Opportunistic TLS is a transport model where mail systems try to use TLS if the other side supports it but may still deliver mail without TLS if secure negotiation fails. It matters because email transport often improves confidentiality with encryption, but compatibility pressures can weaken strictness.
What is Opportunistic TLS?
This model raises the baseline for encrypted mail transport but does not guarantee confidentiality against active downgrade or misconfiguration in all cases. It is common because it improves security without breaking broad interoperability by default.
What Opportunistic TLS Commonly Supports
Common uses include baseline mail encryption, mail-transfer hardening, transport privacy improvement, and incremental email-security modernization.
Opportunistic TLS vs. Mandatory TLS
Opportunistic TLS uses encryption when available but can fall back. Mandatory TLS refuses delivery when secure transport expectations are not met.
Frequently Asked Questions
Why is opportunistic TLS common?
Because it improves security for many messages without requiring every participating mail system to be configured perfectly first.
Does it guarantee confidentiality?
No. It is stronger than plaintext delivery but weaker than strict no-fallback transport policy.
