Some of my customers are highly concerned about securing JIRA/Confluence. While accesing the tools can be easily secured through SSL a security painpont are the notfication mails. Enabling TLS for the mail server is useless in most scenarios as this only secures the transport to the next hop.
So how to deal with it. The first strategy is to customize the mail templates and strip all content that is not allowed to be deliverd through insecure networks. There are some tickets in JIRA and confluence about this matter. However customizing the templates is to much administration as this needs to check after each update/upgrade of the tool. In addition the users really love the notifications, and stripping all content is not of much help to them.
The second strategy applies to a scenario where mails to some domains could be delivered without any concern (e.g. secure internal domain) and some mails to external suppliers needs to be dropped or filtered. In this case I recommend my customers to setup an postfix after queue filter to do the trick - which works pretty well.
There should be a flag in the notification scheme which says "Send mails to the user only if he or she has provided a valid mail certificate". In the user profile there would be an upload feature, so that the user can upload or update his public mail certificate (as selfservice - so no additional administration efforts in caretaking of certificates). And of course if the flag is set, the mail sent would be encrypted and signed by JIRA/Confluence and if the user has not stored a certificate he gets nothing (or an advice to store a mail certificate in his profile).