Port 25 — SMTP
SMTP (Simple Mail Transfer Protocol) on port 25 is how email servers talk to each other. When you send an email, your mail client hands it to an outgoing server, which uses port 25 to deliver it to the recipient's mail server. This protocol has been running since 1982 and remains the backbone of email delivery, despite being fundamentally insecure in its original form.
The catch: most residential ISPs block outbound port 25 to prevent spam. If you're trying to send email from a home server or local development environment and it's not working, this is almost certainly why.
The Three Email Ports
Email uses three different ports, and mixing them up is the #1 cause of "why can't I send email" problems:
| Port | Protocol | Purpose | Encryption |
|---|---|---|---|
| 25 | SMTP | Server-to-server delivery | Optional (STARTTLS) |
| 587 | SMTP (Submission) | Client-to-server (sending email) | STARTTLS required |
| 465 | SMTPS | Client-to-server (legacy SSL) | Implicit TLS |
For sending email from your application or email client, use port 587. Not 25. Port 587 is the official submission port — it requires authentication and encryption, which means your ISP won't block it and your email is less likely to be flagged as spam.
Port 465 was originally assigned for SMTPS (SMTP over SSL), then deprecated, then re-assigned. It works with many providers (Gmail, Outlook) but 587 with STARTTLS is the modern standard.
Why ISPs Block Port 25
In the early internet, anyone could set up a mail server at home and send email directly. Spammers exploited this ruthlessly — compromised home computers became spam relays, sending millions of unwanted emails. ISPs responded by blocking outbound port 25 for residential customers. This means your home computer can't directly deliver email to other mail servers.
The solution is to relay through an authenticated SMTP server on port 587 — your email provider (Gmail, Outlook, SendGrid, etc.) accepts the email from you and then uses port 25 to deliver it to the destination. This way, the email provider can enforce rate limits, scan for spam, and maintain sender reputation.
Sending Email from Your App
If you're building a web application that needs to send email (password resets, notifications, confirmations), don't try to run your own SMTP server. Use a transactional email service and connect via port 587:
# Python (smtplib)
import smtplib
from email.mime.text import MIMEText
msg = MIMEText("Hello from my app!")
msg['Subject'] = 'Test Email'
msg['From'] = 'you@example.com'
msg['To'] = 'recipient@example.com'
with smtplib.SMTP('smtp.gmail.com', 587) as server:
server.starttls()
server.login('you@gmail.com', 'app-password')
server.send_message(msg)// Node.js (nodemailer)
const nodemailer = require('nodemailer');
const transporter = nodemailer.createTransport({
host: 'smtp.gmail.com',
port: 587,
secure: false, // STARTTLS
auth: { user: 'you@gmail.com', pass: 'app-password' }
});
await transporter.sendMail({
from: 'you@gmail.com',
to: 'recipient@example.com',
subject: 'Test',
text: 'Hello from Node.js!'
});Common SMTP Servers
| Provider | SMTP Server | Port | Auth |
|---|---|---|---|
| Gmail | smtp.gmail.com | 587 (TLS) / 465 (SSL) | App Password required |
| Outlook/365 | smtp.office365.com | 587 | Username + password |
| SendGrid | smtp.sendgrid.net | 587 | API key as password |
| Mailgun | smtp.mailgun.org | 587 | Domain credentials |
| Amazon SES | email-smtp.{region}.amazonaws.com | 587 | IAM SMTP credentials |
Testing SMTP Locally
For local development, you don't want to send real emails. Use a local SMTP trap that catches outgoing email without delivering it:
- MailHog — catches all outgoing email and shows it in a web interface at
localhost:8025. SMTP on port 1025.docker run -p 1025:1025 -p 8025:8025 mailhog/mailhog - Mailtrap.io — cloud-based SMTP trap with a fake inbox. Free tier available
- Python one-liner:
python -m smtpd -n -c DebuggingServer localhost:1025— prints all emails to terminal
Troubleshooting
"Connection timed out" on port 25: Your ISP is blocking it. Use port 587 instead. This is not a bug — it's working as intended.
"Authentication required" on port 587: You need to provide valid credentials. For Gmail, you need an "App Password" (not your regular password) generated in your Google Account security settings.
Email sent but goes to spam: Your sending domain lacks proper DNS records. Set up SPF, DKIM, and DMARC records in your domain's DNS — use DNS lookup to verify them.