I installed em Client and connected with an own server. This has a ssl certificate from startssl for the second level domain (sld.tld) and www.sld.tld
In the settings I inserted mail0x.sld.tld for smtp and imap and let em Client just communicate encrypted with the server.
I expected this would not work because the ssl certificate does not have mail0x.sld.tld in its DSN Name, but I do not get any error messages.
While not checking whether the certificate fits to the server a man in the middle attack might be possible.
The ip for sld.tld, www.sld.tld and mail0x.sld.tld is the same. But this is not how ssl checks should work.
I hope I have something missed because this would be a really problematic bug.