Summary
The overwhelming consensus from marketers, experts, and technical documentation (Google, Microsoft, NCSC, RFC) is that TLS (Transport Layer Security) should be configured for sending domains to ensure secure email marketing practices. TLS encrypts email during transit, protecting it from eavesdropping and man-in-the-middle attacks. While TLS primarily secures SMTP connections, SSL certificates are important for securing HTTPS connections on associated websites or landing pages. STARTTLS is recommended for opportunistic encryption when supported by both mail servers. Though TLS might not directly boost deliverability, it's a best practice, especially in regulated industries, and enhances sender reputation.
Key findings
- TLS for SMTP: TLS is essential for encrypting email communications during SMTP transactions.
- SSL for HTTPS: SSL certificates are important for securing associated websites and landing pages.
- STARTTLS: STARTTLS provides opportunistic encryption when supported by both sending and receiving servers.
- Security Best Practice: Implementing TLS is considered a fundamental security practice for email marketing.
- Encryption Benefits: Encryption protects against eavesdropping and unauthorized access to email content.
Key considerations
- Regulatory Compliance: Certain industries may require TLS for compliance with data protection regulations.
- Domain Usage: If sending domains are also used for website hosting, SSL certificates are a necessity.
- Server Support: STARTTLS relies on the support of both the sending and receiving mail servers.
- TLS Versions: Use TLS 1.2 or later for improved security
- User Trust: TLS helps minimize plain text email transmission, as lack of TLS can affect user trust.
What email marketers say
14 marketer opinions
The consensus is that TLS (Transport Layer Security) is essential for securing email communications. SSL is primarily for HTTPS connections and is an older, deprecated protocol, whereas TLS encrypts email during transit, preventing eavesdropping and man-in-the-middle attacks. While TLS doesn't directly impact deliverability, it's considered a best practice and may be required in regulated industries. SSL certificates are important for websites hosting email services to encrypt data transfer between the server and users. Implementing both, where applicable, strengthens overall security.
Key opinions
- TLS Encryption: TLS encrypts email during transit, protecting it from interception.
- SSL vs. TLS: SSL is an older protocol; TLS is the current standard for email encryption.
- HTTPS Security: SSL certificates are essential for websites and landing pages associated with email campaigns to secure data transfer.
- STARTTLS: STARTTLS is recommended for opportunistic encryption during SMTP transactions.
- Reputation: Having TLS is a general sign of being trustworthy and reputable.
Key considerations
- Industry Regulations: Certain industries may require TLS for compliance.
- Domain Usage: If the sending domain is also used for link tracking or image hosting, SSL is highly recommended.
- Implementation: Implementing SSL certificates and TLS may require coordination with IT or web hosting providers.
- Plain Text: Sending emails without TLS exposes them to potential interception.
- User Perception: Gmail and likely other providers will display a visual indicator when email is sent without TLS.
Marketer view
Marketer from Email Geeks shares that Gmail may show a lock icon if emails aren't sent over a TLS encrypted session but isn't aware of providers weighting it for reputation. The bigger benefit is minimizing plain text email transmission.
8 Jun 2023 - Email Geeks
Marketer view
Email marketer from Mailgun states that TLS is important for encrypting email communication and preventing man-in-the-middle attacks. They say that TLS makes sure your data is protected in transit.
1 Nov 2021 - Mailgun
What the experts say
1 expert opinions
Encryption, as emphasized by an expert from Word to the Wise, is crucial for modern email practices. It safeguards emails during transmission, preventing unauthorized access and ensuring data confidentiality by rendering it unreadable to malicious actors.
Key opinions
- Data Protection: Encryption prevents bad actors from viewing sensitive data sent via email.
- Privacy in Transit: Encryption protects the email's contents while it travels across the internet.
Key considerations
- Implementation: Implementing encryption protocols (like TLS/SSL) is necessary to achieve this level of security.
- Bad Actors: Without encryption, data can be read by bad actors
Expert view
Expert from Word to the Wise explains that encryption is very important to modern email practices. It protects your email in transit and keeps bad actors from viewing what is being sent. It makes it so data can’t be read as it travels across the internet.
6 Apr 2024 - Word to the Wise
What the documentation says
4 technical articles
Multiple authoritative sources, including Google, Microsoft, the NCSC, and RFC documents, emphasize the importance of TLS for securing email communications. TLS encrypts email in transit, preventing eavesdropping and unauthorized access. STARTTLS is recommended for opportunistic encryption when supported by both mail servers. Prioritizing TLS 1.2 or later is also advised for enhanced security. Configuration options are available in platforms like Exchange, with additional security measures like DANE being beneficial.
Key findings
- TLS Encryption: TLS secures email by encrypting it in transit, preventing eavesdropping.
- Industry Standard: Major providers like Google and Microsoft recommend and, in some cases, require TLS.
- STARTTLS: STARTTLS enables opportunistic encryption if both mail servers support it.
- TLS Versions: Prioritizing TLS 1.2 or later versions is recommended for increased security.
Key considerations
- Configuration: Proper configuration of TLS settings is essential for effective security.
- Compatibility: STARTTLS relies on both mail servers supporting the protocol for encryption to occur.
- Additional Security: DANE can be used to verify TLS certificates for enhanced security.
Technical article
Documentation from the NCSC (National Cyber Security Centre) recommends using TLS to protect the confidentiality of email messages in transit. It highlights the importance of STARTTLS for opportunistic encryption, where the connection is encrypted if supported by both mail servers. They also advise on configuring DANE (DNS-based Authentication of Named Entities) for verifying TLS certificates.
26 Apr 2022 - National Cyber Security Centre
Technical article
Documentation from RFC explains that STARTTLS enables opportunistic TLS, which allows email servers to negotiate a secure connection if both support it. It mentions that STARTTLS is a key component for providing backward compatibility while improving security.
8 Apr 2025 - RFC
Does using TLS matter for email deliverability or inbox placement?
Does website SSL/TLS affect email deliverability?
How can I test inbound starttls with a given external IP address?
How do I fix SSL_ERROR_BAD_CERT_DOMAIN error for my email click tracking domain?
How does TLS inbound affect email deliverability and sender confidence?
What are the updated Google bulk sender guidelines and TLS requirements for email senders?
