4 Encryption

For greater security, you can encrypt your connection to the SMTP server. If this is to work, both Emacs and the server must support it.

The SMTP library supports the “Transport Layer Security” (TLS), and the older “Secure Sockets Layer” (SSL) encryption mechanisms. It also supports STARTTLS, which is a variant of TLS in which the initial connection to the server is made in plain text, requesting a switch to an encrypted channel for the rest of the process.

The variable smtpmail-stream-type controls what form of connection the SMTP library uses. The default value is nil, which means to use a plain connection, but try to switch to a STARTTLS encrypted connection if the server supports it. Other possible values are: starttls to insist on STARTTLS; ssl to use TLS/SSL; and plain for no encryption.

Use of any form of TLS/SSL requires support in Emacs. You can use the built-in support for the GnuTLS 1 library. If your Emacs has GnuTLS support built-in, the function gnutls-available-p is defined and returns non-nil.

The SMTP server may also request that you verify your identity by sending a certificate and the associated encryption key to the server. If you need to do this, you can use an ~/.authinfo entry like this:

machine mail.example.org port 25 key "~/.my_smtp_tls.key" cert "~/.my_smtp_tls.cert"

(This replaces the old smtpmail-starttls-credentials variable used prior to Emacs 24.1.)