But don't forget to periodically check the TLS certificate of your SMTP server. Administrators often forget to renew the certificates, and automated renewal processes may also break.
I've seen countless examples of SMTP servers with expired certs. The problem is that you won't notice it, as SMTP will fall back to plain-text communication if the certificate is invalid. So the server will still work with an expired cert.
But if you want to do it right, or if you want to adopt MTA-STS, you usually need to do a bit of regular maintenance on the TLS part.
We've also had some of our users report that an expired cert was hurting their domain reputation for spam algorithms. We have not been able to verify that, but it sounds plausible.
But don't forget to periodically check the TLS certificate of your SMTP server. Administrators often forget to renew the certificates, and automated renewal processes may also break.
I've seen countless examples of SMTP servers with expired certs. The problem is that you won't notice it, as SMTP will fall back to plain-text communication if the certificate is invalid. So the server will still work with an expired cert.
But if you want to do it right, or if you want to adopt MTA-STS, you usually need to do a bit of regular maintenance on the TLS part.
We've also had some of our users report that an expired cert was hurting their domain reputation for spam algorithms. We have not been able to verify that, but it sounds plausible.