Port 25 policy and email port clarification
Port 25 is blocked on shared hosting for outbound email. Use port 587 (STARTTLS) or 465 (SSL) instead.
UnderHost NOC
Network Operations
On this page
Port 25 is the traditional SMTP port used for server-to-server email transmission. On UnderHost shared hosting, outbound port 25 is blocked for security reasons. This is industry-standard practice across all major hosting providers. Instead, use port 587 (STARTTLS) or port 465 (SSL/TLS) to send email from mail clients and applications.
Understanding email ports
SMTP (Simple Mail Transfer Protocol) is the protocol used for sending email. Different ports serve different purposes:
- Port 25: Traditional SMTP port for server-to-server communication (blocked on shared hosting)
- Port 587: SMTP Submission port for mail clients (secure with STARTTLS) — USE THIS
- Port 465: SMTPS port for mail clients (secure with SSL/TLS) — OR USE THIS
- Port 110: POP3 port for receiving email (insecure, legacy)
- Port 995: POP3S port for receiving email (secure with SSL/TLS)
- Port 143: IMAP port for receiving email (insecure, legacy)
- Port 993: IMAPS port for receiving email (secure with SSL/TLS)
Why is port 25 blocked on shared hosting?
Blocking outbound port 25 on shared hosting is a critical security measure that prevents:
- Spam abuse: Compromised WordPress accounts or hacked scripts could send thousands of spam emails directly using port 25
- Email server bypass: Poorly configured applications bypassing the legitimate mail server
- IP blacklisting: Uncontrolled outbound mail could get the entire server's IP address blacklisted by major ISPs and spam filters (affecting all users on that IP)
- Account compromise: Attackers using open port 25 to establish botnets or send phishing emails
This is not unique to UnderHost. Every legitimate hosting provider (GoDaddy, Bluehost, SiteGround, AWS, etc.) blocks port 25 on shared hosting for the same reasons.
Port 25 security risks
When port 25 is open without restrictions, it becomes a vulnerability:
| Risk | What happens | Impact |
|---|---|---|
| Spam bot | Malware sends spam directly from your server via port 25 | Server IP blacklisted, all websites on server affected |
| Phishing emails | Attacker uses port 25 to spoof sender addresses | Legal liability, reputation damage |
| Account compromise | Hacked WordPress site uses port 25 to send mass mail | Bandwidth consumed, email reputation damaged |
| Botnet relay | Your server becomes an open relay for external spam | Server IP permanently blacklisted |
By blocking port 25, UnderHost protects your account and all other accounts on the shared server.
What ports to use instead
For sending email from mail clients (Outlook, Thunderbird, Apple Mail, etc.):
| Port | Protocol | Encryption | Status | Why use it |
|---|---|---|---|---|
| 587 | SMTP | STARTTLS | ✓ OPEN on shared | RECOMMENDED — Secure, standard for mail clients |
| 465 | SMTPS | SSL/TLS | ✓ OPEN on shared | Alternative — Also secure, works with most clients |
| 25 | SMTP | None/optional | ✗ BLOCKED on shared | NOT available — Server-to-server only, blocked for security |
Mail client configuration
For Outlook, Thunderbird, Apple Mail, or any email client:
Incoming (POP3/IMAP):
- Server: mail.yourserver.com (or your domain name)
- Port: 993 (IMAPS, recommended) OR 995 (POP3S)
- Encryption: SSL/TLS
- Username: full email address (user@yourdomain.com)
- Password: your email password
Outgoing (SMTP):
- Server: mail.yourserver.com (or your domain name)
- Port: 587 (SMTP with STARTTLS) — USE THIS
- Encryption: STARTTLS
- Username: full email address (user@yourdomain.com)
- Password: your email password
- Authentication required: YES
Alternative SMTP settings (if port 587 doesn't work):
- Port: 465 (SMTPS with SSL/TLS)
- Encryption: SSL/TLS (different from STARTTLS)
- All other settings same as above
Key point: Both port 587 and 465 require authentication. You MUST provide your email username and password. This prevents open relay abuse.
Port 25 on VPS and dedicated servers
On Cloud VPS and dedicated servers, port 25 is also blocked by default in the network-level firewall. This protects UnderHost's reputation and prevents abuse at the IP level.
If you need port 25 open (e.g., running your own mail server):
- Open a technical support ticket with UnderHost
- Explain your use case (e.g., "Running Postfix mail server for legitimate email delivery")
- Provide your server IP address
- Describe your email volume and security measures
- UnderHost will review and may unblock port 25 after verification
Legitimate reasons UnderHost may approve:
- Running a dedicated mail server (Postfix, Exim, Sendmail)
- High-volume transactional email (newsletters, notifications)
- Mail service provider for customer domains
Reasons UnderHost may deny:
- General website email (use port 587 instead)
- Unclear use case or no legitimate justification
- Server with history of abuse
Troubleshooting email not sending
If your email client says "cannot connect to SMTP server":
- Check port: Ensure you're using port 587 or 465, NOT 25
- Check encryption: Port 587 uses STARTTLS; port 465 uses SSL/TLS
- Enable authentication: Check "Authentication required" or "Server requires login"
- Verify username/password: Must be your full email address (user@domain.com) and correct password
- Test with telnet:
telnet mail.yourserver.com 587(should connect)
If mail client still fails: Check UnderHost's support documentation or open a ticket with your mail client settings and error message.
Port 587 with STARTTLS is the official standard for mail client SMTP (RFC 2476). All major email providers (Gmail, Outlook, etc.) and hosting companies recommend it. Use port 587 unless you have a specific reason not to.
Related: Email not sending troubleshooting | SMTP settings | IMAP/POP3 settings | Email setup guide
Need email hosting?
UnderHost shared and managed hosting include mailbox, webmail, DNS, SPF/DKIM, and email support for your domain.
