I look after a few email servers and after implementing much stricter encryption settings at the start of the year, I noticed some emails were never making it to accounts - being rejected at the negotiation stage (where the remote server sending the email agrees an encryption protocol and cipher with the local server).
I was puzzled by this. TLS is hardly new, yet these servers were only ever attempting to use SSLv3 and then failing to 'upgrade' to TLS - not even TLS1.0. Poor show.
This isn't unique either - I periodically run a script which reports the spread of protocols and ciphers of incoming email connections; here's a sample from one server for the last hour......The stats don't make for pretty reading: