On Sat, Sep 18, 2021 at 12:44:30AM +0200, Gerald Galster wrote:
> The question is how likely it is such a server is dropping tls support
> after that work. I'd guess it will be unlikely and errors mostly occur
> due to expired certificates or other (temporary) configuration issues.
As a matter of principle and design robustness that is something that
senders should take upon themselves to decide unilaterally.
Temporarily or permanently disabling STARTTLS, or going with some weird
or privata CA is something that a receiving domain must be free to do
without coordinating with everyone who's ever sent them email.
Therefore, no matter how tempting it might seem, I'd like to strongly
discourage sender-initiated pinning. Email delivery is fragile enough
without further damage to the ecosystem.
--
Viktor.
