[ape4]

The "MITM on all HTTPS traffic in Kazakhstan" issue suggests that relying on STARTTLS for email encryption isn't that great.

[Avamander]

To be fair e-mail is garbage trough-and-trough. You can't even use SNI, nothing cares about certificate validity, even less about Staple and CT.

[cpach]

How about MTA-STS? I guess that improves the situation a bit, no?

[tatersolid]

Not really. Until MTA-STS is deployed in “hard fail” mode by almost everybody it doesn’t matter.

Similarly, SPF/DKIM did not solve spam because nobody was willing to really drop incoming mail with bad or missing signatures.

Email is an “ossified” protocol. It should fade away, and be replaced with something else modern and secure like a “federated Signal”.

If that something else allows anyone to send to anyone without permission, it too will be killed by spam.