smtp.gmail.com vs ssl://smtp.gmail.com while sending email using gmail smtp server

3
votes

According to this

Gmail SMTP Server could also be used to relay messages from your device or application. You can connect to Gmail mail servers using SMTP, SSL/TLS. If you connect using SMTP, you can only send mail to Gmail or Google Apps users; if you connect using SSL/TLS, you can send mail to anyone.

If your device or application supports SSL - connect to smtp.gmail.com on port 465.

So I tried connecting to smtp.gmail.com on port 465. I got the following error:

Unable to send email using PHP SMTP. Your server might not be configured to send mail using this method.

Some code uses another address "ssl://smtp.gmail.com".

When I use ssl://smtp.gmail.com also on port 465, my application now works correctly.

  • What's the difference between ssl://smtp.gmail.com and smtp.gmail.com if the latter also uses ssl?
  • Why can't we send emails to other domains without SSL? Is this only done by gmail for security purposes?

I am extremely new at this. Can anyone explain? I am using php if it matters.

1
phpemailsslsmtpgmail

1 Answers

3
votes

The difference between the prefixing the hostname with ssl:// and without it is whether or not the underlying stream will be wrapped through OpenSSL, or speak in plain text.

When you connect to Gmail on port 465, it expects the client will use TLS encryption. Most likely, the error message you were seeing was a general result of connecting to a service expecting an encrypted connection when it was just trying to write and read data in plain text.

PHP does magic for you when you use the ssl:// wrapper to connect to a service that supports TLS or SSL. It allows you to read and write on the stream (using say fread/fwrite) in the same manner you would on an unencrypted connection and all the handshaking, encryption, and decryption is done in the background having to do no more than prefix the host with the ssl wrapper.

As to the second question, it is most likely security related. In order to relay (send mail to another domain) you need to authenticate over SMTP which should NEVER be done in cleartext while you can connect on port 25 using an unencrypted connection and send mail to a Gmail user without authenticating (this is what most outside mail servers do when one of their users which to send mail to Gmail). But technologically, there's nothing preventing them from allowing you to send mail using an unencrypted connection, or even authenticating with Gmail credentials (this is called an open relay and is usually badly abused by spammers).

You can learn more about your first question by just reading about the SMTP protocol, the STARTTLS command, and TLS encryption in general. STARTTLS allows a client to connect to the mail server over an unencrypted connection and then negotiate (upgrade) the connection to use encryption, where on the other hand, connections to port 465 expect a TLS handshake to occur as soon as the connection is established and before any protocol (SMTP) communication occurs.