Why Encryption Matters

When you send an email, it doesn’t always travel directly from your computer to the recipient’s inbox. Instead, it hops across several servers. Without encryption, anyone along the path could intercept and read the contents.

Think of encryption as sealing your letter in an envelope rather than writing it on a postcard.

What is TLS?

TLS (Transport Layer Security) is the most common way to secure emails in transit.
It works like HTTPS for websites, encrypting the connection between mail servers.
Ensures that while your message is traveling, outsiders can’t easily read or tamper with it.

Example: Gmail → Outlook → Yahoo all try to use TLS to exchange emails.

Note: TLS encrypts the “transport,” but once the email arrives at the recipient’s inbox, it’s stored in plain text unless additional encryption is used.

End-to-End Encryption (E2EE)

Unlike TLS, end-to-end encryption ensures only the sender and recipient can read the message.
Even mail providers (like Gmail or Outlook) can’t decrypt it.
Common standards:
- PGP (Pretty Good Privacy)
- S/MIME (Secure/Multipurpose Internet Mail Extensions)

This is like sending a letter that only the recipient has the key to open.

STARTTLS and Opportunistic Encryption

STARTTLS is an extension to SMTP that tells servers to upgrade to TLS if both support it.
If not, the email falls back to unencrypted transmission.
This means encryption is not guaranteed unless enforced with policies like MTA-STS or DANE.

Real-World Example

Gmail enforces TLS with most large providers.
But if you send to a small custom mail server without TLS, your email may travel unencrypted.
That’s why big senders publish MTA-STS policies to require TLS for incoming messages.

🥋 Sensei Tip

“TLS is like locking the delivery truck, but end-to-end encryption is like locking the letter itself. For most businesses, TLS is enough — but for sensitive industries (finance, healthcare, law), end-to-end encryption is critical.”

TLS & Email Encryption Basics

What You'll Learn