diff --git a/reporter/email.go b/reporter/email.go
index 7e8e18a78f..696ea7a53c 100644
--- a/reporter/email.go
+++ b/reporter/email.go
@@ -99,13 +99,18 @@ type emailSender struct {
 	conf config.SMTPConf
 }
 
-func (e *emailSender) sendMail(smtpServerAddr, message string) (err error) {
-	var auth sasl.Client
-	emailConf := e.conf
-	tlsConfig := &tls.Config{
+func newSMTPClientTLSConfig(emailConf config.SMTPConf) *tls.Config {
+	return &tls.Config{
 		ServerName:         emailConf.SMTPAddr,
+		MinVersion:         tls.VersionTLS12,
 		InsecureSkipVerify: emailConf.TLSInsecureSkipVerify,
 	}
+}
+
+func (e *emailSender) sendMail(smtpServerAddr, message string) (err error) {
+	var auth sasl.Client
+	emailConf := e.conf
+	tlsConfig := newSMTPClientTLSConfig(emailConf)
 
 	var c *smtp.Client
 	switch emailConf.TLSMode {
diff --git a/reporter/email_test.go b/reporter/email_test.go
new file mode 100644
index 0000000000..b6a23bc158
--- /dev/null
+++ b/reporter/email_test.go
@@ -0,0 +1,27 @@
+package reporter
+
+import (
+	"crypto/tls"
+	"testing"
+
+	"github.com/future-architect/vuls/config"
+)
+
+func TestNewSMTPClientTLSConfigUsesModernMinimumTLSVersion(t *testing.T) {
+	conf := config.SMTPConf{
+		SMTPAddr:              "smtp.example.com",
+		TLSInsecureSkipVerify: true,
+	}
+
+	tlsConfig := newSMTPClientTLSConfig(conf)
+
+	if tlsConfig.ServerName != conf.SMTPAddr {
+		t.Fatalf("unexpected ServerName: got %q, want %q", tlsConfig.ServerName, conf.SMTPAddr)
+	}
+	if tlsConfig.MinVersion != tls.VersionTLS12 {
+		t.Fatalf("unexpected MinVersion: got %x, want %x", tlsConfig.MinVersion, tls.VersionTLS12)
+	}
+	if !tlsConfig.InsecureSkipVerify {
+		t.Fatal("expected configured TLSInsecureSkipVerify value to be preserved")
+	}
+}