By default, our system is designed to opportunistically try outbound TLS v1.1 or higher when attempting to deliver email. This means that if your recipient's email server accepts an inbound TLS v1.1 or higher connection, we will deliver the email over a TLS encrypted connection. If the server does not support TLS, we will deliver the message over the default unencrypted connection.
We also offer the ability to enforce TLS encryption when we attempt to deliver email to your recipients. The Enforced TLS feature specifies whether or not the recipient is required to support TLS v1.1 or higher or have a valid certificate before we deliver an email to them.