Email Security Blog

TLS for Email: What is it & How to Check if an Email Uses it

John Wilson November 24, 2021 BEC, Business Email Compromise, Email Security
laptop with envelope and security badge-secure email

Transport Layer Security (TLS) is encryption to secure email messages between sender and receiver to prevent outsiders from eavesdropping on your emails.

Read what Transport Layer Security (TLS) is, how it works, why you need it and how to check if your emails are properly encrypted.

What exactly is TLS?

TLS is a popular internet security protocol designed to establish secure communications on the internet providing both privacy and data security. TLS was first developed by the Internet Engineering Task Force (IETF) with the first version being published in 1999.

TLS was created from another encryption protocol called Secure Sockets Layer, or SSL. Since both protocols are so closely related, you may hear others use SSL and TLS interchangeably to describe secure communications over the internet.

Ports 587, 2525, and 465 are commonly used to establish secure connections. These ports may vary depending on whether you’re using IMAP or POP3 to access emails from your server. Your system administrator can also set specific ports for encryption on mail servers and other applications.


STARTTLS is a protocol command used to prompt an email server that the client wishes to upgrade the connection from an insecure connection to a secure one. STARTTLS can take an insecure connection and make it secure via TLS protocol. Having this option enabled on your mail server allows a secure connection to be established before any emails are sent.

How does TLS protect email communications?

TLS plays a role in protecting email communications by establishing a secure and encrypted connection between two points. TLS utilizes asymmetric encryption to keep email communications private, and untampered while in transit. Using encryption for emails ensures that the contents of the message cannot be read or modified while being sent and provides a mechanism for authentication between the sender and recipient.

Emails that use SMTP without encryption risk having their messages compromised by man in the middle attacks or wiretaps. These attacks can silently copy your emails and read their contents or change the contents of the message while in transit.

This not only compromises the integrity of the email but provides valuable information to attackers wishing to launch even more sophisticated attacks against your domain such as spear phishing or whaling campaigns.

Secure connections are established using a series of steps known as a TLS handshake. This handshake requires two parties in order to create a secure connection. When a message is sent using TLS, the handshake process begins.

  1. During the first phase of the handshake, the client and server will specify which version of TLS they will use for the session.
  2. The client and server will pick which cipher suit they will use.
  3. The identity of the server will be authenticated using the server’s TLS certificate.
  4. Session keys will be generated and used to encrypt the email messages once the handshake is completed.

How to check if an email is using TLS

Today, close to 90% of emails both sent and received are encrypted. But how can you check for yourself?

Server administrators should be able to verify their email server is using some form of encryption by checking their certificate store and validating that their certificate is both installed correctly and up to date.

If you’re simply checking an email, you can verify if the message was sent using encryption by checking the headers of the message. In Gmail this can be done by opening the email in question and clicking on the small arrow next to your name underneath the sender’s address.

Google email showing TLS

This can be done in Microsoft Outlook as well by opening the email you wish to check, and then navigating to File > Properties. This will open up the email header information which will contain any TLS information if available.

Is TLS the only protection I need?

TLS plays a vital role in email security, but it can’t protect against all email-based threats. Emails using encryption are protected against:

  • Man in the middle attacks
  • Messages being read by attackers while in transit
  • Messages being forwarded to attackers

TLS cannot protect emails against:

  • Phishing attempts using lookalike domains
  • Malicious attachments that contain viruses
  • Links inside of emails that redirect to phishing sites
  • Emails that use social engineering to trick recipients into sharing sensitive information
  • Servers sending spoof emails from domains that they do not control

The Agari Advantage

Agari Email Protection utilizes TLS and DMARC to ensure that emails are encrypted as well as protected against phishing attacks from domain spoofing.

Phishing attacks that use lookalike domains trick unsuspecting recipients into clicking links or sending sensitive information by pretending to be a trusted sender. These attacks can occur directly over a secure connection since they don’t abuse a lack of encryption to succeed.

By combining TLS encryption with Agari’s Advanced Email Protection, organizations can deploy an email security strategy that stops email-based attacks on all levels. For email protection beyond TLS, see how Agari Phishing Defense works in action, or sign up for a free trial to experience the difference for yourself.


Agari Blog Image

December 16, 2021 John Wilson

Common Phishing Email Attacks | Examples & Descriptions

What does a phishing email look like? We've compiled phishing email examples to help show…

Agari Blog Image

December 8, 2021 John Wilson

What Is Email Phishing? [How to Protect Your Enterprise]

Phishing emails can steal sensitive data and cost companies' reputation. However, protecting a company from…

Envelope with skull and cross-bones

December 1, 2021 John Wilson

Identifying and Mitigating Email Threats

Email  threats are ever evolving, and it’s important to stay up to date. Here are…

Woman-shopping on cell phone

November 30, 2021 Mike Jones

It’s the Most Wonderful Time of the Year… for Cybercriminals

The holiday season is upon us, which means it’s also the busiest time of the…

Laptop with multiple paddle locks with key holes

November 11, 2021 John Wilson

SMTPS: How to Secure SMTP with SSL/TLS (Which Port to Use)

We’re going to go over what SMTP is, whether it’s truly secure enough (or if…

mobile image