diff --git a/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.test.ts b/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.test.ts
index c6317a6a980bb7..cc3f03f50c36fe 100644
--- a/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.test.ts
+++ b/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.test.ts
@@ -138,7 +138,7 @@ describe('send_email module', () => {
           "port": 1025,
           "secure": false,
           "tls": Object {
-            "rejectUnauthorized": true,
+            "rejectUnauthorized": false,
           },
         },
       ]
@@ -187,6 +187,9 @@ describe('send_email module', () => {
           "host": "example.com",
           "port": 1025,
           "secure": true,
+          "tls": Object {
+            "rejectUnauthorized": true,
+          },
         },
       ]
     `);
diff --git a/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.ts b/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.ts
index 79842f4aec02bb..d4905015f7663b 100644
--- a/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.ts
+++ b/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.ts
@@ -80,10 +80,13 @@ export async function sendEmail(logger: Logger, options: SendEmailOptions): Prom
       };
       transportConfig.proxy = proxySettings.proxyUrl;
       transportConfig.headers = proxySettings.proxyHeaders;
-    } else if (!transportConfig.secure) {
-      transportConfig.tls = {
-        rejectUnauthorized,
-      };
+    } else if (!transportConfig.secure && user == null && password == null) {
+      // special case - if secure:false && user:null && password:null set
+      // rejectUnauthorized false, because simple/test servers that don't even
+      // authenticate rarely have valid certs; eg cloud proxy, and npm maildev
+      transportConfig.tls = { rejectUnauthorized: false };
+    } else {
+      transportConfig.tls = { rejectUnauthorized };
     }
   }