diff --git a/send.php b/send.php
index 10182ec..2e73524 100644
--- a/send.php
+++ b/send.php
@@ -81,47 +81,74 @@ $headers .= "Reply-To: $email\r\n";
 $headers .= "Content-Type: text/plain; charset=UTF-8\r\n";
 $headers .= "X-Mailer: Cuitunet-Web\r\n";
 
-// Lähetys suoraan SMTP:llä MX-palvelimelle (ohittaa Pleskin postfixin)
-function sendViaSMTP(string $from, string $to, string $subject, string $body, string $replyTo): string {
-    $mx = 'mx.mail2.fi';
-    $port = 25;
+// SMTP-lähetys mail2.fi:n kautta (STARTTLS + auth)
+function sendViaSMTP(string $to, string $subject, string $body, string $replyTo): string {
+    $smtpHost = 'smtp.mail2.fi';
+    $smtpPort = 587;
+    $smtpUser = 'sivusto@cuitunet.fi';
+    $smtpPass = 'Passus123!';
+    $fromEmail = 'sivusto@cuitunet.fi';
+    $fromName = 'Cuitunet Saatavuuskysely';
     $hostname = 'cuitunet.fi';
 
-    $sock = @fsockopen($mx, $port, $errno, $errstr, 10);
-    if (!$sock) return "Yhteys MX-palvelimeen epäonnistui: $errstr ($errno)";
+    $sock = @fsockopen($smtpHost, $smtpPort, $errno, $errstr, 10);
+    if (!$sock) return "SMTP-yhteys epäonnistui: $errstr ($errno)";
 
     $resp = fgets($sock, 512);
-    if (substr($resp, 0, 3) !== '220') { fclose($sock); return "MX hylkäsi yhteyden: $resp"; }
+    if (substr($resp, 0, 3) !== '220') { fclose($sock); return "SMTP hylkäsi: $resp"; }
 
-    $cmds = [
-        "EHLO $hostname",
-        "MAIL FROM:<$from>",
-        "RCPT TO:<$to>",
-        "DATA",
-    ];
-    foreach ($cmds as $cmd) {
-        fwrite($sock, "$cmd\r\n");
-        $resp = fgets($sock, 512);
-        $code = substr($resp, 0, 3);
-        // EHLO voi palauttaa monta riviä
-        if ($cmd === "EHLO $hostname") {
-            while (substr($resp, 3, 1) === '-') { $resp = fgets($sock, 512); }
-        }
-        if ($cmd === 'DATA' && $code !== '354') { fwrite($sock, "QUIT\r\n"); fclose($sock); return "DATA hylätty: $resp"; }
-        elseif ($cmd !== 'DATA' && $code[0] !== '2') { fwrite($sock, "QUIT\r\n"); fclose($sock); return "SMTP virhe ($cmd): $resp"; }
+    // EHLO
+    fwrite($sock, "EHLO $hostname\r\n");
+    $resp = fgets($sock, 512);
+    while (substr($resp, 3, 1) === '-') { $resp = fgets($sock, 512); }
+
+    // STARTTLS
+    fwrite($sock, "STARTTLS\r\n");
+    $resp = fgets($sock, 512);
+    if (substr($resp, 0, 3) !== '220') { fclose($sock); return "STARTTLS epäonnistui: $resp"; }
+    if (!stream_socket_enable_crypto($sock, true, STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT)) {
+        fclose($sock); return "TLS handshake epäonnistui";
     }
 
+    // EHLO uudelleen TLS:n jälkeen
+    fwrite($sock, "EHLO $hostname\r\n");
+    $resp = fgets($sock, 512);
+    while (substr($resp, 3, 1) === '-') { $resp = fgets($sock, 512); }
+
+    // AUTH LOGIN
+    fwrite($sock, "AUTH LOGIN\r\n");
+    $resp = fgets($sock, 512);
+    if (substr($resp, 0, 3) !== '334') { fclose($sock); return "AUTH ei tuettu: $resp"; }
+    fwrite($sock, base64_encode($smtpUser) . "\r\n");
+    $resp = fgets($sock, 512);
+    if (substr($resp, 0, 3) !== '334') { fclose($sock); return "Käyttäjänimi hylätty: $resp"; }
+    fwrite($sock, base64_encode($smtpPass) . "\r\n");
+    $resp = fgets($sock, 512);
+    if (substr($resp, 0, 3) !== '235') { fclose($sock); return "Kirjautuminen epäonnistui: $resp"; }
+
+    // MAIL FROM / RCPT TO / DATA
+    fwrite($sock, "MAIL FROM:<$fromEmail>\r\n");
+    $resp = fgets($sock, 512);
+    if ($resp[0] !== '2') { fclose($sock); return "MAIL FROM hylätty: $resp"; }
+
+    fwrite($sock, "RCPT TO:<$to>\r\n");
+    $resp = fgets($sock, 512);
+    if ($resp[0] !== '2') { fclose($sock); return "RCPT TO hylätty: $resp"; }
+
+    fwrite($sock, "DATA\r\n");
+    $resp = fgets($sock, 512);
+    if (substr($resp, 0, 3) !== '354') { fclose($sock); return "DATA hylätty: $resp"; }
+
     // Viesti
-    $msg = "From: $from\r\n";
+    $msg = "From: $fromName <$fromEmail>\r\n";
     $msg .= "To: $to\r\n";
     $msg .= "Reply-To: $replyTo\r\n";
     $msg .= "Subject: $subject\r\n";
     $msg .= "Content-Type: text/plain; charset=UTF-8\r\n";
-    $msg .= "X-Mailer: Cuitunet-Web\r\n";
     $msg .= "Date: " . date('r') . "\r\n";
     $msg .= "Message-ID: <" . uniqid('cuitunet-') . "@$hostname>\r\n";
     $msg .= "\r\n";
-    $msg .= str_replace("\n.", "\n..", $body); // Dot-stuffing
+    $msg .= str_replace("\n.", "\n..", $body);
     $msg .= "\r\n.\r\n";
 
     fwrite($sock, $msg);
@@ -132,8 +159,7 @@ function sendViaSMTP(string $from, string $to, string $subject, string $body, st
     return (substr($resp, 0, 3) === '250') ? '' : "Lähetys epäonnistui: $resp";
 }
 
-$fromAddr = 'sivusto@cuitunet.fi';
-$smtpError = sendViaSMTP($fromAddr, $to, $subject, $body, $email);
+$smtpError = sendViaSMTP($to, $subject, $body, $email);
 
 if (empty($smtpError)) {
     // Tallenna rate limit