On 23.05.2025 01:11 Chris via mailop wrote: > On 2025-05-22 20:56, Marco Moock via mailop wrote: > > On 22.05.2025 15:47 Bill Cole via mailop wrote: > > > >> For implicit TLS (as on ports 443, 465, 587, 993, 995) > > > > 587 does not use implicit TLS, it can use STARTTLS optional. > > Umm. That *may/can* be true. But as a rule it's chosen specifically > for use with TLS. I just performed a check to see if we've overlooked > anything using 587 and it's appears others have the same > understanding.
rfc6409 It only mentions optional STARTTLS (even when it is recommended to enforce it). > Cloudflare, for example: > ---QUOTE > Originally, the Simple Mail Transfer Protocol (SMTP) used port 25. > Today, SMTP should instead use port 587 — this is the port for > encrypted email transmissions using SMTP Secure (SMTPS). That is wrong. RFC-conforming systems use it with ESMTP and STARTTLS. > Port 465 is also used sometimes for SMTPS. However, this is an > outdated implementation and port 587 should be used if possible. More wrong information. 465 is being used for implicit TLS (submissions). See RFC 8314. > Finally, some email service providers also support SMTP on port 2525 > as a backup in case these other ports are blocked by a network > provider or a firewall. Blocking 25 for everything except mail servers is reasonable, 465/587 not. > I think 587 is always assumed to be encrypted. :) According to the RFC no, but due to security reasons it is recommended to enforce STARTTLS on the server and client if using 587. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
