> People were (wisely) blocking port 25 twenty years ago.

20 years ago (2005) STARTTLS was still widely in use. Clients can be configured to call it when STARTTLS isn't available. But clients can also be served bogus or snake oil TLS certs. Certificate pinning wasn't widely in use for SMTP in 2005.

Seems STARTTLS is deprecated since 2018 [1]

Quote: For email in particular, in January 2018 RFC 8314 was released, which explicitly recommends that "Implicit TLS" be used in preference to the STARTTLS mechanism for IMAP, POP3, and SMTP submissions.

[1] https://serverfault.com/questions/523804/is-starttls-less-sa...