On Sat, Sep 18, 2021 at 12:44:30AM +0200, Gerald Galster wrote: > The question is how likely it is such a server is dropping tls support > after that work. I'd guess it will be unlikely and errors mostly occur > due to expired certificates or other (temporary) configuration issues.
As a matter of principle and design robustness that is something that senders should take upon themselves to decide unilaterally. Temporarily or permanently disabling STARTTLS, or going with some weird or privata CA is something that a receiving domain must be free to do without coordinating with everyone who's ever sent them email. Therefore, no matter how tempting it might seem, I'd like to strongly discourage sender-initiated pinning. Email delivery is fragile enough without further damage to the ecosystem. -- Viktor.