Contact Us

The Skysnag Blog

STARTTLS and SSL/TLS? Email Encryption explained

October 11, 2023  |  2 min read

STARTTLS and SSL/TLS are standard protocols used to secure email transmissions. Due to the abbreviations’ similarities, it can become confusing to distinguish the differences between them.

In this article, we will be discussing the role of SSL/TLS and STARTTLS in email encryption and get to understand what each means. 

What’s the role of STARTTLS? 

STARTTLS is a protocol command used to inform the email server that the email client (such as Gmail, Outlook, etc.) wants to upgrade an existing insecure connection to a secure one using SSL or TLS.

STARTTLS is also used with the IMAP protocol, which is typically used to get emails from an email server, in addition to SMTP. POP3, on the other hand, is another email-receiving protocol that makes use of a slightly different command for encryption known as STLS

The Need for STARTTLS and SSL/TLS  

It is crucial to employ email security protocols like STARTTLS and SSL/TLS since insecure email is a common attack vector for cybercriminals. Without taking this precaution, users are vulnerable to email spoofing which could lead to password theft and financial loss.

However, cybercriminals aren’t as fortunate if an email is intercepted with STARTTLS or SSL/TLS in place. These emails cannot be decrypted without the decryption keys, which are only available to the email server and client. 

How do TLS/SSL and STARTTLS work? 

A client connects to a server to inquire about the validity of an email before it is sent. It explains the SSL/TLS versions it supports as well as the type of encryption it uses. To prove its legitimacy, the server replies with its digital certificate. Once everything is in order, the two parties create and share a special key that will be used to decrypt messages in the future. 

Read about which ports are used in SSL/TLS. 


Skysnag’s automated software safeguards your domain’s reputation and keeps your business away from compromised business emails, password theft, and potentially significant financial losses. Our automated DMARC reports save you time from reading lengthy, perplexing reports while encrypting sensitive information in your emails.  Get started with Skysnag today by signing up for a free trial.

Create a Skysnag account to generate your DMARC record.

Check your domain’s DMARC security compliance

Enforce DMARC, SPF and DKIM in days - not months

Skysnag helps busy engineers enforce DMARC, responds to any misconfigurations for SPF or DKIM which increases email deliverability, and eliminates email spoofing and identity impersonation.