What is TLS encryption in email?

TLS (Transport Layer Security) encrypts the SMTP conversation between two mail servers, preventing eavesdroppers from reading the message in transit. It is the same encryption protocol that secures HTTPS for web traffic, applied to email server-to-server communication.

There are two main flavors:

• Opportunistic TLS (STARTTLS). Connection starts unencrypted, and either side can request to upgrade to TLS if both support it. If the upgrade fails, the connection continues unencrypted. Most common pattern.
• MTA-STS (Mail Transfer Agent Strict Transport Security). Requires TLS for incoming mail and rejects anything that does not encrypt. Newer, stricter, and increasingly used by privacy-focused services.

Practical implications:

• TLS protects the message body and headers from interception during transit between servers.
• It does not protect the message at rest in the recipient's mailbox.
• It does not protect against the recipient's own provider reading the message.
• It does not provide end-to-end encryption. That requires PGP, S/MIME, or proprietary schemes.

Modern email infrastructure has TLS support effectively universal. Every major ISP (Gmail, Outlook, Yahoo, Apple) uses TLS by default for both incoming and outgoing mail. For most practical purposes, your message-in-transit is encrypted whether or not you explicitly configure anything.