Re: Email transport is insecure
According to our isp Cisco released a fw update 2-3 years ago that changed a default so that they downgrades starttls requests, ie mitm pretending to each mailserver at each end that they don't support STARTTLS. How bad is that!. It is definitely an option in their routers to help them sell another service.
I'm now going to put checks in for remote sites that downgrade connections. For where this occurs I bet there is a Cisco router in the middle.