Updated on 25.5.2023

Sending email and SMTP best practices

The Simple Mail Transfer Protocol or SMTP is the Internet standard for sending and receiving emails. Email clients use SMTP to send messages to a mail server for delivery while email servers use it to forward messages to their recipients.

Outgoing emails are usually sent using port 587 or 465 while port 25 is used for relaying the message between mail servers.

Much of the email delivery depends on the reputation of the sender. Therefore, it’s important to follow common courtesy and best practices when operating a mail server. In this guide, we are going over a couple of things you need to consider before setting up an email server in the cloud.

Preventing open SMTP relay misuse

SMTP port 25 is traditionally blocked by residential ISPs and cloud providers to prevent spam. This is to prevent open SMTP relays from being misused or set up for abuse.

Configuring up your own email server requires due care to ensure security. A simple mistake in the setup can render the security settings ineffective, therefore most important part is to make sure the server does not become an open relay.

Conveniently MX Toolbox, an online network testing utility, provides an SMTP diagnostics tool with which you can easily test your configuration by just entering your mail server domain name such as mail.example.com.

Using secure SMTP connections

Secure mail submission usually takes place using a TLS-encrypted connection to port 587 of a server that submits the mail onwards. Both the client and server need to support it for a secure connection to be established. Most of the popular modern email clients support TLS, so the burden of enabling secure email delivery falls on mail server management.

It’s important to configure SMTP clients to require TLS for outgoing connections because the initial handshake takes place in plain text. A man-in-the-middle attack could otherwise make it appear that TLS is unavailable. This type of attack can be blocked by explicitly requiring TLS.

Utilising professional mailing services

Although the outbound SMTP port 25 is blocked, you can choose to use ports 465 and 587, or a non-standard port to send email through a relay. For example, you can configure your Mail Transfer Agent to use a mailing service e.g. MailChimp or Mailgun over port 587 to securely relay emails.

Alternatively, you might not want to run your own email server at all. Depending on your intended use for sending emails, you should consider utilising one of the aforementioned dedicated mailing services. Marketing campaigns and transactional emails are often best left to professionals to ensure reliable delivery.

Opening SMTP port 25

The outbound SMTP port 25 is closed by default on new accounts to prevent accidental open relays and misuse. The blocked port shows up on your server’s firewall at your UpCloud control panel but cannot be changed directly.

The port can be opened on request. If you would need port 25 opened, you can request the port block to be removed by contacting our support team.

You will be required to provide proof of identity or payment method for verification and explain your use case and why the outbound port 25 is needed. This is done to ensure the responsible use of SMTP and build trust in our network for email delivery.

Please note that we may be forced to close the outbound SMTP port 25 again due to evidence of a compromised server or the detection of spam.

Janne Ruostemaa

Editor-in-Chief

  1. Manazir Hussain

    Such a great article about sending smtp emails. This article is very informative for everyone. Thanks for Sharing.

  2. do you have step by step article guide to install working email server?

  3. Janne Ruostemaa

    Hi there, thanks for the question. Have a look at our tutorial on how to install an email server for your own domain using Postfix and Let’s Encrypt.

  4. Good, it’s help me full alot… maybe i need to install postfix + let’s encrypt

  5. thank you @Janne yes I am using postfix and LE

  6. It is particularly important to cache network connections, library references, and API client objects in global scope. See Optimizing Networking for examples.

  7. Let me know this…

    to use Port 465 and 587 to send emails ( transactional )

    Do, I need to contact the Support Team?

    by default, those ports are Open or Closed?

  8. Janne Ruostemaa

    Hi there, thanks for the question. The default email relay port 25 is closed by default on all new accounts, there are also other trial mode restrictions which would prevent the use of the ports 465 and 587. However, all of the restrictions can be lifted on request. You can read more about the email port restrictions at our guide on best practices to sending email.

  9. My greetings to everyone!

    Dear Sirs, support team!
    I have impacted to this article whilst configuring the SENDING E-MAILS OUTSIDE.

    Could you, please, satisfy my curiosity about – whether it is possible or not to send mail through 587 or 465 with a blocked port 25 (from your side).

  10. Janne Ruostemaa

    Hi Alex, thanks for the question. The port 25 is used to relay emails between email servers and is blocked by default. However, you can send emails via port 587 by using email services such as MailChimp or Mailgun as explained in the section “Utilising professional mailing services”.

  11. What about sending mails through php script? How can we make it secure?

  12. Janne Ruostemaa

    Hi there, thanks for the question. You can use PHPMailer and e.g. OAuth on MailChimp. Using TLS and therefore the port 587 means you can ignore the block on port 25 and the secure delivery is handled by the mailing service.

  13. This needs updating. As it’s almost impossible to get the port open for my use case. Really loved the idea of not having to use some third party mail and wanted a more secure email. So as upcloud is 100% uptime I thought lets setup my own mail server so that I have all the control. Just you need all this now:
    Company name:
    Company website address:
    Amount of email you will be sending daily:
    Use case:
    Example email template:
    Unsubscribe link:
    Mail Server Application Details:
    Antivirus & Threat Mitigation Steps:
    …………………….
    Was asked that when I already said I send next to zero email with no plans for any mass mail. So not going to have an unsubscribe link or email template. It’s a linux server serving a linux user so not going to waste resources on Antivirus & Threat Mitigation.

    You would think that having a secure server would be top of the list. So the fact I disabled passwords and use ssh keys for ssh, plus strong password with 2step for the web client would count for something.

  14. Janne Ruostemaa

    Hi Dale, thanks for the comment. The information asked is our standard form for requests to open the SMTP port which is most commonly used by businesses. If you wish to run a private email server, simply fill in the details applicable to you and explain your use case and security steps taken as you mentioned here. The purpose of this is to ensure responsible use of the network and each request is evaluated case-by-case basis.

  15. Greets, apologies if my English isn’t so good. I want to mount my corporate email server, only for me and my employees can comunicate with our clients and potential clients, like send budges, invoices, etc. How can I proceed to request that port 25 opened? Thanks.

  16. Janne Ruostemaa

    Hi Charles, thanks for the question. If you wish to have the port 25 opened, please contact our user support with your request to do so. We are happy to enable SMTP traffic for responsible users.

  17. Sunil Mirpuri

    New customer and also looking to get setup with a private company email server. Hope you have some more reasonable restrictions in place – like after some time or paid account this isn’t necessary….

  18. Janne Ruostemaa

    Hi Sunil, thanks for the comment and welcome to UpCloud! While we understand having to request the block to be lifted, this is a one-time procedure after which port 25 will be unrestricted account-wide on your current and future cloud server deployments. The block is necessary to prevent spam and other unsolicited mass emails which in turn protects the network reputation and ensures email deliverability for users such as yourself.

  19. If I put an e-mail address in “mail to:” in the DATA field and that address wasn’t added before the DATA field, will that e-mail address receive the e-mail?

  20. Janne Ruostemaa

    Hi Aitor, thanks for the question. The recipient address is commonly defined before the message data but depending on your application it might work just the same if given in reverse order.

  21. Ishtar Massoterapia

    Thanks for the clarification.

  22. For smaller use cases this is really annoying. I just want a mail server I can use for my personal emails. I don’t have a company, I won’t be sending a lot of emails, I don’t have a template or an unsubscribe link… I can’t even figure out how to contact support for what I need.

  23. Janne Ruostemaa

    Hi Matthew, thanks for the comment. Setting up a mail server for personal use is a perfectly valid use case, however, we would recommend using a mail relay to avoid delivery issues.

Leave a Reply to Alex

Your email address will not be published. Required fields are marked *

Back to top