Merge pull request #35903 from VanMSFT/vanmsft/work-2025-11-21

Database Mail | Update TDS 8.0 support documentation

Author: prmerger-automator[bot]

docs/relational-databases/database-mail/database-mail.md

@@ -3,9 +3,10 @@ title: "Database Mail"
 description: "Database Mail"
 author: WilliamDAssafMSFT
 ms.author: wiassaf
-ms.date: 05/16/2025
+ms.date: 11/21/2025
 ms.service: sql
 ms.topic: conceptual
+ai-usage: ai-assisted
 helpviewer_keywords:
   - "architecture [SQL Server], Database Mail"
   - "Database Mail [SQL Server], architecture"
@@ -57,13 +58,13 @@ monikerRange: ">=sql-server-2016 || >=sql-server-linux-2017 || =azuresqldb-mi-cu
 
 -   Attachment size governor: Database Mail enforces a configurable limit on the attachment file size. You can change this limit by using the [sysmail_configure_sp](../system-stored-procedures/sysmail-configure-sp-transact-sql.md) stored procedure.  
 
--   Prohibited file extensions: Database Mail maintains a list of prohibited file extensions. Users cannot attach files with an extension that appears in the list. You can change this list by using sysmail_configure_sp.  
+-   Prohibited file extensions: Database Mail maintains a list of prohibited file extensions. Users can't attach files with an extension that appears in the list. You can change this list by using sysmail_configure_sp.  
 
 -   Database Mail runs under the [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] Engine service account. To attach a file from a folder to an email, the [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] engine account should have permissions to access the folder with the file.  
 
 ### Supportability
 
--   Integrated configuration: Database Mail maintains the information for e-mail accounts within [!INCLUDE[ssDEnoversion](../../includes/ssdenoversion-md.md)]. There is no need to manage a mail profile in an external client application. Database Mail Configuration Wizard provides a convenient interface for configuring Database Mail. You can also create and maintain Database Mail configurations using [!INCLUDE[tsql](../../includes/tsql-md.md)].  
+-   Integrated configuration: Database Mail maintains the information for e-mail accounts within [!INCLUDE[ssDEnoversion](../../includes/ssdenoversion-md.md)]. There's no need to manage a mail profile in an external client application. Database Mail Configuration Wizard provides a convenient interface for configuring Database Mail. You can also create and maintain Database Mail configurations using [!INCLUDE[tsql](../../includes/tsql-md.md)].  
 
 -   Logging. Database Mail logs e-mail activity to [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)], the Microsoft Windows Application event log, and to tables in the `msdb` database.  
 
@@ -114,6 +115,10 @@ monikerRange: ">=sql-server-2016 || >=sql-server-linux-2017 || =azuresqldb-mi-cu
 
 -   A scheduled task, such as a database backup or replication event, succeeds or fails. For example, you can use [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] Agent Mail to notify operators if an error occurs during processing at the end of a month.  
 
+## TDS 8.0 support
+
+[!INCLUDE [sssql25-md](../../includes/sssql25-md.md)] introduces [TDS 8.0](../security/networking/tds-8.md) support for Database Mail. The TDS 8.0 protocol provides enhanced security and encryption for data transmitted between SQL Server and client applications. This allows Database Mail to work in environments where TLS 1.3 encryption and TDS 8.0 are enforced.
+
 <a id="RelatedContent"></a>
 
 ## Related content

docs/relational-databases/security/networking/tds-8.md

@@ -4,12 +4,13 @@ description: This article discusses TDS 8.0, the application layer protocol used
 author: VanMSFT
 ms.author: vanto
 ms.reviewer: randolphwest, jaferebe, jopilov
-ms.date: 09/04/2025
+ms.date: 11/21/2025
 ms.service: sql
 ms.subservice: security
 ms.topic: conceptual
 ms.custom:
   - ignite-2025
+ai-usage: ai-assisted
 monikerRange: ">=sql-server-ver16 || >=sql-server-linux-ver16 || =azuresqldb-current || =azuresqldb-mi-current || =fabric-sqldb"
 ---
 
@@ -80,6 +81,7 @@ For more information on how clients use different TDS versions, see the keywords
 - [bcp utility](../../../tools/bcp-utility.md#tds-80-support)
 - [SQL VSS Writer](../../../database-engine/configure-windows/sql-writer-service.md)
 - [SQL CEIP service](../../../sql-server/usage-and-diagnostic-data-configuration-for-sql-server.md)
+- [Database Mail](../../database-mail/database-mail.md)
 - [Polybase](../../polybase/polybase-guide.md#sql-server-2025-polybase-enhancements)
 - [Always On availability groups](connect-with-strict-encryption.md#connect-to-an-always-on-availability-group)
 - [Always On failover cluster instance (FCI)](connect-with-strict-encryption.md#connect-to-a-failover-cluster-instance)
@@ -104,14 +106,6 @@ To use TDS 8.0, [!INCLUDE [sssql22-md](../../../includes/sssql22-md.md)] added `
 
 In order to prevent a man-in-the-middle attack with `strict` connection encryption, users can't set the `TrustServerCertificate` option to `true` and allow any certificate the server provided. Instead, users would use the `HostNameInCertificate` option to specify the certificate `ServerName` that should be trusted. The certificate supplied by the server would need to pass the certificate validation. For more information on certificate validation, see [Certificate requirements for SQL Server](../../../database-engine/configure-windows/certificate-requirements.md)
 
-### Features that don't support forcing strict encryption
-
-The `Force Strict Encryption` option added with TDS 8.0 in SQL Server Network Configuration forces all clients to use `strict` as the encryption type. Any clients or features without the `strict` connection encryption fail to connect to SQL Server.
-
-The following features or tools still use previous version of drivers that don't support TDS 8.0, and as such, might not work with the `strict` connection encryption:
-
-- Database mail
-
 ## Additional changes to connection string encryption properties
 
 The following options are added to connection strings to encrypt communication: