A customer tries to determine the security around using AEM (Forms) with e-mail via Office 365 SMTP server.

One question remained open:


AEM Forms uses Day CQ Mail Service which utilizes JavaMail API to handle sending emails. JavaMail provides two options for using STARTTLS: mail.smtp.starttls.enable and mail.smtp.starttls.required . In case if only first option is enabled, documentation informs that the connection continues without use of TLS, which may mean it can be not secure enough for the customers standards.


STARTTLS.ENABLED is available via AEM configuration, .REQUIRED is not.

See https://docs.adobe.com/content/help/en/experience-manager-65/communities/administer/email.html


They would require clarification from Adobe if SMTP use STARTTLS enforces using TLS at all times, or if there is fallback to non-secure connections in case of misconfiguration or other issues.


Can someone shed some light on this? Thanks



Accepted Solutions (0)

Answers (1)

Answers (1)



Hi @kprokopi ,


If mail.smtp.starttls.required is set to true it means TLS is supported and TLS connection can be used.

As mentioned here https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html


And for secure connection, both the sender and recipient must use TLS. Enabling SSL is one thing that you can do from your end!