TLSTransport Layer Security
TLS (Transport Layer Security) is the encryption protocol that protects data, including email, as it travels between two servers. It is the successor to SSL, and in email it stops the contents of a message being read or altered by anyone listening on the network. TLS 1.3 is defined in RFC 8446; for SMTP it is usually switched on by the STARTTLS command.
- Encrypts a connection so email cannot be read or tampered with in transit
- The successor to SSL; TLS 1.2 and TLS 1.3 are the versions in use today
- In SMTP it is most often negotiated through the STARTTLS upgrade
- TLS 1.0 and 1.1 are deprecated by RFC 8996; require 1.2 or 1.3
What TLS does
TLS provides three guarantees for a connection: confidentiality (the data is encrypted so eavesdroppers cannot read it), integrity (tampering is detected), and authentication (a certificate proves the server is who it claims to be). It is the same protocol that secures HTTPS websites, applied here to the link between mail servers.
It is worth being precise about scope: TLS protects email in transit, hop by hop between servers, not at rest in a mailbox, and it is not the same as end-to-end message encryption like PGP or S/MIME. Without TLS, the body, headers, and credentials of an SMTP session cross the internet in plain text for anyone on the path to capture.
TLS versions and the 2026 baseline
TLS grew out of SSL, the protocol Netscape created in the 1990s. The lineage runs SSL 2.0 and 3.0, then TLS 1.0, 1.1, 1.2, and 1.3. The two relevant versions today are:
- TLS 1.2 (2008): still widely used and considered secure when configured with strong cipher suites.
- TLS 1.3 (2018, RFC 8446): the current best practice. It has a faster one round-trip handshake, removes obsolete and weak ciphers, and makes forward secrecy mandatory.
The older versions are no longer safe. RFC 8996 (2021) formally deprecates TLS 1.0 and 1.1, and SSL is long dead. A modern mail server should offer TLS 1.2 at a minimum and prefer TLS 1.3.
How TLS is used in email
There are two ways to put a mail connection inside TLS. Explicit TLS starts the session in plain text and upgrades it with the STARTTLS command; this is how almost all server-to-server (MTA to MTA) relay on port 25 is encrypted, and it is opportunistic by default. Implicit TLS encrypts the whole connection from the first byte and is used for mail submission on port 465, as recommended by RFC 8314.
For deliverability, encryption is now an expectation rather than a bonus. Major mailbox providers negotiate TLS on virtually all of their mail, and a server that cannot speak modern TLS looks dated and untrustworthy. Domains that need to guarantee TLS on inbound mail publish an MTA-STS policy or a DANE record so opportunistic STARTTLS cannot be silently stripped.
How a TLS connection is established
TLS 1.2 vs TLS 1.3
| TLS 1.2 | TLS 1.3 | |
|---|---|---|
| Released | 2008 | 2018 |
| Handshake | 2 round trips | 1 round trip |
| Forward secrecy | Optional | Mandatory |
| Weak ciphers | Possible if misconfigured | Removed from the spec |
| Status | Secure, widely used | Current best practice |