diff --git a/internal/smtpsrv/conn.go b/internal/smtpsrv/conn.go
index 8a67e42..2fb88d1 100644
--- a/internal/smtpsrv/conn.go
+++ b/internal/smtpsrv/conn.go
@@ -72,6 +72,14 @@ var (
 	maxReceivedHeaders = flag.Int("testing__max_received_headers", 50,
 		"max Received headers, for loop detection; ONLY FOR TESTING")
 
+	// Disable incoming domain info rejection. This is insecure, as it allows
+	// connection downgrading attacks.
+	// This flag is experimental and likely to be either removed, or replaced
+	// by a config option.
+	disableDomainInfoIncomingRejection = flag.Bool(
+		"insecure__disable_domain_info_incoming_rejection", false,
+		"disable rejection based on incoming domain info checks; INSECURE")
+
 	// Some go tests disable SPF, to avoid leaking DNS lookups.
 	disableSPFForTesting = false
 )
@@ -559,6 +567,11 @@ func (c *Conn) secLevelCheck(addr string) bool {
 		c.tr.Errorf("security level check for %s failed (%s)", domain, level)
 	}
 
+	if *disableDomainInfoIncomingRejection {
+		c.tr.Debugf("DomainInfo incoming rejection disabled, accepting mail")
+		return true
+	}
+
 	return ok
 }