How can I comply with StartTLS Everywhere as a self-hosted email user?

[pipboy96]

Suppose I self-host my email server. I both send and receive mail. How can I advertise my server as compliant and require encrypted connections to compliant servers?

[sydneyli]

Great question!

Here is the state of things as of now:

Sending: if you're on Postfix, try out our plugin which should transform the file into a configuration format Postfix can understand. @Snawoot proposed #124, which should allow folks who'd like to start enforcing mail to enforce policies that are in testing mode, too!

Receiving: go to https://starttls-everywhere.org and type in your domain-- from there there should be a flow for your domain to request addition to the list. If you have an MTA-STS policy up, we're currently working on a way to make this process much easier if you have a valid MTA-STS policy :)

Note that the project is still in an alpha stage, so your domain will get added in "testing" mode for now. We'll be changing this very soon, and hopefully have more clear documentation about this process in general!