Who does not support SMTP TLS for Secure Inbound Email Delivery?

November 7th, 2013

We are frequently asked who supports TLS  to secure inbound email delivery. This is especially important for customers who need to be HIPAA-compliant, as email transport encryption over TLS is sufficient for HIPAA-compliant communications to end-users, so long as the TLS is configured to be sufficiently strong.

While it is possible to tell who supports TLS, it is somewhat technical to do it yourself. So, we have assembled a table with many of the most popular free and public email domains in use across the internet. We indicate which currently (as of July 8, 2022) supports SMTP TLS for inbound email.

The results are surprising. A majority of domains these days do support TLS. With Microsoft’s recent TLS implementation on its email domains (hotmail.com/live.com/outlook.com), this rounds out consistent TLS support (for inbound delivery–outbound may or may not be supported) for all of the most popular free email providers (e.g., aol.com, gmail.com yahoo.com, hotmail.com).

Note: lists below have been updated as of 7/8/22.

Why Supporting TLS is not Enough

One thing to be wary of is that if TLS is supported, it does not ensure that TLS encryption will sometimes or always be used when messages are delivered. The use of TLS also depends on the sending servers both supporting it and actively choosing to use it. A company like LuxSci will do this automatically when it is available (opportunistic TLS) and can enforce the use of TLS (e.g., will never send without it to domains that support it) to ensure compliance.

You can also use this table to estimate how many folks in your mailing lists are at free providers who support or do not support TLS. You can also use LuxSci’s TLS Checker tool to check TLS support for any domain. The following tables were last updated on 7/8/22.

These lists are not guarantees of TLS support as it could be turned off or otherwise disabled on purpose or by accident by the hosting company. To be absolutely sure whether a domain offers TLS support for inbound and outbound email transmissions, please check with the company providing or hosting the domain’s email services.

Note that our tests below check not just for TLS/SSL “support” but that the inbound servers for these domains support TLS v1.0+ and NIST-recommended ciphers, allowing solid levels of TLS encryption.

What Email Providers Support TLS  for email addresses?

 

Free/Paid Email Service Provider Domain Supports Inbound TLS?
aol.com YES
atmailcloud.com YES
fastmail.fm YES
gmail.com YES
gmx.com YES
gmx.us YES
googlemail.com YES
hotmail.com YES
hotmail.fr YES
hotmail.ru no
hushmail.com YES
icloud.com YES
inbox.com no
inbox.ru YES
live.com YES
live.de YES
lovesemail.com YES
luxsci.net YES
luxsci.me YES
mail.com YES
me.com YES
msn.com YES
outlook.com YES
polarismail.net YES
rediffmail.com YES
runbox.com YES
yahoo.co.jp YES
yahoo.co.uk YES
yahoo.com YES
yahoo.com.br YES
yahoo.com.cn YES
yahoo.de YES
yandex.ru YES
ymail.com YES
zoho.com YES

who supports TLS

Which ISPs support TLS for email addresses in company-owned domains?

More ISPs for residential or business internet/cable TV/phone services now support TLS.

Internet Service Provider Company Domain Supports Inbound TLS?
comcast.net YES
cox.net YES
earthlink.net YES
mindspring.com YES
rogers.blackberry.net no
rr.com no
sbcglobal.net YES
sprint.blackberry.net no
verizon.net YES

Who Supports TLS in custom personal and business domains?

What about custom personal or business domains at popular hosting companies like GoDaddy? This is the natural next question because the above lists only cover email addresses in domains owned by the provider company (free or paid). But what about TLS support for “mypersonaldomain.com” or “ourbusinessdomainname.com”? That depends upon the email infrastructure of the hosting company managing email services for that custom domain.

We have observed TLS support for personal and business domains hosted at various popular hosting companies as listed below. This is by no means a guarantee, as it is solely based on the fact that at some point in the past, a message was transmitted from LuxSci to the hosting company’s mail servers using TLS. To be sure, however, please check with the hosting provider company themselves.

Hosting Company Supports Inbound TLS?
EuMX YES
Fastmail Hosting YES
GoDaddy Hosting YES
Google Apps YES
InMotion Hosting YES
LuxSci Hosting YES
Netfirms Hosting YES
Network Solutions YES
Polarismail Hosting YES
Rackspace Email & Apps YES
Runbox Hosting YES
World.com Hosting YES