Who does not support SMTP TLS for Secure Inbound Email Delivery?

November 7th, 2013

Note: lists below have been updated as of 9/11/2015.

We are frequently asked how common is the support of SMTP TLS  for securing inbound email delivery to recipients across the Internet.  This is especially important for customers who need to be HIPAA compliant, as email transport encryption over TLS is sufficient for HIPAA compliant communications to end users, so long as the TLS is configured to be sufficiently strong.

While it is possible to tell who supports TLS, its is somewhat technical to do yourself.  So, we have assembled a table with many of the popular free / public email domains in use across the Internet and indicate which currently (as of January 14th, 2015) support SMTP TLS for inbound email.

The results are surprising.  A majority of domains these days do support TLS, and with Microsoft’s recent TLS implementation on its email domains (hotmail.com/live.com/outlook.com), this rounds out consistent TLS support (for inbound delivery–outbound may or may not be supported)  for all of the most popular free email providers (e.g. aol.com, gmail.com yahoo.com, hotmail.com).
One thing to be wary of — just because they support TLS inbound does not ensure that TLS encryption will sometimes or always be used when messages are delivered to them.  Use of TLS also depends on the sending servers both supporting it and actively choosing to use it.  A company like LuxSci will do this automatically when it is available (opportunistic TLS) and can enforce use of TLS (e.g. will never send without it to domains that support it) to ensure compliance.

You can also use this table to estimate how many folks in your mailing lists are at free providers who support or do not support TLS.  You can also use LuxSci’s TLS Checker tool to check TLS support for any domain that you like. The following tables were last updated 9/11/2015.

These lists are not absolute guarantees of TLS support as it could be turned off or otherwise disabled on purpose or by accident by the hosting company. To be absolutely sure whether a domain offers TLS support for inbound and outbound email transmissions, please check with the company providing or hosting the domain’s email services.

Note that our tests below check not just for TLS/SSL “support” but check that the inbound servers for these domains support TLS v1.0+ and NIST-recommended ciphers, allowing solid levels of TLS encryption.

TLS Support for email addresses in email provider domains (i.e. ‘address@hostingcompany.com’)


Free/Paid Email Service Provider Domain Supports Inbound TLS?
aol.com YES
atmailcloud.com YES
fastmail.fm YES
gmail.com YES
gmx.com YES
gmx.us YES
googlemail.com YES
hotmail.com YES
hotmail.fr YES
hotmail.ru no
hushmail.com YES
icloud.com YES
inbox.com no
inbox.ru YES
live.com YES
live.de YES
lovesemail.com YES
luxsci.net YES
luxsci.me YES
mail.com YES
me.com YES
msn.com YES
outlook.com YES
polarismail.net YES
rediffmail.com YES
runbox.com YES
yahoo.co.jp no
yahoo.co.uk YES
yahoo.com YES
yahoo.com.br YES
yahoo.com.cn YES
yahoo.de YES
yandex.ru YES
ymail.com YES
zoho.com no

TLS Support for email addresses in ISP (Internet Service Provider) company owned domains (i.e. ‘address@ispcompany.net’)

As evidenced below, the email address provided by your ISP company with your residential or business internet/cable TV/phone services, is generally not configured to support TLS.

Internet Service Provider Company Domain Supports Inbound TLS?
comcast.net YES
cox.net no
earthlink.net no
mindspring.com no
rogers.blackberry.net no
rr.com no
sbcglobal.net YES
sprint.blackberry.net no
verizon.net YES

TLS Support for email addresses in custom personal/business domains

What about custom personal or business domains at popular hosting companies like GoDaddy etc.? This is the natural next question to ask, because the above lists only cover email addresses in domains owned by the provider company (whether free or paid). But what about TLS support for “mypersonaldomain.com” or “ourbusinessdomainname.com”? That depends upon the email infrastructure of the hosting company managing email services for that custom domain.

We have observed TLS support for personal/business domains hosted at various popular hosting companies as listed below. This is by no means a guarantee as it is solely based on the fact that at some point in the past, a message was transmitted from LuxSci to the hosting company’s mail servers using TLS. To be absolutely sure, however, please check with the hosting provider company themselves.

Hosting Company Supports Inbound TLS?
Fastmail Hosting YES
GoDaddy Hosting YES
Google Apps YES
InMotion Hosting YES
LuxSci Hosting YES
Netfirms Hosting YES
Network Solutions YES
Polarismail Hosting YES
Rackspace Email & Apps YES
Runbox Hosting YES
World.com Hosting YES