Well, I have a pretty good idea, and the answer won't comfort you.
To further elaborate on this pointless saga: last December, I actually met a FB engineering executive while on holiday, happened to mention this issue in casual conversation (I know: sad!) and they were going to put me in touch with All The Right People who were going to Fix This Immediately.
Guess what? The "oh, if the remote rDNS ends with mail-mail.facebook.com, just don't advertise STARTTLS" 'fix' is still very much in place, and probably will be indefinitely, even if that enables the entire Internet to eavesdrop on potentially-exciting stuff like login recovery tokens.
And, yeah, the saddest part is that I could actually live-troubleshoot this issue with anyone at any time, providing PCAPs, updating the outgoing mail server behavior on demand, whatever. But that's just not the way the Internet (or, I guess, anything) works anymore, I'm afraid: 25 years-or-so ago I had, like, the pager number of the person running the national backbone, and we had many late-night conversations fixing subtle-but-annoying BGP/DNS/whatever issues, which was cool.
These days? Being ignored is the best you can hope for, which goes back to my original point that everything is awful. Depressing, really...
Well, I have a pretty good idea, and the answer won't comfort you.
To further elaborate on this pointless saga: last December, I actually met a FB engineering executive while on holiday, happened to mention this issue in casual conversation (I know: sad!) and they were going to put me in touch with All The Right People who were going to Fix This Immediately.
Guess what? The "oh, if the remote rDNS ends with mail-mail.facebook.com, just don't advertise STARTTLS" 'fix' is still very much in place, and probably will be indefinitely, even if that enables the entire Internet to eavesdrop on potentially-exciting stuff like login recovery tokens.
And, yeah, the saddest part is that I could actually live-troubleshoot this issue with anyone at any time, providing PCAPs, updating the outgoing mail server behavior on demand, whatever. But that's just not the way the Internet (or, I guess, anything) works anymore, I'm afraid: 25 years-or-so ago I had, like, the pager number of the person running the national backbone, and we had many late-night conversations fixing subtle-but-annoying BGP/DNS/whatever issues, which was cool.
These days? Being ignored is the best you can hope for, which goes back to my original point that everything is awful. Depressing, really...