diff --git a/app.json b/app.json
index 6c7b0b7533..e6a3a00515 100644
--- a/app.json
+++ b/app.json
@@ -194,6 +194,11 @@
       "description": "Use a secure SMTP connection (optional)",
       "required": false
     },
+    "SMTP_DISABLE_STARTTLS": {
+      "value": "false",
+      "description": "Disable STARTTLS even if the server supports it (optional)",
+      "required": false
+    },
     "SMTP_TLS_CIPHERS": {
       "description": "Override SMTP cipher configuration (optional)",
       "required": false
diff --git a/server/emails/mailer.tsx b/server/emails/mailer.tsx
index 28484ef25d..b6eecb9906 100644
--- a/server/emails/mailer.tsx
+++ b/server/emails/mailer.tsx
@@ -224,8 +224,8 @@ export class Mailer {
             pass: env.SMTP_PASSWORD,
           }
         : undefined,
-      // Disable STARTTLS entirely when secure is set to false
-      ignoreTLS: !env.SMTP_SECURE,
+      // Disable STARTTLS entirely when SMTP_DISABLE_STARTTLS is set to true
+      ignoreTLS: env.SMTP_DISABLE_STARTTLS,
       tls: env.SMTP_SECURE
         ? env.SMTP_TLS_CIPHERS
           ? {
diff --git a/server/env.ts b/server/env.ts
index e441d5573b..ea8e2aa1e2 100644
--- a/server/env.ts
+++ b/server/env.ts
@@ -417,6 +417,15 @@ export class Environment {
    */
   public SMTP_SECURE = this.toBoolean(environment.SMTP_SECURE ?? "true");
 
+  /**
+   * If true then STARTTLS is disabled even if the server supports it.
+   * If false (the default) then STARTTLS is used if server supports it.
+   *
+   * Setting secure to false therefore does not mean that you would not use an
+   * encrypted connection.
+   */
+  public SMTP_DISABLE_STARTTLS = this.toBoolean(environment.SMTP_DISABLE_STARTTLS ?? "false");
+
   /**
    * Dropbox app key for embedding Dropbox files
    */