System.Net.Mail with SSL to authenticate against port 465

Sending mail using System.Net.Mail with SSL will fail:


System.Net.NetworkCredential aCred = new System.Net.NetworkCredential(“myacct”, “mypassword”);

SmtpClient smtp = new SmtpClient(“”, 465);

smtp.EnableSsl = true;

smtp.UseDefaultCredentials = false;

smtp.Credentials = aCred;


System.Net.Mail only supports “Explicit SSL”. 


Explicit SSL

System.Net.Mail only supports “Explicit SSL”.  Explicit SSL starts as unencrypted on port 25, then issues a STARTTLS and switches to an Encrypted connection.  See RFC 2228.


Explicit  SLL would go something like: Connect on 25 -> StartTLS (starts to encrypt) -> authenticate -> send data


If the SMTP server expects SSL/TLS connection right from the start then this will not work.


If you see “530 Must issue a STARTTLS command first” being returned while trying to send a message, then Explicit SSL is what is being expected.


Implicit SSL

There is no way to use Implicit SSL (SMTPS) with System.Net.Mail.  Implicit SSL would have the entire connection is wrapped in an SSL layer.  A specific port would be used (port 465 is common).  There is no formal RFC covering Implicit SSL.


Implicit  SLL would go something like: Start SSL (start encryption) -> Connect -> Authenticate -> send data


This is not considered a bug, it’s by design. There are two types of SSL authentication for SMTP, and we only support one with System.Net.Mail (by design) – Explicit SSL. 

Windows Mail uses System.Net.Mail to send messages – so it wont work with Implicit SSL.  Outlook Express and System.Web.Mail use CDOSYS for sending messages and should work since CDOSYS can work with Explict SSL and Implicit SSL.

Comments (22)

  1. ctrager says:

    Any idea when System.Net.Mail will support SMTP using implicit SSL?

  2. Webdav101 says:

    I have no idea when it will be fixed.  Can never get dates on when changes will be made.  The .NET Devs do know there is a need for this, however it would probably be done as part of a service pack or major release.  

  3. System.Net.Mail SSL 465下发送不成功的原因吧, 应该是暂时System.Net.Mail 不支持Implicit SSL, 仅支持Explicit SSL

  4. PatrickHorn says:

    Is there any news on Implicit SSL in the past year?  Can it be done in any version of System.Net.Mail?

  5. Webdav101 says:

    There havent been any changes yet.  However, I have not checked-out .NET 4.0 since its still in Beta.

  6. Dave says:

    As of now .Net 4 does not have a fix for this issue

  7. Bryan Allred says:

    I've commented on this at the link below. Essentially you can call the CDO (Collaborative Data Object) via COM to do what is needed. The example was for GMail, but in real life I had to use this because a client's server was only accepting implicit SSL connections (go figure). The KB article is also referenced below which will demonstrate this using C#.…/3845907…/310212

  8. Webdav101 says:

    Hello Bryan;  

    I know… I noted CDOSYS in the blog already – its the same CDO you are referring to. The same approach will also works with CDOEX – the Exchange centric superset of CDOSYS.  Be sure to call System.Runtime.InteropServices.Marshal.ReleaseComObject( ) with every .NET referenced CDO object when your code is finished or you will leak.  This and using forloops are some of the largest causes of leaks under .NET.   This sould be done anytime .NET code is used against a COM object.   Most samples on the web dont show this clean-up being done, however it should be.  There is no reason to not use CDOSYS unless your .NET code needs to run on a non-Microsoft platform.  CDOSYS has been in all MS operating systems since Windows 2000 and in many ways is more capable and sound that System.Net.Mail; I also don't see CDOSYS going away any time soon.

  9. Joe Smith says:

    So is there no way to code round this?…….

    What is the solution for enabling Email from an app built in ASP.Net 3.5 utilising a provider that requires SSL at port 465?……..

  10. Viktor says:

    Hi guys! I try to use CDOSYS to send emails (SMTPS), but I always receive "The transport failed to connect to the server" exception. I use the "465" port  with smtpusessl = "1". My SMTP server is accessible by port "465" and I can send emails using Rebex.NET library. I think I need to perform certificate validation, but I don't know how to perform this validation using CDOSYS. Could you please provide me with some examples of certificate validation performance by means CDOSYS?

    I am looking forward to your response!!!!


  11. Verizon wants it email customers to change to authentication and port 446 and may force its use in 2012 – no date set.  Programs based on VB.Net will not work as indicated.  I personally wrote software with VB to handle community mail for our 55 and older development.  It will be useless if Verizon insists. Verizon is rather large; I would hope MS provide a fix.

    Ed Bitzer

  12. Webdav101 says:

    Hello Ed;

    It would need more than a fix – its something which was never implemented. I don't know if/when it will.  For now the best thing to do is to use CDOSYS with .NET – CDOSYS is fully supported under .NET and actually much more functional and proven then the System.Net.Mail. .NET code does call COM in many places, so please don't let it being COM based be something from preventing its usage.  CDOSYS is a standard windows component and has been in all versions of Windows since Windows 2000. The devs who cover this area know of its need, however its weighed against all other changes which need to be made. If our a Premier customer, you could also try pushing for a product change.



  13. For now you can use a COM solution provided by this stackoverflow answer:…/550975

  14. Webdav101 says:

    Thanks Sergey.  That COM project from stackoverflow is using CDOSYS.  When looking at any article mentioning CDO its important to see which CDO is being used since the term CDO (Collaboration Data Objects) has been overly used.  CDOSYS is on all Windows operating systems starting with Windows 2000, though I have not checked Windows RT.  CDOEX was a superset of CDOSYS which ran explicitly on Exchange 2000 and 2013 – it had the ability to work on items in a mailbox in addition to the SMTP sending abilities of CDOSYS.  CDONTS is an older API for sending email by SMTP – it was replaced by CDOSYS long ago.  Then there is CDO 1.21, which does not send email by SMTP and rather it works directly against a mailbox using a MAPI provider.  I'm hoping that "CDO" won't be used on any more APIs since its there are already too many APIs which use it in their name.

    If anyone reading this thinks that they should avoid CDOSYS because its COM based then please understand that its fully supported under .NET.  Further, it has a lot of capabilities which no other .NET messaging class has ever had.  The System.Net.Mail was built by .NET developers from scratch as I recall.  However, CDOSYS was written by Exchange developers and has been honed and heavily fixed over many, many years.

    The only major issue with using CDOSYS is being sure that the underlying COM objects get released – you will run into this issue any time .NET code wraps COM objects (interops are basically .NET code wrapping around a COM object).  For info on releasing the underlying objects and preventing leaks with COM objects wrapped by .NET code, please read these articles:…/oom-net  Those article talk working with the Outlook interops, however the same rules apply to other interops such as what you would use with COSYS.

    One important note:  As mentioned in that stockoverflow posting, you need to have references to CDO and ADODB.  You should set a reference to CDO only in Visual Studio and Visual Studio should create interops for both CDOSYS and ADODB.  I've seen problems where code did not work if a reference was set to ADODB and then COOSYS.  So, if you did set a reference to ADODB manually and are having issue then remove both references from the project, delete the interop files and them set a reference to CDOSYS and let Visual Studio generate interops for both and also add a reference to ADODB.

  15. Madhu says:

    Is System.Net.mail with SSL enables implemented in .Net Framework 4.5? If not any idea on whether it will be implemented or not?

  16. Alex says:


    It seems that this topic never ends.

    I'm looking for a _reliable_ way to send emails and already tried a couple of things (System.Net.Mail and Lumisoft 3d party library). Now I want to try CDO but I found out that it does not support STARTTLS.

    Do you know anything about it?



  17. Osmond says:

    You can use componentpro ultimate mail to send mail over ssl. Here is the example code snippet:

    using ComponentPro.Net;

    using ComponentPro.Net.Mail;

    // Create a new instance of the Smtp class.

    Smtp client = new Smtp();

    // Connect to the server.

    client.Connect("myserver", 465, SecurityMode.Implicit);

    // Login to the server.

    client.Authenticate("user", "password");

    // Create a new mail message.

    MailMessage msg = new MailMessage();

    msg.Subject = "Test Subject";

    msg.BodyText = "Content";

    msg.From = "";

    msg.To = "";

    // And send it.


    // Close the connection.


  18. Vlad says:

    People in Russian community solved this problem in a simple, but weird way…/237899

    You must set SSL=true and Port=25. Server responds to your request from unprotected 25 and then throws connecion to protected 465. This trick worked for Gmail an some Russin mail services.

  19. Zpektrum says:

    I know this is a widely referenced blog post, so I will put here what i think is THE solution: a free and OSS library called AEGIS Implicit Mail. You can get it from Nuget…/AIM

  20. Wiccio says:

    @Zpektrum: And how do you use this library in C #?

  21. AIM says:

    Have a look on AIM wiki, the simplest way you can send Implicit SSL Mails…/wiki