SMTP
Port 465 isn't deprecated — RFC 8314 recommends it for implicit TLS. Fix "SMTP error port 465" by enabling TLS-on-connect, unblocking the port, and fixing auth.
Updated Jul 1, 2026
The short answer
"SMTP error port 465" is not an SMTP reply code — it's a connection failure when sending mail over port 465, the implicit-TLS submission port. Despite older claims that 465 is "deprecated," RFC 8314 re-registered it as the preferred long-term direction, and providers like Amazon SES and Gmail support it. Failures almost always come from a client not using TLS-from-connect (e.g. Nodemailer secure:true), a firewall blocking the port, or bad auth — not the port itself.
There is no SMTP reply code "465." Port 465 is a TCP port, not an SMTP status code, so "SMTP error port 465" refers to a connection that fails when a mail client tries to submit mail over port 465 — the implicit TLS submission port (historically called SMTPS or "TLS Wrapper"). The fix is almost never to abandon the port; it's to configure your client correctly, confirm the port is reachable, and fix authentication.
Correction to a common myth: Older guidance (including a previous version of this page) claimed port 465 "will fail" because IANA reassigned it. That is out of date. IANA did revoke the original
smtpsregistration in the late 1990s, but RFC 8314 (2018, §7.3) formally re-registered port 465 for mail submission over implicit TLS and describes it as the preferred long-term direction over STARTTLS on 587 (§1), while §3.3 calls for supporting both ports during the transition period. Major providers support it today: Amazon SES accepts 465 and 2465 as "TLS Wrapper" endpoints, and Gmail documentssmtp.gmail.com:465with SSL. Port 465 is not deprecated.
The error is a TCP/TLS-layer failure, surfaced by your mail library, not the server's SMTP dialogue. The usual root causes:
STARTTLS command. If your library opens a cleartext socket (the STARTTLS pattern used on 587) and waits for a 220 banner, the handshake never completes and you get a hang, timeout, or an SSL error like wrong version number.Connection timed out / ETIMEDOUT, distinct from a TLS error.535 5.7.8). For Gmail/Google Workspace this is usually because you used your normal password — Google removed "Less Secure Apps" access for personal Gmail accounts in 2022, with Workspace accounts moved to a similar requirement on a later 2024–2025 timeline, so you must use an App Password (with 2-Step Verification) or OAuth2.Step 1 — Enable TLS-from-connect, not STARTTLS. On 465 the connection must be encrypted from the first byte.
// Nodemailer — port 465 requires secure: trueconst transporter = nodemailer.createTransport({host: "smtp.example.com",port: 465,secure: true, // implicit TLS on connect (set false ONLY for 587/STARTTLS)auth: { user: "USERNAME", pass: "APP_PASSWORD" },});
# Python — use SMTP_SSL for 465 (not SMTP + starttls, which is for 587)import smtplib, sslctx = ssl.create_default_context()with smtplib.SMTP_SSL("smtp.example.com", 465, context=ctx) as s:s.login("USERNAME", "APP_PASSWORD")s.send_message(msg)
Step 2 — Prove the port is reachable. Test the TLS handshake directly:
openssl s_client -connect smtp.example.com:465 -crlf
A successful run prints the certificate chain and a 220 SMTP banner. If it hangs or times out, the port is blocked — switch networks, open the port in your firewall/security group, or fall back to the STARTTLS submission port 587 (set secure: false in Nodemailer / use SMTP() + starttls() in smtplib). Both 465 and 587 are valid per RFC 8314.
Step 3 — Fix authentication. Use an App Password or OAuth2 for Gmail/Workspace; for SendGrid use apikey as the username and the API key as the password; for SES use your SMTP credentials (not your AWS keys).
Sending through Courier instead. If you'd rather not manage SMTP ports, TLS modes, and provider auth yourself, route email through Courier, which handles provider connections and failover so you don't troubleshoot port 465 directly.
References
FAQ
No. IANA revoked the original SMTPS registration in the 1990s, but RFC 8314 (2018) re-registered port 465 for mail submission over implicit TLS, describing it as the preferred long-term direction while §3.3 calls for supporting both 465 and 587 during the transition. Providers including Amazon SES and Gmail actively support port 465.
One API, every provider
Courier connects to your email, SMS, and push providers, handles retries and failover, and surfaces delivery errors in plain language.
Reply-code definitions per RFC 8314 §1, §3.3, §7.3. Last reviewed Jul 1, 2026. Courier is not affiliated with third-party providers; error behavior may vary by implementation.
© 2026 Courier. All rights reserved.