Skiff Mail (Email Provider)

Yes, basically.

We added a criteria (within the last few weeks) specifying that mail infrastructure has to be on servers you own/operate instead of outsourced. There were a few reasons for this, having a setup like yours might enable downgrade attacks if inbound-smtp.skiff.com was blocked on a network for example. Ultimately we feel it’s conceivable that backup MX servers might be used in situations other than actual outages of the primary servers, and it’s easier to just avoid that situation altogether.

Since mail senders are required by spec to retry delivery if the receiving server is offline for at least a good while, I’m not really concerned about outages personally given that they don’t last 1+ day or anything… Of course if you had a mail server on separate infrastructure with a lower priority for backups that you still manage yourself that would be fine. (It could simply queue incoming mail for delivery once the primary servers come back online, so it would potentially be less complex and less prone to outages than your primary servers.)

Even ignoring that, not being able to configure the security defaults of Amazon SES would disqualify you anyways once the changes at Minimum TLS requirements (for Email Providers) are made, which sounds like will be happening soon based on our talks with other providers so far. (Your main mail servers already meet our future criteria in that thread).