Hi Seth, 

My solution is intended for clients. A client should decide whether to transmit mails in clear text or not. 

In other words, the server can accept mails in clear text. The prefix informs the client, that the server supports TLS. 

A client that knows what "starttls-" prefix stands for, would come to know downgrade attacks if the STARTTLS command not found in EHLO response. 

If I force the server to accept only TLS, then that's not backward compatible.

Thanks

On Sat, Jan 12, 2019 at 9:24 PM Seth Mattinen <sethm@rollernet.us> wrote:
On 1/11/19 9:38 AM, Viruthagiri Thirumavalavan wrote:
> Hello NANOG, Belated new year wishes.
>
> I would like to gather some feedback from you all.
>
> I'm trying to propose two things to the Internet Standard and it's
> related to SMTP.
>
> (1) STARTTLS downgrade protection in a dead simple way
>
> (2) SMTPS (Implicit TLS) on a new port (26). This is totally optional.


Why would anyone need this when you can just set an option in most (all
modern?) SMTP servers to refuse clear connections if you want to force
TLS at all times?


--
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.