As a consequence of these findings, we have made the decision to implement Opportunistic Encryption, which means that we will attempt to negotiate a TLS connection to the destination mail server. If that’s not possible, we will fall back to an unencrypted connection.

We have also notified the postmasters of the recipient mail servers that aren’t correctly configured to support TLS so that they can remediate their systems.