email encryption downgrade attack :
ISPs that remove #STARTTLS flag and as a result break email encryption
▻https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks
This type of STARTTLS stripping attack has mostly gone unnoticed because it tends to be applied to residential networks, where it is uncommon to run an email server
[...]
There are several weak points in the STARTTLS protocol, however. The first weakness is that the flag indicating that a server supports STARTTLS is not itself encrypted, and is therefore subject to tampering, which can prevent that server from establishing an encrypted connection. That type of tampering is exactly what we see today. EFF is working on a set of improvements to STARTTLS, called STARTTLS Everywhere, that will make server-to-server encryption more robust by requiring encryption for servers that are already known to support it.
RFC 3270 : SMTP Service Extension for Secure SMTP over Transport Layer Security
▻http://www.bortzmeyer.org/3207.html