What is StartTLS?

StartTLS is used with SMTP and IMAP, while POP3 for encryption.
Priyanka Sharma
Priyanka Sharma

Created: 05/25/2020 1:45 PM - Updated: 05/25/2020 1:45 PM

StartTLS is a protocol command used to inform the email server that the email client wants to upgrade from an insecure connection to a secure one using TLS or SSL. StartTLS is used with SMTP and IMAP, while POP3 uses the slightly different command for encryption, STLS. 

How does StartTLS work?

SMTP always starts unencrypted. The StartTLS command starts the negotiation between server and client.

Communication that happens between the email client and email server-

  1. The process begins with the Transmission Control Protocol (TCP) handshake to help both the email client and server identify each other.
  2. The server identifies with 220 Ready that the email client can proceed with the communication.
  3. The client sends the server “EHLO” to inform the server that the client would like to use Extended SMTP (the more advanced version of SMTP that lets you include images, attachments, etc.).
  4. The client sends “250-STARTTLS” to the mail server to ask whether or not StartTLS is accepted.
  5. If the server sends back “go head,” the StartTLS connection can be created. 
  6. The client restarts the connection and the email message has been encrypted.

Port for StartTLS use-

The port that uses StartTLS most often is port 587. It often requires email clients to use StartTLS to send mail. Other ports used to send encrypted mail are 25, 465, and 2525. Since port 25 was designed for mail transfer, not submission, your ISP may block email sent through this port. Port 465 is the second most commonly used port for StartTLS.

Other TLS use cases

TLS is frequently used for encrypting a variety of communication methods outside of email. Since TLS is a relatively simple, multi-step protocol, it makes it easy to adjust for a variety of communication types. This includes web browsers, SMS, and Voice over IP. In fact, a lot of companies use TLS to encrypt all communication between their web servers and browsers, even if the majority of the communication isn’t sensitive material.

Why is StartTLS important?

SMTP is not secured by default, which means that if you were to send email over SMTP without StartTLS the email could be intercepted and easily interpreted. This is a risk while sending sensitive, personal information like usernames, passwords, or bank information.

When an email client uses StartTLS, it informs the server that the content must be encrypted. This way, if the mail is intercepted, the content has been scrambled and is very challenging to decipher. The email server and email client are the only ones that hold the key to decode the message. 


 Email clients are susceptible to man-in-the-middle attacks because, in the initial connection between email client and server, the IP addresses are not encrypted. 

Using StartTLS could also add some latency to the SMTP connection.

Was this article helpful?

0 Out of 0 Marked As Helpfull

Have more questions? Please Contact Us