Summary
While opportunistic TLS, by definition, means encryption is not guaranteed for every single email, truly sporadic or consistently low TLS encryption rates are generally not common for well-managed bulk email senders. The prevailing view among email experts and major service providers is that high and consistent TLS rates, often 90% or more, are the expected norm. Significant dips or inconsistencies in TLS encryption are usually a red flag, indicating underlying problems with the sender's configuration, network path, reputation, or connectivity to a large number of outdated recipient mail systems. While some minor variability can occur due to the diverse capabilities of receiving servers, widespread 'sporadic' rates point to an issue that should be investigated.
Key findings
- Not a Common Scenario: The consensus among experts and major email providers is that truly sporadic or consistently low TLS encryption rates are not common for reputable bulk email senders using opportunistic TLS. Such inconsistency typically signals an underlying issue rather than being a normal occurrence.
- High Rates are Expected: Despite TLS being opportunistic, major mail providers like Gmail consistently achieve over 90% encryption for emails in transit. Similarly, reputable bulk senders and receivers generally achieve very high encryption rates, often 90% or more, emphasizing that consistent encryption is the norm.
- Inherent Variability vs. Sporadic: While opportunistic TLS inherently allows for some messages to be sent unencrypted if the receiving server does not support TLS or if negotiation fails, this does not mean wildly sporadic overall rates are expected. Any significant dips or inconsistencies suggest a problem to be addressed.
- Impact on Deliverability and Trust: A consistently high percentage of TLS-encrypted emails is crucial for maintaining sender reputation and improving deliverability. Sporadic or low encryption rates can negatively impact how inbox providers perceive a sender.
Key considerations
- Investigate Inconsistencies: If a bulk sender observes sporadic or significantly low TLS encryption rates, it should be treated as a red flag and promptly investigated, as this is not typical for well-managed operations.
- Identify Underlying Issues: Common causes for unexpectedly low or sporadic TLS rates include connecting to a high proportion of very old, unpatched mail servers, network or firewall problems blocking TLS handshakes, or a damaged sender reputation leading recipient servers to downgrade connections.
- Optimize Sender Configuration: Even with opportunistic TLS, bulk senders should ensure their infrastructure is configured optimally to maximize successful TLS connections, aiming for a very high percentage of encrypted emails.
- Recipient Server Diversity: The opportunistic nature of TLS means that some variability can occur based on the capabilities of diverse recipient mail servers. However, this does not imply that wildly sporadic rates are common for healthy bulk senders.
What email marketers say
9 marketer opinions
While TLS encryption for email is opportunistic by nature, meaning not every single transmission is guaranteed to be encrypted, truly sporadic or consistently low encryption rates are not typical for well-managed bulk email senders. The prevailing view among email experts and major service providers is that reputable senders should consistently achieve high TLS rates, often 90% or even 95% or more. Significant dips, inconsistent performance, or 'sporadic' rates are generally considered a red flag. These inconsistencies suggest underlying problems such as connectivity to many outdated recipient servers, network or firewall issues, or a damaged sender reputation leading receiving servers to downgrade connection security.
Key opinions
- Not a Common Occurrence: Email deliverability experts largely agree that sporadic or significantly low TLS encryption rates are an anomaly, rather than a common occurrence, for reputable bulk email senders using opportunistic TLS.
- High Rates Are Expected: Despite TLS being opportunistic, the expectation for well-managed bulk senders and major mailbox providers is a consistently high encryption rate, frequently 90% or more, emphasizing that reliable encryption is the standard.
- Indicates an Underlying Issue: When sporadic TLS rates do occur, they typically signal a problem with the sender's configuration, network path, or reputation, rather than being an accepted outcome of opportunistic TLS.
- Impact on Deliverability: A consistently high percentage of TLS-encrypted emails is vital for maintaining a strong sender reputation and improving overall email deliverability. Poor or inconsistent rates can negatively affect how inbox providers view a sender.
Key considerations
- Investigate Any Inconsistencies: Any observed sporadic or significantly low TLS encryption rates should be treated as a warning sign and thoroughly investigated. This is not a normal state for a healthy bulk sending operation.
- Identify Root Causes: Potential reasons for inconsistent TLS include connecting to a high proportion of very old mail servers lacking TLS support, network or firewall problems interfering with TLS handshakes, or a damaged sender reputation causing recipient servers to downgrade connections or throttle.
- Optimize Infrastructure: Bulk senders should ensure their email infrastructure is properly configured and maintained to maximize successful TLS connections, aiming for the highest possible percentage of encrypted emails.
- Monitor and Review Metrics: Regularly monitoring TLS encryption rates helps identify potential issues early. While some minor variability can occur due to the diverse nature of receiving servers, extreme dips or inconsistency warrant immediate attention.
Marketer view
Marketer from Email Geeks explains that his company, using SFMC, has not observed sporadic encryption rates over the past 120 days, although they might be configured for mandatory TLS.
1 May 2024 - Email Geeks
Marketer view
Marketer from Email Geeks responds that sporadic encryption rates are 'definitely not everyone,' contradicting the claim that all bulk senders are experiencing this issue.
2 Aug 2022 - Email Geeks
What the experts say
2 expert opinions
Sporadic TLS encryption rates are indeed an inherent characteristic for bulk email senders employing opportunistic TLS, stemming directly from its design. This mechanism prioritizes message delivery, meaning that if a receiving server does not support TLS or encounters configuration issues, the email is still delivered but without encryption. This fallback to unencrypted SMTP naturally leads to variability and inconsistent encryption rates across diverse recipient domains, making some degree of sporadic performance common.
Key opinions
- Opportunistic TLS Design: Opportunistic TLS is designed to prioritize email delivery over guaranteed encryption. If a TLS handshake fails, the message is still sent unencrypted, rather than delivery failing.
- Inherent Variability: The 'opportunistic' nature of TLS means encryption only occurs if possible, leading to inherent variability and inconsistent encryption rates for bulk senders connecting to a wide array of recipient servers.
- Impact of Receiver Capabilities: Sporadic encryption rates are common because bulk senders frequently encounter diverse recipient domains with varying levels of TLS support, configuration issues, or outdated systems.
- No Delivery Failure: A key aspect of opportunistic TLS is that a failed TLS handshake does not prevent email delivery; the connection simply reverts to unencrypted SMTP, contributing to the sporadic encryption outcomes.
Key considerations
- Recipient Server Diversity: Bulk email senders will inevitably connect to a wide range of recipient mail servers, some of which may lack TLS support or have configuration issues, making 100% consistent encryption challenging.
- Focus on Delivery First: Opportunistic TLS is fundamentally about ensuring message delivery, even if it means sacrificing encryption. This design choice contributes to the observed inconsistencies in encryption rates.
- Sender-Side Optimization: While recipient server capabilities introduce variability, senders should still ensure their own systems are fully optimized for TLS to maximize encryption attempts and successful connections.
- Monitoring and Analysis: Despite the inherent variability, monitoring TLS encryption rates remains important. Significant or sustained dips beyond expected sporadic behavior could still indicate underlying sender-side or network issues.
Expert view
Expert from Spam Resource explains that opportunistic TLS does not guarantee encryption. If a receiving server doesn't support TLS or has configuration issues, the message is still delivered unencrypted. This "opportunistic" nature means connections are only encrypted if possible, leading to inherent variability and sporadic encryption rates for bulk senders.
16 Aug 2022 - Spam Resource
Expert view
Expert from Word to the Wise shares that opportunistic TLS does not fail email delivery if the TLS handshake fails; it reverts to unencrypted SMTP. This implies that for bulk senders connecting to diverse recipient domains, encountering varying TLS support or configuration issues is common, thus causing inconsistent or sporadic TLS adoption rates.
12 Jan 2023 - Word to the Wise
What the documentation says
5 technical articles
Despite the inherent 'opportunistic' design of TLS, which permits unencrypted fallback, significant and widely sporadic encryption rates are not considered a common norm for responsible bulk email senders. Industry data, including reports from major providers like Google, consistently show very high encryption percentages-frequently above 90%-for high-volume email traffic. This indicates that while minor variability exists due to diverse recipient server capabilities, truly erratic or consistently low TLS rates signal an anomaly or an issue to be addressed, rather than a typical state for healthy sending operations.
Key findings
- High Encryption is Normative: For bulk email, even with opportunistic TLS, very high encryption rates-often exceeding 90%-are the expected standard for senders with modern configurations, as evidenced by major mail providers.
- Sporadic is Not Typical: Genuine sporadic or highly inconsistent TLS encryption rates are not a normal or common characteristic for healthy, high-volume email sending, despite the 'opportunistic' nature of the protocol.
- Signals Underlying Problems: When sporadic TLS rates do occur, they typically indicate a specific problem, such as outdated recipient infrastructure, network connectivity issues, or a diminished sender reputation, rather than being an inherent system behavior.
- TLS Aids Deliverability: Consistent, high TLS usage is crucial for maintaining sender trust and reputation with mailbox providers, directly influencing email deliverability and inbox placement.
Key considerations
- Prompt Issue Investigation: Any observation of genuinely sporadic or significantly low TLS encryption rates should be treated as a priority issue requiring immediate investigation, as this is atypical for well-managed bulk sending operations.
- Diagnose Root Causes: Potential causes for unexpected TLS variability include an unusually high proportion of recipients using very old, unpatched mail servers, network path interruptions, firewall misconfigurations, or a degraded sender reputation.
- Maximize Sender-Side TLS: Bulk senders should ensure their own email infrastructure is optimally configured to always attempt and successfully negotiate TLS connections, even when the protocol is opportunistic.
- Understand Variability Scope: While minor fluctuations in TLS rates can occur due to the wide array of recipient server capabilities, this differs from consistently sporadic or low rates, which are anomalies that warrant attention.
Technical article
Documentation from Google Transparency Report explains that over 90% of emails sent to and from Gmail are encrypted in transit using TLS. This data suggests that while opportunistic, major mail providers consistently achieve very high encryption rates, implying that sporadic rates are not the norm for widespread email traffic.
8 Nov 2022 - Google Transparency Report
Technical article
Documentation from Microsoft Learn explains that Exchange Online Protection (EOP) uses opportunistic TLS for email delivery. While it prioritizes TLS, if the receiving server does not support TLS, the email is sent without encryption. This inherent behavior means some variability is possible depending on recipient server capabilities, but it does not imply that wildly sporadic rates are common for healthy bulk senders.
29 Jan 2023 - Microsoft Learn
Does using TLS matter for email deliverability or inbox placement?
Does website SSL/TLS affect email deliverability?
How does TLS inbound affect email deliverability and sender confidence?
Should I configure SSL or TLS on my sending domains for email marketing?
What is TLS encrypted email traffic and what causes a drop in its percentage?
Why is outbound TLS important for email marketing?
