But an email client isn't likely to know if SSL has been used. In email, SSL/TLS is generally only used to protect ''login ''data from being transmitted in clear text, and thus is applied only to the link between client and the server upon which the account is configured. Email data thereafter travels across the internet in plain text. There are no headers to tell an email client about encryption that may or may not have been applied on any particular segment of its journey from sender to recipient. If you run an account that connects to its server using SSL or TLS, then you ''know ''that encryption has been used for that last leg of its journey. So for such a server, ALL messages are "sent (to you) using SSL/TLS", and there is no point filtering for SSL/TLS. But you know nothing about what happened prior to it arriving at your incoming server. For end-to-end encryption, if you're paranoid about security, you need to be using s/mime (built into Thunderbird), or GPG via the Enigmail add-on, and both you and your correspondent have to be using it and must have exchanged public keys.