[zokier]

> That is almost always in clear text, as most of this infrastructure was designed 30 years ago and hasn't evolved much since then

Email has definitely evolved since it's inception. STARTTLS (RFC3207) is the relevant standard here.

[bigiain]

I don't suppose anyone has any stats (or even educated guesses) about how many mail servers you'd not be able to connect/send to if you enforced TLS connections from your outgoing SMTP server (as in, refused to send data to servers that didn't respond appropriately to a STARTTLS command)?

[tedunangst]

Having run a mail server that used to have a self-signed cert and that now doesn't offer starttls at all, I can tell you I experienced zero failed deliveries (well, nobody has ever complained, and I still get all the mail I expect to get). Maybe incoming mail will use starttls if available, but if it's not (mitm, fake mx record, etc.) the remote server isn't going to stop. It just delivers in plaintext.

I mean, it's trival to see this is true. Open up your mail server's configuration file. Where's the line that specifies trusted root CAs for relaying to remote servers? Oh, there isn't one? So how does it verify the chain of trust?

(I realize I didn't quite address your question. Solid answer: at least one. But I'm fairly confident the number of server configured as you suggest is extremely close to zero.)