[chrismorgan]

> In theory, your customer might be using an email provider that doesn’t support encryption - which could lead them to sending something to you insecurely and putting them at risk. I think most organisations can accept this risk given how rare this is, given that this is on the customer’s end.

I think we’ve reached the stage where major providers are rejecting messages over cleartext, right? Requiring either explicit TLS or STARTTLS?

[lambdaxyzw]

I seriously doubt it. I've tried to set up my (tiny) company email TLS-only, and had to backtrack two days later when two different customers complained that their emails were bounced. One of them was representing a major national bank. I've lost the last bit of hope for e-mail I had.