STARTTLS is an email protocol command that tells an email server that an email client, including an email client running in a web browser, wants to turn an existing insecure connection into a secure one.
SMTP is not secure by default, which means if you were to send an email via SMTP without StartTLS, the e-mail could be intercepted and easily interpreted. This is of particular concern when sending sensitive and personal information such as usernames, passwords, or banking information.
When an email client uses StartTLS, it notifies the server that the content needs to be encrypted. This way, if the mail is intercepted, the content has been scrambled and is very difficult to decipher. Only the mail server and the mail client have the key to decode the e-message.
StartTLS works with both TLS and SSL protocols. As SMTP always starts as unencrypted, a StartTLS enabled email client will notify the email server that the content is required to be encrypted.
This notification process begins with the Transmission Control Protocol (TCP) handshake to help the email client and server identify each other. The email server replies to the client when the communication is ready. The client then sends an extended SMTP and StartTLS request to the server. If the server accepts, the client will start the StartTLS connection and encrypt the email message.