TLS is referred to as Implicit TLS, meaning that the initial connection is started with a Secure Socket Layer (SSL) or Transport Layer Security (TLS) certificate. This requires a little bit more work for the client, but is a valid approach since the connection is encrypted from the start.
StartTLS is the protocol command that begins the conversation in plaintext, and if possible, upgrades to TLS. This is the preferred method as one port can handle both plaintext and TLS.
Port 465: Message submission over TLS protocol
In an effort to simplify the process of encrypting SMTP messages, port 465 and smtps, were removed from the IANA registry. This led to a reasonable amount of confusion as port 465 and implicit TLS had gained a good amount of traction. To remedy this, the IETF issued a one-time amendment to reinstate port 465 for message submission over TLS protocol.
Port 587: Message submission
Port 587 has always been the default port for message submission. The confusion around port 465 and port 587 stems back to 1997 when a standard for encrypted transit was being discussed. Ultimately, StartTLS was the protocol chosen. This enables a user to send with plaintext, or upgrade their connection to TLS using the same port. For this reason, this is the preferred approach.
Bonus port 2525
Often during the port 465 vs. 587 question, we see a lot of references to port 2525. What is this port, and what is it used for? Fortunately for us, this is a pretty quick and easy answer. A lot of ISPs will block port 25 in an effort to prevent home enthusiasts from running their own mail servers. In an effort to alleviate the issue around this blockage, many ESPs support port 2525 as an alternative.
Alert: For Control Panel Help & Tutorials, click here: Panel Tutorials
