By default, our system is designed to opportunistically try outbound TLS when attempting to deliver email. This means that if your recipient’s email server accepts an inbound TLS connection, we will deliver the email over a TLS encrypted connection. If the server does not support TLS, we will deliver the message over the default unencrypted connection. Check out the SMTP Ports guide for more information on opportunistic TLS.
We also offer the ability to enforce TLS encryption when we attempt to deliver email to your recipients. The Enforced TLS feature specifies whether or not the recipient is required to support TLS or have a valid certificate before we deliver an email to them.