smtp.gmail.com vs ssl://smtp.gmail.com while sending email using gmail smtp server

Question

According to this

Gmail SMTP Server could also be used to relay messages from your device or application. You can connect to Gmail mail servers using

Answer 1

The difference between the prefixing the hostname with ssl:// and without it is whether or not the underlying stream will be wrapped through OpenSSL, or speak in plain text.

When you connect to Gmail on port 465, it expects the client will use TLS encryption. Most likely, the error message you were seeing was a general result of connecting to a service expecting an encrypted connection when it was just trying to write and read data in plain text.

PHP does magic for you when you use the ssl:// wrapper to connect to a service that supports TLS or SSL. It allows you to read and write on the stream (using say fread/fwrite) in the same manner you would on an unencrypted connection and all the handshaking, encryption, and decryption is done in the background having to do no more than prefix the host with the ssl wrapper.

As to the second question, it is most likely security related. In order to relay (send mail to another domain) you need to authenticate over SMTP which should NEVER be done in cleartext while you can connect on port 25 using an unencrypted connection and send mail to a Gmail user without authenticating (this is what most outside mail servers do when one of their users which to send mail to Gmail). But technologically, there's nothing preventing them from allowing you to send mail using an unencrypted connection, or even authenticating with Gmail credentials (this is called an open relay and is usually badly abused by spammers).

You can learn more about your first question by just reading about the SMTP protocol, the STARTTLS command, and TLS encryption in general. STARTTLS allows a client to connect to the mail server over an unencrypted connection and then negotiate (upgrade) the connection to use encryption, where on the other hand, connections to port 465 expect a TLS handshake to occur as soon as the connection is established and before any protocol (SMTP) communication occurs.