What are limitations of MTA-STS deployment?

Requires HTTPS hosting.

Requires certificate management.

Not universally supported.

Does not protect message content itself.

Cannot override recipient server behavior.