Viktor's announcement reminds me,It is my understanding if you publish DANE and TLSA records not only must you be using DNSSEC (Which most big companies don't) but then your mail server will not accept mail from anyone not using TLS 1.2+. Why would you want to do that and block receiving some mail?
Or did i misunderstand how it works?
