Pfft.
There is no transport security in SMTP whether or not you use TLS.
Internal emails, possibly, but that's about it.
The reason? Any mail server en-route can read the email and forward it on to any other mail server unencrypted without you ever becoming aware of it. The chances of a customer of this place sending potentially embarrassing email to this place without - at some point - there being a non-TLS SMTP connection involved is very high. But the fact is, you can never know because you will never find out.
That's not counting anything they email internally via their personal accounts "because the attachment is blocked" or "I have no VPN access here" or whatever.
SMTP is security-less, to all intents and purposes. Even things like SPF etc. don't work to guarantee that the mail SERVER you are sending TO is legitimate. It only ever works the other way around (i.e. that that mail from fredbloggs.com did come from a fredbloggs.com-authorised server). And even THAT is dependent on unencrypted basic DNS being authoritative.
Please stop spouting nonsense. You either encrypt the whole message with something and that lets the transport metadata completely open, or nothing. The TLS around SMTP is entirely optional, strippable, unverifiable and useless. It's to protect your SMTP password details, not your email.
Biting the hand that feeds IT
