SMTPS and STARTTLS are both methods used to secure SMTP connections, but they differ in how they establish the secure connection. Here are the key differences:
SMTPS (SMTP over SSL)
-
Connection Method:
- SMTPS establishes a secure connection from the very beginning. The client connects to the SMTP server using SSL/TLS on a dedicated port (typically port 465).
-
Port:
- Uses port 465 for secure connections.
-
Protocol:
- The entire communication occurs over SSL/TLS from the start, meaning that the client and server negotiate the secure connection before any SMTP commands are sent.
-
Legacy:
- SMTPS is considered a legacy method and is less commonly used today compared to STARTTLS.
STARTTLS
-
Connection Method:
- STARTTLS starts with an unencrypted connection on a standard SMTP port (usually port 25 or 587). After the initial handshake, the client sends the
STARTTLScommand to upgrade the connection to a secure one.
- STARTTLS starts with an unencrypted connection on a standard SMTP port (usually port 25 or 587). After the initial handshake, the client sends the
-
Port:
- Typically uses port 587 for secure connections (though port 25 can also be used).
-
Protocol:
- The connection begins as plain text, and only after the
STARTTLScommand is issued does the client and server negotiate the secure connection.
- The connection begins as plain text, and only after the
-
Flexibility:
- STARTTLS allows for both secure and non-secure connections on the same port, making it more flexible for servers that need to support both types of connections.
Summary
- SMTPS: Secure from the start, uses a dedicated port (465), and is less flexible.
- STARTTLS: Starts as an unencrypted connection and upgrades to secure, typically uses port 587, and is more flexible.
In modern implementations, STARTTLS is generally preferred due to its flexibility and compatibility with existing SMTP infrastructure.
