On 07/01/2019 11:34, Paul Smith wrote:
A simple TXT record saying "This domain's MTAs support STARTTLS (and,
possibly, optionally, this is the certificate fingerprint)" would seem
useful and not need anything else, and would protect against STARTTLS
downgrade for any sender willing to support it.
Starting to look like a DANE TLSA record...
ietf-smtp mailing list