25 as their default outbound SMTP port. If port 25 is closed, reconfigure all your devices to use an alternative port.
Also, recall that there is nothing inherently insecure about port 25. So if you do change Ports, make sure they are secured via STARTTLS or some other means.
Suffice it to say your best bet is to use encrypted channels when transmitting emails. The following section explains this in detail.
What is SMTP Port 587?
Port 587 is used to send emails in a secure and encrypted manner. Port 587 uses TLS or SSL to ensure an email stays confidential and cannot fall victim to eavesdropping. This contrasts with port 25, which sends emails unencrypted.
What is SMTP Port 587 Used For?
Port 587 is used to send emails that contain sensitive data. Any data that may have confidential, personal, or potentially embarrassing information needs to be sent encrypted, thereby sent on port 587. Oftentimes, a networking admin will configure port 587 to use STARTTLS.
The Reason Port 587 Has Increased Security
One of the primary drivers for increased security is the propensity for spam emails. Often, port 25 is used as a way to submit floods of spam, malware, and phishing attacks via a hijacked machine on the network. A lot of that changed once secure SMTP came about.
Using port 587 instead of port 25 requires the user to authenticate with credentials. This greatly decreases a hacker’s attack vector. Also, port 587 is just plain required in multiple agencies due to regulatory compliance, thereby increasing security.
Lastly, port 587 increases security by making emails far less susceptible to packet sniffing. Unencrypted data can be easily extracted and read by malicious actors; this isn’t so with port 587.
What Devices or Technologies Use Port 587?
Port 587 is generally used by the following devices:
Cloud Services: All emails that travel to the cloud are secured on port 587.
SMTP Relay Servers: A separate server leveraged by organizations to decrease the overall load on their primary server. They will use port 587 to mitigate spam congestion.
Smartphone: Smartphones always encrypt emails via port 587 prior to submission.
Email Clients: All email clients (Outlook, Thunderbird, Apple Mail, etc.) leverage Port 587 to submit emails. This minimizes hacking attempts and contributes to the preservation of their positive reputation.
These are only four of plenty of other technologies that utilize port 587. The rule of thumb is that port 587 is used by any technology that needs to send encrypted emails.
Is Port 587 Secure?
Yes, by all available measures, port 587 is secure. Bear in mind that this is assuming all encryption parameters are configured correctly. For example, STARTTLS must be configured on the server AND each host machine to maintain proper encryption.
Also, firewall rules should be implemented to ensure emails can only be submitted via port 587. Assuming everything is configured correctly, port 587 is secure.
Should You Be Using Port 587?
Yes, port 587 is the way to go if emails require any discretion whatsoever. If you are in an organization of any kind, it’d be a good idea to configure your servers and nodes for secure SMTP. That said, contacting your email provider and seeing what they recommend is also important.
Additionally, port 587 requires some sort of authorization mechanism – often in the form of OAuth Tokens. Once that is established, you’ll be good to go to leverage port 587. With all that said, let’s recap the primary differences between port 25 and port 587 in the next section.
SMTP Port 25 Vs. Port 587
Regarding SMTP port 25 vs port 587, the main difference is that the former is unsecure, while the latter is secure. Port 25 is the traditional Port for unencrypted SMTP submissions, while port 587 will use an encryption mechanism such as STARTTLS.
Best Use Cases for Port 25 Vs. Port 587
Use this convenient list to determine when you should use port 25 or port 587.
Use Port 587 if:
Security is a priority
Your ISP Blocks port 25
You’re on a modern email service like Gmail, Apple Mail, or Outlook.
Use Port 25 if:
Your network is on a legacy server that does not support STARTTLS.
The emails are internal only, then it might be fine to use port 25.
You are configuring server-to-server communications. Servers generally send emails using port 25.
Conclusion
Understanding the difference between port 25 and port 587 is critical before taking the Network+ certification exam. To summarize, port 587 is used for encrypted communication, while port 25 is unencrypted. Port 25 is used for server-to-server communication, while port 25 will be used to communicate from a network node to the server.
Port 587 requires authorization from OAuth or passwords, while port 25 does not require any identity access. The lack of authorization makes port 25 susceptible to hacking.
Once you have a good understanding of both ports, it’d be a great idea to understand how VPNs work, as you can bet that subject will also be on the Network+ Exam.
Not a CBT Nuggets subscriber? Sign up for a 7-day free trial.
