This is called Transport Layer Security (TLS) because it only encrypts the direct connection from one MTA to the next. Every MTA on the route is able to read the mail since it processes mails above the transportlayer. Privacy can only be guaranteed if there is a direct connection between sending and recieving MTA (and both ca nbe trusted). This is not true for SMTP.
this is not really true, i can define SMTP routing tables and contact such smtp server directly, no need for smarthost. I think just of the possibillity that you can send 'encrypted' mail over the net. Surely the mail itself isn't encrypted.
You can't generally say that sending mails directly to a domain's MXs guarantees that they'll travel encrypted to their destination, you can't even be sure that they won't traverse the Internet again unencrypted before reaching their destination. With e.g. PGP and S/MIME, you can.
To meet all privacy requirements encryption must take place on the application level.
right, but that isn't possible without users interaction.
True.
And for authentication over insecure networks it is necassary to have cryptographically secure identification data for every person to communicate with. This can't be done without the senders/receivers cooperation.
noone 'authenticates' normal mails, so why should i take special care on a encrypted mail?
Authentication and encryption are distinct operations, there is no need for you to take one into account when deciding whether or not to use the other. However, authentication does have its applications, e.g. I expect people to run only those executable attachments that I've signed.
i don't know that my mail travels in an encrypted 'transport layer' thru the net. For real and approved security you need pgp or something simmilar, but just to encrypt the mail transport tls is some kind to think of. So if you want no user interaction, it is a way to get a bit more security, no gurantee, no auth, just a bit encryption.
You can perform authentication in TLS, but it authenticates only the SMTP client and server, not the email sender or recipient. The use of TLS without authentication equates to missing the point of it entirely, IMHO. Cheers Tobias