[[!comment format=mdwn
 username="guilhem"
 avatar="http://cdn.libravatar.org/avatar/86d6cb4bde1ef88730b14ccad0414c28"
 subject="comment 1"
 date="2015-06-05T15:52:00Z"
 content="""
I'm all for ubiquitous encryption, but note that without TLSA records and DNSSEC, any MX is trivially vulnerable to downgrade attacks: an adversary sitting in the middle can easily strip the STARTTLS EHLO/HELO response, and force the communication to happen in the clear :-P
"""]]