SpamHero provides opportunistic TLS encryption so that email communications between mail servers will be encrypted where possible. That means that when a sender uses TLS encryption to send email to a domain that is using SpamHero filtering, we will also attempt to use TLS encryption to deliver filtered mail to the final destination server.
SpamHero uses a multi-domain/wildcard SAN certificate which supports strict TLS certificate matching.