Since #501, we allow plaintext connections to upstream servers. We should give upstream servers the option to enforce secure TLS connections via "SMTP MTA Strict Transport Security" aka. MTA-STS.
See RFC 8461
For example, dig txt _mta-sts.gmail.com shows a "v=STSv1; id=20190429T010101;" TXT record, and https://mta-sts.gmail.com/.well-known/mta-sts.txt contains the configuration:
version: STSv1
mode: enforce
mx: gmail-smtp-in.l.google.com
mx: *.gmail-smtp-in.l.google.com
max_age: 86400
Since #501, we allow plaintext connections to upstream servers. We should give upstream servers the option to enforce secure TLS connections via "SMTP MTA Strict Transport Security" aka. MTA-STS.
See RFC 8461
For example,
dig txt _mta-sts.gmail.comshows a"v=STSv1; id=20190429T010101;"TXT record, and https://mta-sts.gmail.com/.well-known/mta-sts.txt contains the configuration: