The security engineers at Yahoo have just released a study measuring the SMTP STARTTLS Deployment Quality of the modern mail ecosystem. They have concluded that the use of STARTTLS is common and widespread but that growth has faltered in recent years.
At DuoCircle we support STARTTLS on ALL of our inbound and outgoing servers. On all load balancers and on each individual server.
One of the recommendations that the Yahoo research suggests is to have all ssl certificates signed by a valid certificate authority. This is the only part of the process that we are deficient.
We currently self sign our certificates however this does not impact the TLS security nor the handshake. We do this because of the size of the clusters and maintaining consistency on all of our node. However we will evaluate the use of a specific standard wildcard ssl certificate on each of the clustered machines to address this issue.
Using CheckTLS.com you can validate that we use
SSLVersion in use: TLSv1.2
Cipher in use: ECDHE-RSA-AES128-SHA256
If you care about security and want an email gateway provider that does also, check out our services.