What is encryption in transit?

Encryption in transit protects messages as they travel between servers. TLS secures the connection during the SMTP handoff, preventing eavesdroppers from reading or modifying the contents.

The encryption process begins with the STARTTLS command. Historically this protection was opportunistic, meaning servers would try to encrypt but fall back to plaintext if needed. Today, major providers enforce strict TLS and may reject delivery entirely rather than accept unencrypted traffic.

It is the armored escort ship that guards your message until it reaches the next harbor. Gmail even shows a broken lock icon for messages not encrypted in transit.