With the introduction of SharePoint 2016 (Preview), we now have the ability to encrypt emails sent from SharePoint using SMTP connection encryption.
First of all, your SMTP server must support STARTTLS and have it enabled. It must also support the TLS 1.0, TSL 1.1, or TLS 1.2 protocol. The MSDN New and improved features in SharePoint Server 2016 page also notes that SSL 2.0 and SSL 3.0 protocols are not supported.
Compared to the 2013 Outgoing E-Mail Settings page, the SharePoint 2016 Outgoing E-Mail Settings page has two new settings – Use Secure Sockets Layer (SSL) and SMTP server port.
To use email encryption, select ‘Yes' in the Use Secure Sockets Layer (SSL) drop-down. It is important to remember that SharePoint 2016 will not “fall-back” to sending unencrypted email if the encryption negotiation fails, so testing is required to make sure it is working. Also, having good documentation of all settings is important for when changes are made on the SMTP server that impact communication to/from SharePoint.
There is also an option to use a non-default port for communication with your SMTP server. This is a new security feature with SharePoint Server 2016, as we had to use the default port with previous versions.
The addition of encryption and non-default port SMTP traffic is Microsoft's answer to the community's pleas for a more robust solution to sending email. It is a great step in making our environments more secure.