> Just use opportunistic TLS on both ends and go. It depends on the requirements whether TLS is good enough. It's not always possible to be 100% certain that the complete route is TLS protected. All intermediate servers should protect the message with TLS and this is something the sending server cannot enforce. For example if you are using fallback SMTP servers hosted by some external company in case of problems how can you be 100% certain that the email is TLS protected?
If your requirements are such that you must be 100% certain that your email is protected all the way, you should protect the message, not just the channel. Martijn
