RFC 8461 proposes a mechanism to declare the ability to receive TLS secure SMTP connections and to specify whether sending SMTP servers should refuse to deliver to MX hosts that do not offer TLS with a trusted server certificate.
The idea is that the sender enforces a valid STARTTLS (at least TLS 1.2, valid certificate matching the domain name of the inbound server) when MTA-STS is properly configured:
posted at: 18:00 | path: /configuration | permanent link