In the Fastmail blog, a June 2018 post talks about STARTTLS (
https://fastmail.blog/2018/06/27/let...ls-everywhere/).
When testing Fastmail.com on the STARTTLS Everywhere site (
https://starttls-everywhere.org/results/?fastmail.com), it reveals that Fastmail.com's mailserver supports STARTTLS, uses great TLS parameters, and presents a valid certificate, which is tops.
However, it also says that the Fastmail.com domain was not added to the Electronic Frontier Foundation's STARTTLS Policy List, which would reportedly help mitigate downgrade attacks, so servers have another point of reference to discover that Fastmail support STARTTLS.
May Fastmail consider doing so?