-Currently SASL security layers are not supported for SMTP.
-.BR nmh 's
-SMTP SASL code
-will always negotiate an unencrypted connection. This means that while the SMTP
-authentication can be encrypted, the subsequent data stream can not. This is in
-contrast to
-.BR nmh 's
-POP3 SASL support, where encryption is supported for both the
-authentication and the data stream.
+If SASL authentication is successful,
+.BR nmh
+will attempt to negotiate a security layer for session encryption.
+Encrypted data is labelled with `(sasl-encrypted)' and `(sasl-decrypted)' when
+viewing the SMTP transaction with the
+.B \-snoop
+switch.
+.PP
+If
+.B nmh
+has been compiled with TLS support, the
+.B \-tls
+switch will require the negotiation of TLS support when connecting to the
+SMTP MTA. Encrypted data is labelled with `(tls-encrypted)' and
+`(tls-decrypted)' when viewing the SMTP transction with the
+.B \-snoop
+switch.