TLS encryption for email sends in Marketing Cloud Engagement

TLS should be enabled for all outbound mail leaving Marketing Cloud. The default setting for TLS is opportunistic, meaning that we'll attempt to send with TLS, but if it can't be established we'll fall back on plain text.

TLS can be enforced for your sends. This means that all email communication will require TLS before sending. If the TLS connection fails to establish, the email won't be sent to that subscriber.

If TLS doesn't appear to be signing, or if you would like to enforce TLS, please create a case with Marketing Cloud Support.

Note:
Marketing Cloud Engagement supports TLS version 1.2 or higher for email sends.