Still focusing on Run Your Own Mail Server, and so close to the end I could spit on it.
Remember, we’re talking about a protocol that doesn’t require validating certificate authenticity. The standards for TLS in email are low, no matter how we might wish otherwise.
So, what do we do?
One group of mail operators prioritizes broad compatibility. They still allow deprecated TLS and weak ciphers because they’re better than plain text. Postfix ships with this configuration, because otherwise people complain. Another group prioritizes transport integrity. They encourage DANE (or more recently, MTA-STS) and reject both plain text and any version of TLS other than 1.2 and 1.3. A third group keeps reminding everyone that email is not secure, has never been secure, and if you want privacy you should send physical postcards. You must understand which group you fall in, and recognize that other groups have different requirements.
Performing MTA-STS lookups is the last technical topic I must write about, then it’s social stuff I can blast out in a day.