Ports

Port 587: SMTP submission

Authenticated email submission from clients and applications. Preferred for outbound mail from users.

Where you will see it: You will see this in scans, firewall rules, vulnerability reports, and service configs. Treat open ports as exposure points and verify the service is expected, hardened, and restricted.

What it is

TCP port 587 is the standard port for SMTP message submission, meaning mail sent from users or applications to their outgoing mail server. A port is a transport layer number used together with an IP address and a protocol such as TCP or UDP to direct traffic to the correct service on a host. A server process binds a socket to a port and listens, while a client typically chooses an ephemeral source port for outbound connections.

The combination of source and destination IP addresses, source and destination ports, and the transport protocol uniquely identifies a flow so the operating system can keep many conversations separate. Firewalls, NAT, and scanners talk about ports because the destination port is the stable rendezvous point that exposes a service to the network.

A submission server listens on 587 and a client connects from an ephemeral source port. After the TCP handshake, the two sides exchange SMTP commands, and the session typically upgrades to TLS using STARTTLS before credentials are sent.

The client then authenticates and submits the message, and the server applies policy and relays it onward. This is different from port 25, which is mainly server to server relay, and from port 465, which expects TLS immediately rather than negotiating an upgrade.

From a security view, 587 is designed for authentication and abuse controls. If it is misconfigured as an open relay or if credentials are weak, attackers can use it to send spam or to impersonate users.

How it works in broad strokes

  1. Client connects and issues SMTP commands to identify itself and negotiate capabilities.
  2. Client upgrades to TLS with STARTTLS when required, then authenticates and submits the message.
  3. Server enforces submission rules and relays the message onward to recipients.

Concrete example

A web application sends password reset emails. It connects to the provider on 587, negotiates STARTTLS, authenticates with a service account, and submits the message for delivery.

Why it matters

Using 587 reduces spam risk because you can enforce authentication, rate limits, and sender policy. In security reviews, applications that send email should use submission rather than trying to speak directly to the open internet on port 25.

Security angle

  • Require authentication and enforce rate limits and sender policies.
  • Require TLS and validate certificates on clients where possible.
  • Use app specific credentials or OAuth and rotate secrets.

Common pitfalls

  • Using 25 for application outbound mail and then getting blocked by networks or blacklisted.
  • Failing to require TLS, allowing downgrade attacks on opportunistic STARTTLS.
  • Hardcoding credentials in apps without rotation or secrets management.