[josho]

And for those that still aren't familiar with TLS yet, think of it as simply SSL but newer and better. So, even though SMTP starts unencrypted the STARTTLS command initiates an encrypted session.

Most mail servers these days use TLS. So, there is a good chance that the email you send with your confidential pricing lists is being sent encrypted over the network. Unfortunately, there really isn't a good way to tell if that happened (at best you can view the mail headers which some servers add headers that show a TLS session was used between mail servers).

[jlgaddis]

Yeah, it's usually possible to tell just from the Received: headers.

For example, here's a (slightly censored) Received: header from a recent e-mail received by my personal mail server:

  Received: from mail.foo.com (mail.foo.com [192.0.2.8])
  	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
  	(No client certificate requested)
  	by mail.bar.com (Postfix) with ESMTPS id MX8675309
  	for <jlgaddis@bar.com>; Mon, 20 Oct 2014 18:31:26 -0400 (EDT)

N.B.: "with ESMTPS".

I'm sure that others will correct me if I'm wrong (please do!) and this almost certainly isn't foolproof (and I'm likely missing some and there are probably exceptions as well), but just from my own observations: "ESMTP" refers to a standard, unencrypted SMTP session (25/TCP), "ESMTPS" to an SMTP session where STARTTLS was used (25/TCP), "ASMTP" to an authenticated SMTP session where "full" SSL/TLS was used (e.g. 465/TCP), and "ESMTPSA" to an authenticated SMTP session where STARTTLS was used.

Of course, you can't see these on any outgoing messages you send, only incoming mail.