Tutorials Sending email and SMTP best practices

Sending email and SMTP best practices

The Simple Mail Transfer Protocol or SMTP is the Internet standard for sending and receiving emails. Email clients use SMTP to send messages to a mail server for delivery while email servers use it to forward messages to their recipients.

Outgoing emails are usually sent using the port 587 or 465 while the port 25 is used for relaying the message between mail servers.

Much of the email delivery depends on the reputation of the sender. Therefore, it’s important to follow common courtesy and best practices when operating a mail server. In this guide, we are going over a couple of things you need to consider before setting up an email server in the cloud.

Preventing open SMTP relay misuse

SMTP port 25 is traditionally blocked by residential ISPs and cloud providers to prevent spam. This is to prevent open SMTP relays being misused or set up for abuse.

Configuring up your own email server requires due care to ensure security. A simple mistake in the setup can render the security settings ineffective, therefore most important part is to make sure the server does not become an open relay.

Conveniently MX Toolbox, an online network testing utility, provides an SMTP diagnostics tool with which you can easily test your configuration by just entering your mail server domain name such as mail.example.com.

Using secure SMTP connections

Secure mail submission usually takes place using a TLS encrypted connection to port 587 of a server that submits the mail onwards. Both the client and server need to support it for a secure connection to be established. Most of the popular modern email clients support TLS, so the burden of enabling secure email delivery falls on the mail server management.

It’s important to configure SMTP clients to require TLS for outgoing connections because the initial handshake takes place in plain text. A man-in-the-middle attack could otherwise make it appear that TLS is unavailable. This type of attacks can be blocked by explicitly requiring TLS.

Utilising professional mailing services

Although the outbound SMTP port 25 is blocked, you can choose to use port 465, 587, or a non-standard port to send email through a relay. For example, you can configure your Mail Transfer Agent to use a mailing service e.g. MailChimp or Mailgun over port 587 to securely relay emails.

Alternatively, you might not want to run your own email server at all. Depending on your intended use for sending emails, you should consider utilising one of the aforementioned dedicated mailing services. Marketing campaigns and transactional emails are often best left for professionals to ensure reliable delivery.

Opening SMTP port 25

The outbound SMTP port 25 is closed by default on new accounts to prevent accidental open relays and misuse. The blocked port shows up on your server’s firewall at your UpCloud control panel but cannot be changed directly.

The port can be opened on request. If you would need the port 25 opened, you can request the port block to be removed by contact our support team.

You will be required to provide proof of identity or payment method for verification and explain your use-case why the outbound port 25 is needed. This is done to ensure responsible use of SMTP and build trust in our network for email delivery.

Please note that we may be forced to close the outbound SMTP port 25 again due to evidence of a compromised server or detection of spam.

Editor-in-chief and Technical writer at UpCloud since 2015. Cloud enthusiast writing about server technology and software.

18 thoughts on “Sending email and SMTP best practices

  1. It is particularly important to cache network connections, library references, and API client objects in global scope. See Optimizing Networking for examples.

  2. Let me know this…

    to use Port 465 and 587 to send emails ( transactional )

    Do, I need to contact the Support Team?

    by default, those ports are Open or Closed?

    1. Hi there, thanks for the question. The default email relay port 25 is closed by default on all new accounts, there are also other trial mode restrictions which would prevent the use of the ports 465 and 587. However, all of the restrictions can be lifted on request. You can read more about the email port restrictions at our guide on best practices to sending email.

  3. My greetings to everyone!

    Dear Sirs, support team!
    I have impacted to this article whilst configuring the SENDING E-MAILS OUTSIDE.

    Could you, please, satisfy my curiosity about – whether it is possible or not to send mail through 587 or 465 with a blocked port 25 (from your side).

    1. Hi Alex, thanks for the question. The port 25 is used to relay emails between email servers and is blocked by default. However, you can send emails via port 587 by using email services such as MailChimp or Mailgun as explained in the section “Utilising professional mailing services”.

        1. Hi there, thanks for the question. You can use PHPMailer and e.g. OAuth on MailChimp. Using TLS and therefore the port 587 means you can ignore the block on port 25 and the secure delivery is handled by the mailing service.

  4. This needs updating. As it’s almost impossible to get the port open for my use case. Really loved the idea of not having to use some third party mail and wanted a more secure email. So as upcloud is 100% uptime I thought lets setup my own mail server so that I have all the control. Just you need all this now:
    Company name:
    Company website address:
    Amount of email you will be sending daily:
    Use case:
    Example email template:
    Unsubscribe link:
    Mail Server Application Details:
    Antivirus & Threat Mitigation Steps:
    …………………….
    Was asked that when I already said I send next to zero email with no plans for any mass mail. So not going to have an unsubscribe link or email template. It’s a linux server serving a linux user so not going to waste resources on Antivirus & Threat Mitigation.

    You would think that having a secure server would be top of the list. So the fact I disabled passwords and use ssh keys for ssh, plus strong password with 2step for the web client would count for something.

    1. Hi Dale, thanks for the comment. The information asked is our standard form for requests to open the SMTP port which is most commonly used by businesses. If you wish to run a private email server, simply fill in the details applicable to you and explain your use case and security steps taken as you mentioned here. The purpose of this is to ensure responsible use of the network and each request is evaluated case-by-case basis.

      1. Greets, apologies if my English isn’t so good. I want to mount my corporate email server, only for me and my employees can comunicate with our clients and potential clients, like send budges, invoices, etc. How can I proceed to request that port 25 opened? Thanks.

  5. New customer and also looking to get setup with a private company email server. Hope you have some more reasonable restrictions in place – like after some time or paid account this isn’t necessary….

    1. Hi Sunil, thanks for the comment and welcome to UpCloud! While we understand having to request the block to be lifted, this is a one-time procedure after which port 25 will be unrestricted account-wide on your current and future cloud server deployments. The block is necessary to prevent spam and other unsolicited mass emails which in turn protects the network reputation and ensures email deliverability for users such as yourself.

Leave a Reply

Your email address will not be published. Required fields are marked *

Locations

Helsinki (HQ)

In the capital city of Finland, you will find our headquarters, and our first data centre. This is where we handle most of our development and innovation.

London

London was our second office to open, and a important step in introducing UpCloud to the world. Here our amazing staff can help you with both sales and support, in addition to host tons of interesting meetups.

Singapore

Singapore was our 3rd office to be opened, and enjoys one of most engaged and fastest growing user bases we have ever seen.

Seattle

Seattle is our 4th and latest office to be opened, and our way to reach out across the pond to our many users in the Americas.