We describe unsecured SMTP in this chapter. In real-world use, SMTP should be secured if both communicating servers support it. Not all do.
Securing SMTP is done by having SMTP connections start out as plaintext on port 25. The SMTP client then issues a STARTTLS command to upgrade to a secure, encrypted connection. This secure connection works by merely running the SMTP commands through a TLS layer; therefore, everything we cover in this chapter is applicable to secure SMTP too. See Chapter 9, Loading Secure Web Pages with HTTPS and OpenSSL, for more information about TLS.
Mail transmission between servers is always done on port 25.
Many desktop email clients use TCP ports 465 or 587 for SMTP mail submission. Internet Service Providers (ISPs) prefer these alternative ports for mail submission, and it allows them to block port 25 altogether. This is generally justified as a spam prevention technique.
Next, let's see how to determine which mail server receives mail for a given email address.