Frequently Asked Questions
Which SMTP port should I use — 25, 465, or 587?
Port 587 with STARTTLS is the recommended port for submitting outbound email from mail clients and applications. Port 465 uses SSL/TLS directly from the start of the connection and is widely supported by modern providers. Port 25 is the traditional mail-to-mail relay port — most ISPs block it for outbound sending to prevent spam, so it is best suited for server-to-server communication only.
What is STARTTLS and how is it different from SSL/TLS?
STARTTLS is an upgrade command — the connection starts unencrypted on a standard port (usually 587) and then upgrades to an encrypted connection before any credentials or message data are transmitted. SSL/TLS, typically used on port 465, establishes an encrypted tunnel from the very beginning of the connection. Both protect email in transit; STARTTLS is more widely used for outbound submission, while SSL/TLS provides slightly faster connection setup.
What causes an SMTP connection refused error?
A “connection refused” error means the server is either unreachable on the specified port or actively rejecting the connection. The most common causes are a firewall blocking the port, the wrong port number being used, the SMTP service not running on the server, or the hostname being incorrect. Start by confirming the hostname and port with your email provider, then check that no firewall rules are blocking outbound traffic on that port.
What is an SMTP relay and when do I need one?
An SMTP relay is a server that forwards outgoing email on behalf of your application or domain — rather than delivering directly to the recipient’s mail server. You typically need one when sending transactional or bulk email from a web application, a CRM, or a marketing tool. Using a dedicated SMTP relay (such as SendGrid, Amazon SES, or Mailgun) improves deliverability, provides sending infrastructure, and keeps your main domain’s reputation separate from high-volume sending.
Why does my SMTP server keep timing out?
SMTP timeouts usually indicate a network-level block rather than a server misconfiguration. Common causes include your ISP or hosting provider blocking outbound connections on port 25 or 587, a firewall dropping packets without sending a rejection response, or DNS resolution failing for the mail server hostname. Try switching to an alternative port (465 if you were using 587, or vice versa), confirm the hostname resolves correctly in DNS, and check with your hosting provider whether outbound SMTP is restricted on your plan.
What SMTP authentication methods should my server support?
Modern SMTP servers should support AUTH LOGIN and AUTH PLAIN at minimum, with CRAM-MD5 or OAUTH2 as stronger alternatives where available. Authentication is negotiated after the EHLO handshake and, critically, should only be offered after a TLS-encrypted connection has been established — sending credentials over an unencrypted connection exposes them to interception. You can see which AUTH methods your server advertises by checking the capabilities output in the test results above.
