If TLS is configured as a secure delivery method for your domain configuration.  An email can be encrypted and delivered to the recipient using TLS v.1.2 or TLS v.1.3

In order for an encrypted message to be delivered over TLS, the recipient's inbound e-mail server must "advertise" that it supports TLS and must use a digital certificate signed by a certificate authority (CA). 

If the preferred delivery method for an encrypted message is TLS and we are unable to deliver the message over TLS, then another secure delivery method will be used to encrypt the message.  

(We do not support sending encrypted messages over TLS versions lower than 1.2 because they are less secure versions of TLS and in some cases does not meet regulatory encryption requirements).