Editing Email client (section)

==Submitting messages to a server==

When a user wishes to create and send an email, the email client will handle the task. The email client is usually set up automatically to connect to the user's mail server, which is typically either a [[Mail submission agent|MSA]] or a [[Mail transport agent|MTA]], two variations of the [[SMTP]] protocol. The email client which uses the SMTP protocol creates an authentication extension, which the mail server uses to authenticate the sender. This method eases modularity and nomadic computing. The older method was for the mail server to recognize the client's IP address, e.g. because the client is on the same machine and uses internal address 127.0.0.1, or because the client's IP address is controlled by the same [[Internet service provider]] that provides both Internet access and mail services.

Client settings require the name or IP address of the preferred ''outgoing mail server'', the ''port number'', and the ''user name'' and ''password'' for authentication, if any. The following ports are used for email submission:
  
- '''Port 465''' – The officially designated port for mail submission using [[Transport Layer Security|TLS]] from the start of the connection (Implicit TLS), as per [https://www.rfc-editor.org/rfc/rfc8314.html RFC 8314]. Since encryption is enforced from the beginning, it eliminates the risk of downgrade attacks or MITM (Man-in-the-Middle) attacks that could strip away encryption.

- '''Port 587''' – Commonly used for mail submission with support for [[STARTTLS]], allowing the connection to be optionally upgraded to TLS. However, if a MITM attacker interferes with the STARTTLS command, the connection may remain unencrypted, making it less secure than implicit TLS on port 465.  

Port 25, originally intended for message relay between MTAs, is '''not for client message submission''' and is often blocked by ISPs to prevent spam.