Well the source is not wrong, our requirement is just being misinterpreted in this thread. We don’t claim their policy doesn’t exist, we said it doesn’t meet the following criteria (which is true):
If DMARC authentication is being used, the policy must be set to
rejectorquarantine.
The fact of the matter is that we have 4 excellent mailbox providers who can meet all of the requirements we’re looking for. Posteo also recycles deleted email addresses, which we find to be problematic.
That being said, using Posteo is probably not going to be super dangerous or anything if you understand these limitations (obviously much better than mainstream email providers). I think Posteo actually meets all our other requirements, which is fairly impressive (but don’t take my word for that because I haven’t looked at Posteo/email providers in like a year). But if Posteo isn’t going to live up to all the standards that other providers in the space already provide we’re still not going to recommend it. I don’t know of any reason it might be better than the alternatives at least. Hope that answers the OP’s question 