SMTPS

From Wikipedia, the free encyclopedia
Jump to: navigation, search

SMTPS refers to a method for securing SMTP with transport layer security. It is intended to provide authentication of the communication partners, as well as data integrity and confidentiality.

SMTPS is not a proprietary protocol and not an extension of SMTP. It is just a way to secure SMTP at the transport layer.

This means that the client and server speak normal SMTP at the application layer, but the connection is secured by SSL or TLS. This happens when the connection is established before any mail data has been exchanged. Since whether or not to use SSL or TLS is not negotiated by the peers, SMTPS services are usually reachable on a dedicated port of their own.

Originally, in early 1997, the Internet Assigned Numbers Authority registered 465 for SMTPS. [1] By the end of 1998, this was revoked when STARTTLS had been specified.[2] With STARTTLS, the same port can be used with or without TLS. SMTP was seen as particularly important, because clients of this protocol are often other mail servers, which can not know whether a server they wish to communicate with will have a separate port for TLS.[3] The port 465 is now registered for Source-Specific Multicast audio and video.[4][5]

Even in 2013, there are still services that continue to offer the deprecated SMTPS interface on port 465 in addition to (or instead of!) the RFC-compliant message submission interface on the port 587 defined by RFC 6409.[6] Service providers that maintain port 465 do so because [7] older Microsoft applications (including Entourage v10.0) do not support STARTTLS, [8] and thus not the smtp-submission standard (ESMTPS on port 587). The only way for service providers to offer those clients an encrypted connection is to maintain port 465.

References[edit]

  1. ^ "NEW DRAFT: Regularizing Port Numbers for SSL". w3. 1997-02-07. Retrieved 2013-07-27. 
  2. ^ Paul Hoffman (1998-11-12). "Revoking the smtps TCP port". Internet Mail Consortium. Retrieved 2009-09-16. 
  3. ^ Paul Hoffman (1997-06-01). "Do we need IMAP / TLS or POP / TLS?". Internet Mail Consortium. Retrieved 2009-09-16. 
  4. ^ "Port Numbers". Internet Assigned Numbers Authority. 2009-09-14. Retrieved 2009-09-16. 
  5. ^ "SSM". Cisco Systems. Retrieved 2009-09-16. 
  6. ^ "Re-mishap in Gmail". Heise Online. 2009-09-24. Retrieved 2009-09-25. 
  7. ^ "SMTP mail settings". The Art Farm. Retrieved 28 April 2013. 
  8. ^ "Postfix TLS support". Retrieved 28 April 2013.