How to check STARTTLS usage when sending emails with sendmail?

I have installed and configured sendmail on my little VPS running Debian in order to send some e-mail notifications when something happens on it. Currently, the setup seems to work fine but, since these notifications can contain some sensitive data, I would like to encrypt them. So, running several time the sendmailconfig command, I noticed that sendmail can be configured to use STARTTLS: Everything you need to support STARTTLS (encrypted mail transmission and user authentication via certificates) is installed and configured but is *NOT* being used. To enable sendmail to use STARTTLS, you need to: 1) Add this line to /etc/mail/sendmail.mc and optionally to /etc/mail/submit.mc: include(`/etc/mail/tls/starttls.m4')dnl 2) Run sendmailconfig 3) Restart sendmail I have added the above mentioned statement in the appropriate configuration file and all seems to still work. But sending a test e-mail with the -v parameter, the console output doesn't seem to be different compared to previous tests (I see statements like 050 250-STARTTLS or 050 >>> STARTTLS but they were printed also before setting up STARTTLS). So, how could I check if sendmail is actually encrypting e-mails? **Question Update n.1** As suggested in some comments, I am going to attach the conversation content of some tests I did in the previous hours. Emulating this conversation, here is the one I did with my local SMTP: $ netcat -Cw 60 localhost 25 220 mail.MYDOMAIN.com ESMTP Sendmail 8.15.2/8.15.2/Debian-14~deb10u1; Fri, 5 Jun 2020 14:40:15 GMT; (No UCE/UBE) logging access from: localhost(OK)-localhost [127.0.0.1] EHLO localhost 250-mail.MYDOMAIN.com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 250-STARTTLS 250-DELIVERBY 250 HELP MAIL FROM: 250 2.1.0 ... Sender ok RCPT TO: 250 2.1.5 ... Recipient ok DATA 354 Enter mail, end with "." on a line by itself From: To: Subject: Sendmail test . 250 2.0.0 055EeF7x000698 Message accepted for delivery QUIT 221 2.0.0 mail.MYDOMAIN.com closing connection But when trying to do the same on Outlook SMTP server (since the recipient for the mentioned notifications is my free Outlook e-mail), the conversation stops at the second step: $ netcat -Cw 60 smtp-mail.outlook.com 25 220 LO2P265CA0139.outlook.office365.com Microsoft ESMTP MAIL Service ready at Fri, 5 Jun 2020 14:56:40 +0000 EHLO mail.MYDOMAIN.com 250-LO2P265CA0139.outlook.office365.com Hello [MYIP] 250-SIZE 157286400 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8 MAIL FROM: 530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM [LO2P265CA0139.GBRP265.PROD.OUTLOOK.COM] I have also tried to compare the header of some e-mails, which were respectively sent before and after the STARTTLS setup and I found an interesting difference: Received: from mail.MYDOMAIN.com (localhost [127.0.0.1]) by mail.MYDOMAIN.com (8.15.2/8.15.2/Debian-14~deb10u1) with ESMTPS id 054G4khN002213 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Thu, 4 Jun 2020 16:04:46 GMT The encryption information between parenthesis is not present in previous e-mail headers. Can this be a clue that STARTTLS is actually used? **Question Update n.2** If it can be useful, I attach also what sendmail outputs to console in verbose mode when sending test e-mails: $ echo 'Subject: Sendmail test' | sudo sendmail -v -f foo@bar.com MYEMAIL@outlook.com MYEMAIL@outlook.com... Connecting to [127.0.0.1] via relay... 220 mail.MYDOMAIN.com ESMTP Sendmail 8.15.2/8.15.2/Debian-14~deb10u1; Sun, 7 Jun 2020 12:28:05 GMT; (No UCE/UBE) logging access from: localhost(OK)-localhost [127.0.0.1] >>> EHLO mail.musnet.io 250-mail.MYDOMAIN.com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 250-STARTTLS 250-DELIVERBY 250 HELP >>> VERB 250 2.0.0 Verbose mode >>> STARTTLS 220 2.0.0 Ready to start TLS >>> EHLO mail.musnet.io 250-mail.MYDOMAIN.com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP >>> VERB 250 2.0.0 Verbose mode >>> MAIL From: SIZE=23 AUTH=foo@bar.com 250 2.1.0 ... Sender ok >>> RCPT To: >>> DATA 250 2.1.5 ... Recipient ok 354 Enter mail, end with "." on a line by itself >>> . 050 ... Connecting to outlook-com.olc.protection.outlook.com. via esmtp... 050 220 DM6NAM12FT067.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Sun, 7 Jun 2020 12:28:05 +0000 050 >>> EHLO mail.MYDOMAIN.com 050 250-DM6NAM12FT067.mail.protection.outlook.com Hello [MYIP] 050 250-SIZE 49283072 050 250-PIPELINING 050 250-DSN 050 250-ENHANCEDSTATUSCODES 050 250-STARTTLS 050 250-8BITMIME 050 250-BINARYMIME 050 250-CHUNKING 050 250 SMTPUTF8 050 >>> STARTTLS 050 220 2.0.0 SMTP server ready 050 >>> EHLO mail.MYDOMAIN.com 050 250-DM6NAM12FT067.mail.protection.outlook.com Hello [MYIP] 050 250-SIZE 49283072 050 250-PIPELINING 050 250-DSN 050 250-ENHANCEDSTATUSCODES 050 250-8BITMIME 050 250-BINARYMIME 050 250-CHUNKING 050 250 SMTPUTF8 050 >>> MAIL From: SIZE=305 050 250 2.1.0 Sender OK 050 >>> RCPT To: 050 >>> DATA 050 250 2.1.5 Recipient OK 050 354 Start mail input; end with . 050 >>> . 050 250 2.6.0 [InternalId=29785598229520, Hostname=DM6NAM12HT069.eop-nam12.prod.protection.outlook.com] 7377 bytes in 0.217, 33.122 KB/sec Queued mail for delivery -> 250 2.1.5 050 ... Sent ( [InternalId=29785598229520, Hostname=DM6NAM12HT069.eop-nam12.prod.protection.outlook.com] 7377 bytes in 0.217, 33.122 KB/sec Queued mail for delivery -> 250 2.1.5) 250 2.0.0 057CS569006414 Message accepted for delivery MYEMAIL@outlook.com... Sent (057CS569006414 Message accepted for delivery) Closing connection to [127.0.0.1] >>> QUIT 221 2.0.0 mail.MYDOMAIN.com closing connection