1

See also Best practices for using ServerCertificateValidationCallback, which discusses some best practices when making HTTP requests to endpoints with custom certificate checking logic. However SmtpClient doesn't seem to be exposing a similar property.

In my use-case, a multi-tenant saas, the smtp server is user-provided and unknown at compile time. Some user-provided servers are setup correctly and certificate validation should happen, while other servers aren't setup correctly and the user should have the ability to skip certificate validation. This means that I can't (shouldn't) disable certificate checking globally, and only disable certificate checking on a 1-by-1 basis for the lifetime of and scoped to an instance of SmtpClient.

How does one typically do this?

Bouke
  • 11,768
  • 7
  • 68
  • 102
  • 2
    [MailKit](https://github.com/jstedfast/MailKit) supports the callback and is suggested by most devs. – Bizhan Apr 14 '20 at 14:10
  • 1
    _"We don't recommend that you use the SmtpClient class for new development because SmtpClient doesn't support many modern protocols. **Use MailKit** or other libraries instead."_ - [SmptClient - Remarks](https://learn.microsoft.com/en-us/dotnet/api/system.net.mail.smtpclient?view=netframework-4.8#remarks) (emphasis by me) – Fildor Apr 14 '20 at 14:13

0 Answers0