Two new standards have recently become interesting:
- MTA-STS (SMTP MTA Strict Transport Security – RFC 8461) which can be used to advertise that your mail server supports STARTTLS
- SMTP TLS Reporting (RFC 8460) which allows other mail servers to send you reports about whether your mail server responded properly to TLS
Google recently announced they are implementing both standards in Gmail, so I decided it would be a good time to add them to my mailserver configuration. SANS ISC has a nice writeup about how to easily implement both features.
https://www.hardenize.com already supports checking both features, if you want to verify your setup once you are done.