diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 42c32c7..b85445e 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -13,7 +13,7 @@ variables:
   Solution: 'src/NLog.MailKit.sln'
   BuildPlatform: 'Any CPU'
   BuildConfiguration: 'Release'
-  Version: '5.2.0'
+  Version: '5.2.1'
   FullVersion: '$(Version).$(Build.BuildId)'
 
 steps:
@@ -29,7 +29,7 @@ steps:
     projects: '$(Solution)'
     verbosityRestore: Minimal
 
-- task: SonarCloudPrepare@2
+- task: SonarCloudPrepare@3
   displayName: 'Prepare SonarCloud analysis'
   inputs:
     SonarCloud: 'Sonarcloud'
@@ -60,10 +60,10 @@ steps:
     configuration: '$(BuildConfiguration)'
     rerunFailedTests: true
 
-- task: SonarCloudAnalyze@2
+- task: SonarCloudAnalyze@3
   displayName: 'Run SonarCloud Analysis'
 
-- task: SonarCloudPublish@2
+- task: SonarCloudPublish@3
   displayName: 'Publish SonarCloud Quality Gate'
 
 - task: CopyFiles@2
diff --git a/src/NLog.MailKit/MailTarget.cs b/src/NLog.MailKit/MailTarget.cs
index 2c64cf1..7103fdb 100644
--- a/src/NLog.MailKit/MailTarget.cs
+++ b/src/NLog.MailKit/MailTarget.cs
@@ -205,6 +205,19 @@ public Layout Body
         /// <docgen category='SMTP Options' order='14' />.
         public Layout<bool> EnableSsl { get; set; }
 
+        /// <summary>
+        /// Get or set whether the client should use the REQUIRETLS extension if it is available.
+        /// </summary>
+        /// <remarks>
+        /// <para>Gets or sets whether the client should use the REQUIRETLS extension if it is available.</para>
+        /// <para>The REQUIRETLS extension (as defined in rfc8689) is a way to ensure that every SMTP server
+        /// that a message passes through on its way to the recipient is required to use a TLS connection in
+        /// order to transfer the message to the next SMTP server.</para>
+        /// <note type="note">This feature is only available if connected SMTP server supports capability
+        /// <see cref="SmtpCapabilities.RequireTLS"/> flag when sending the message.</note>
+        /// </remarks>
+        public Layout<bool> RequireTLS { get; set; }
+
         /// <summary>
         /// Provides a way of specifying the SSL and/or TLS encryption
         /// 
@@ -354,6 +367,8 @@ private void SendMailMessage(MimeMessage message, LogEventInfo lastEvent)
                 }
 
                 var enableSsl = RenderLogEvent(EnableSsl, lastEvent);
+                var requireTLS = RenderLogEvent(RequireTLS, lastEvent);
+
                 var secureSocketOptions = enableSsl ? SecureSocketOptions.SslOnConnect : RenderLogEvent(SecureSocketOption, lastEvent, DefaultSecureSocketOption);
                 var smtpPort = RenderLogEvent(SmtpPort, lastEvent);
                 InternalLogger.Debug("Sending mail to {0} using {1}:{2}", message.To, renderedHost, smtpPort);
@@ -366,8 +381,13 @@ private void SendMailMessage(MimeMessage message, LogEventInfo lastEvent)
                     client.ServerCertificateValidationCallback += (s, cert, chain, sslPolicyErrors) => true;
                 }
 
+                if (requireTLS)
+                {
+                    client.RequireTLS = true;   // Requires SMTP Server capability SmtpCapabilities.RequireTLS
+                }
+
                 client.Connect(renderedHost, smtpPort, secureSocketOptions);
-                InternalLogger.Trace("{0}: Connecting succesfull", this);
+                InternalLogger.Trace("{0}: Connecting succesfull with SmtpCapabilities={1}", this, client.Capabilities);
 
                 // Note: since we don't have an OAuth2 token, disable
                 // the XOAUTH2 authentication mechanism.
diff --git a/src/NLog.MailKit/NLog.MailKit.csproj b/src/NLog.MailKit/NLog.MailKit.csproj
index e6f9d42..9a15be8 100644
--- a/src/NLog.MailKit/NLog.MailKit.csproj
+++ b/src/NLog.MailKit/NLog.MailKit.csproj
@@ -1,6 +1,6 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 	<PropertyGroup>
-		<TargetFrameworks>netstandard2.0;netstandard2.1</TargetFrameworks>
+		<TargetFrameworks>net462;netstandard2.0;netstandard2.1</TargetFrameworks>
 		<Authors>Julian Verdurmen</Authors>
 		<Company>NLog</Company>
 		<Description>NLog Mail Target for .NET Core &amp; .NET Standard 2.0+ using MailKit.
@@ -28,11 +28,8 @@ If the mail target was already available on your platform, this package will ove
 		<AssemblyOriginatorKeyFile>NLog.snk</AssemblyOriginatorKeyFile>
 		<DelaySign>false</DelaySign>
 		<PackageReleaseNotes>
-- Added support for PickupDirectoryLocation
-- Added support for email headers
-- Added target-alias mailkit
-- Updated to NLog v5.2.2
-- Updated to MailKit v3.3.0
+- Updated to MailKit v4.7.1.1 (Fix security issue)
+- Added option RequireTLS
 
 See https://github.com/NLog/NLog.MailKit/releases
       
@@ -47,7 +44,7 @@ See https://github.com/NLog/NLog.MailKit/releases
 		<DefineConstants>RELEASE</DefineConstants>
 	</PropertyGroup>
 	<ItemGroup>
-		<PackageReference Include="MailKit" Version="3.3.0" />
+		<PackageReference Include="MailKit" Version="4.7.1.1" />
 		<PackageReference Include="Microsoft.SourceLink.GitHub" Version="8.0.0" PrivateAssets="All" />
 	</ItemGroup>
 	<ItemGroup>
diff --git a/test/NLog.MailKit.Tests/NLog.MailKit.Tests.csproj b/test/NLog.MailKit.Tests/NLog.MailKit.Tests.csproj
index e3d941e..2ce5ca9 100644
--- a/test/NLog.MailKit.Tests/NLog.MailKit.Tests.csproj
+++ b/test/NLog.MailKit.Tests/NLog.MailKit.Tests.csproj
@@ -9,10 +9,10 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.1" />
     <PackageReference Include="SmtpServer" Version="7.2.0" />
-    <PackageReference Include="xunit" Version="2.8.0" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.8.0">
+    <PackageReference Include="xunit" Version="2.9.2" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.8.2">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
     </PackageReference>