AFAIK, overall, port 587 should allow to encrypt the sending of emails-messages using the TLS protocol (but this is not an obligation), if the handshake between the client and the server is verified\checked as being compatible with TTLS protocol RFC8314 compliance, on both sides.
If TLS cannot be used (because the server - in fact - doesn't offer this TLS ability on its port 587, or because the client doesn't respect the TLS protocol), then the server downgrades the asked TLS towards simple SMTP: in this case, the email is nevertheless sent, but not encrypted.