At maileo, we support secure email delivery by using TLS (Transport Layer Security). TLS encrypts the connection while email is transferred between mail servers across the internet. These two mailbox settings let you choose whether maileo should require TLS for delivery:
- Enforce TLS incoming
- Enforce TLS outgoing
Important: These settings apply to server-to-server email delivery (mail transfer). They do not control encryption for your mailbox login (IMAP/SMTP/Webmail), which is already protected.
What is TLS in email?
Email is delivered from one mail server to another (for example: Gmail → maileo, or maileo → Microsoft 365). When TLS is available, that transfer is encrypted in transit. When TLS is not available, some systems may fall back to an unencrypted connection to complete delivery.
Most modern providers support TLS, but the internet includes many older or misconfigured mail systems where TLS may be unavailable or unreliable. That’s why “enforcing” TLS can increase privacy but may reduce deliverability in certain cases.
Enforce TLS incoming
What it does: When enabled, maileo will only accept inbound email to your mailbox if the sending mail server successfully negotiates TLS.
If the sender does not support TLS: The message will be rejected and the sender will typically receive a bounce/error response from their mail server.
Recommended when:
- You receive sensitive information and want to prevent plaintext delivery to your mailbox.
- Most of your inbound email comes from modern providers (Google, Microsoft, major business email platforms).
Use caution when:
- You must receive every message reliably (support inboxes, billing, password resets, contact forms).
- You receive mail from older systems, small hosting providers, legacy devices, or niche automated services.
Enforce TLS outgoing
What it does: When enabled, maileo will only deliver outbound email from your mailbox to the recipient’s mail server if TLS can be negotiated.
If the recipient server does not support TLS: Delivery will fail instead of falling back to an unencrypted connection.
Recommended when:
- You send sensitive information and want “no TLS = do not send” behavior.
- Your recipients are primarily on modern providers (Gmail, Outlook/Exchange, etc.).
Use caution when:
- You email a wide variety of domains where some recipients may be on older or misconfigured mail systems.
- Deliverability is the top priority (broad outreach, mixed client domains, legacy environments).
maileo recommendation
Both settings are OFF by default. This avoids unexpected delivery failures from third-party systems that do not support TLS correctly.
Enable TLS enforcement only if you understand and accept the trade-off: higher privacy but potentially lower deliverability in edge cases.
Troubleshooting (if mail is missing or delivery fails)
- Temporarily switch the relevant setting back OFF and retry.
- If delivery works with enforcement off, the other mail system likely doesn’t support TLS properly.
- If you received a bounce message, save it—it often contains the exact reason delivery failed.
If you need help, contact maileo support and include:
- The mailbox address (example:
you@yourdomain.com) - The sender/recipient domain involved
- The approximate time of the send/receive attempt
- Any bounce message or error text (if available)