Port 2465: SMTP over TLS — Amazon's Backup Door for Encrypted Email

Port 2465 doesn't appear in the IANA registry with a name. No RFC claimed it. No protocol was designed around it. And yet, if you send email through Amazon SES, there's a reasonable chance your messages have traveled through it.

What This Port Does

Port 2465 is used by Amazon Simple Email Service (SES) as an alternate port for TLS Wrapper SMTP connections — the same job performed by port 465.¹

TLS Wrapper means the connection is encrypted from the first byte. There's no handshake phase where the client says "let's upgrade to TLS." You connect, and TLS is already happening. The server presents its certificate, and the SMTP conversation proceeds over the encrypted channel. This is the older of the two ways to run encrypted SMTP — the other being STARTTLS on port 587, which starts plaintext and negotiates encryption mid-conversation.

Amazon offers 2465 alongside 465 for exactly one reason: ISPs block port 465. Some ISPs aggressively filter outbound email ports to combat spam, and 465 is a common target. Port 2465 is the workaround — an unofficial but functional alternative that flies under most blocklist radar.²

What Range This Port Belongs To

Port 2465 sits in the registered port range (1024–49151), also called the user ports range. This range is managed by IANA, and individual ports can be formally assigned to named services through an application process.³

But 2465 was never assigned. It's registered-range-unassigned — meaning IANA hasn't given it to anyone, but anyone can use it. Which is exactly what Amazon did.

This is common. The registered range has 48,127 ports. Many sit empty, waiting. Others quietly accumulate unofficial tenants — services that pick a number, start using it, and never bother with the paperwork.

Security Considerations

Because 2465 isn't a well-known port, it may pass through firewalls that only filter standard SMTP ports. That's a feature for legitimate Amazon SES users and a potential concern for security teams who haven't accounted for it.

If you're auditing outbound traffic, traffic to Amazon SES endpoints on port 2465 is legitimate SMTP over TLS. If you see port 2465 traffic to unfamiliar hosts, investigate — unassigned ports are occasionally used by malware precisely because they're less scrutinized.

How to Check What's Listening on This Port

# On Linux/macOS — show what process is listening on 2465
sudo ss -tlnp | grep 2465
sudo lsof -i :2465

# On Windows — show listening ports and owning process
netstat -ano | findstr :2465

If nothing appears, nothing is listening locally — which is the expected state on most machines. Port 2465 is a destination port for Amazon SES clients, not a server port you'd typically run yourself.

Related Ports

• Port 25 — Original SMTP. Still used for server-to-server mail delivery. Heavily filtered.
• Port 465 — The official SMTPS port. TLS Wrapper. The port 2465 mirrors when 465 is blocked.
• Port 587 — The preferred submission port. STARTTLS. What most mail clients should use.
• Port 2525 — Another unofficial alternate SMTP port, used by Mailgun and others for similar bypass purposes.