Forcing MTA Security

So I had created a different thread about PKI/client-side/data at rest security, but I wanted to ask about more reasonable amounts of security.

I know that horrible mail servers exist where they’re configured to not even be capable of TLS/SSL. I know there’s an option in Postfix to have security as a may, must (or “yes”, I forget), and no. Since humanity hates itself, we still allow security as a may to be acceptable, since we feel sorry for horrible system administrators.

However, I imagine there are many scenarios where sensitive data may need to be sent via email. In which case, I wanted to know if it were possible to have a domain for “may” security ( and another domain for “must” security (, where it would reject any incoming/outgoing insecure MTA-to-MTA communication. Like, I would want to register my Paypal account with and maybe put on a business card, for the dum dums who still use mail providers that don’t enable security. If a conversation escalated with a person, I would ask that person to start sending mail to or maybe change the reply-to and sent-from fields, so that it could smoothly transition between the two mail accounts (I would probably want to configure my box to manage both accounts using the same inbox/sent/draft/spam/junk stuff).

EDIT: also, is it possible to auto-send back an unencrypted error email, saying something to the effect of “Sorry, but your mail server does not support security. This is a secure mail server. Please either use another mail account on a mail server with enabled security, or contact your mail server administrator about enabling security on your server.” for users who attempt to send mail that don’t allow secure mail?

If you are looking to increase email security, I’d encrypt the emails you send (client plugin!) with GPG/PGP.

Email is, by design, a clear-text transport of information. Try one of these:

Never rely on servers to do your encryption. That’s my best practice. I encrypt where and when I can client side as that is the safest way to do it.

In an ideal world yes, but §GP(G) isn’t always an option. For example sometimes I have to send my personal information as part of a KYC procedure, and most companies don’t bother dealing with encrypted mail. I prefer using e-mail over phone, live chat and such so I’d like to know when I can do that safely.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.