diff --git a/deltachat-ffi/deltachat.h b/deltachat-ffi/deltachat.h
index 6e4a824d4..3a691a547 100644
--- a/deltachat-ffi/deltachat.h
+++ b/deltachat-ffi/deltachat.h
@@ -409,8 +409,7 @@ char*           dc_get_blobdir               (const dc_context_t* context);
  * - `server_flags` = IMAP-/SMTP-flags as a combination of @ref DC_LP flags, guessed if left out
  * - `proxy_enabled` = Proxy enabled. Disabled by default.
  * - `proxy_url` = Proxy URL. May contain multiple URLs separated by newline, but only the first one is used.
- * - `imap_certificate_checks` = how to check IMAP certificates, one of the @ref DC_CERTCK flags, defaults to #DC_CERTCK_AUTO (0)
- * - `smtp_certificate_checks` = deprecated option, should be set to the same value as `imap_certificate_checks` but ignored by the new core
+ * - `imap_certificate_checks` = how to check IMAP and SMTP certificates, one of the @ref DC_CERTCK flags, defaults to #DC_CERTCK_AUTO (0)
  * - `displayname`  = Own name to use when sending messages. MUAs are allowed to spread this way e.g. using CC, defaults to empty
  * - `selfstatus`   = Own status to display, e.g. in e-mail footers, defaults to empty
  * - `selfavatar`   = File containing avatar. Will immediately be copied to the 
@@ -5810,7 +5809,7 @@ int64_t         dc_lot_get_timestamp     (const dc_lot_t* lot);
  * These constants configure TLS certificate checks for IMAP and SMTP connections.
  *
  * These constants are set via dc_set_config()
- * using keys "imap_certificate_checks" and "smtp_certificate_checks".
+ * using key "imap_certificate_checks".
  *
  * @addtogroup DC_CERTCK
  * @{
diff --git a/deltachat-jsonrpc/src/lib.rs b/deltachat-jsonrpc/src/lib.rs
index 389206f46..3034c0f8b 100644
--- a/deltachat-jsonrpc/src/lib.rs
+++ b/deltachat-jsonrpc/src/lib.rs
@@ -85,7 +85,7 @@ mod tests {
             assert_eq!(result, response.to_owned());
         }
         {
-            let request = r#"{"jsonrpc":"2.0","method":"batch_set_config","id":2,"params":[1,{"addr":"","mail_user":"","mail_pw":"","mail_server":"","mail_port":"","mail_security":"","imap_certificate_checks":"","send_user":"","send_pw":"","send_server":"","send_port":"","send_security":"","smtp_certificate_checks":""}]}"#;
+            let request = r#"{"jsonrpc":"2.0","method":"batch_set_config","id":2,"params":[1,{"addr":"","mail_user":"","mail_pw":"","mail_server":"","mail_port":"","mail_security":"","imap_certificate_checks":"","send_user":"","send_pw":"","send_server":"","send_port":"","send_security":""}]}"#;
             let response = r#"{"jsonrpc":"2.0","id":2,"result":null}"#;
             session.handle_incoming(request).await;
             let result = receiver.recv().await?;
diff --git a/python/src/deltachat/testplugin.py b/python/src/deltachat/testplugin.py
index e658789ef..8668ee026 100644
--- a/python/src/deltachat/testplugin.py
+++ b/python/src/deltachat/testplugin.py
@@ -433,7 +433,6 @@ class ACFactory:
         if self.pytestconfig.getoption("--strict-tls"):
             # Enable strict certificate checks for online accounts
             configdict["imap_certificate_checks"] = str(const.DC_CERTCK_STRICT)
-            configdict["smtp_certificate_checks"] = str(const.DC_CERTCK_STRICT)
 
         assert "addr" in configdict and "mail_pw" in configdict
         return configdict
@@ -505,7 +504,6 @@ class ACFactory:
                 "addr": cloned_from.get_config("addr"),
                 "mail_pw": cloned_from.get_config("mail_pw"),
                 "imap_certificate_checks": cloned_from.get_config("imap_certificate_checks"),
-                "smtp_certificate_checks": cloned_from.get_config("smtp_certificate_checks"),
             }
         configdict.update(kwargs)
         ac = self._get_cached_account(addr=configdict["addr"]) if cache else None
diff --git a/src/config.rs b/src/config.rs
index 16fac5de7..92e1baa43 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -81,11 +81,6 @@ pub enum Config {
     /// SMTP server security (e.g. TLS, STARTTLS).
     SendSecurity,
 
-    /// Deprecated option for backwards compatibility.
-    ///
-    /// Certificate checks for SMTP are actually controlled by `imap_certificate_checks` config.
-    SmtpCertificateChecks,
-
     /// Whether to use OAuth 2.
     ///
     /// Historically contained other bitflags, which are now deprecated.
@@ -257,11 +252,6 @@ pub enum Config {
     /// Configured SMTP server password.
     ConfiguredSendPw,
 
-    /// Deprecated, stored for backwards compatibility.
-    ///
-    /// ConfiguredImapCertificateChecks is actually used.
-    ConfiguredSmtpCertificateChecks,
-
     /// Whether OAuth 2 is used with configured provider.
     ConfiguredServerFlags,
 
diff --git a/src/context/context_tests.rs b/src/context/context_tests.rs
index c4ffc1648..1c74c4283 100644
--- a/src/context/context_tests.rs
+++ b/src/context/context_tests.rs
@@ -284,7 +284,6 @@ async fn test_get_info_completeness() {
         "send_security",
         "server_flags",
         "skip_start_messages",
-        "smtp_certificate_checks",
         "proxy_url",      // May contain passwords, don't leak it to the logs.
         "socks5_enabled", // SOCKS5 options are deprecated.
         "socks5_host",
diff --git a/src/login_param.rs b/src/login_param.rs
index 47b7ace8a..f1cb31493 100644
--- a/src/login_param.rs
+++ b/src/login_param.rs
@@ -144,7 +144,7 @@ impl EnteredLoginParam {
         // The setting is named `imap_certificate_checks`
         // for backwards compatibility,
         // but now it is a global setting applied to all protocols,
-        // while `smtp_certificate_checks` is ignored.
+        // while `smtp_certificate_checks` has been removed.
         let certificate_checks = if let Some(certificate_checks) = context
             .get_config_parsed::<i32>(Config::ImapCertificateChecks)
             .await?
diff --git a/src/qr/qr_tests.rs b/src/qr/qr_tests.rs
index 344f67682..4c0d1f5ac 100644
--- a/src/qr/qr_tests.rs
+++ b/src/qr/qr_tests.rs
@@ -709,7 +709,7 @@ async fn test_decode_dclogin_advanced_options() -> Result<()> {
     assert_eq!(param.smtp.security, Socket::Plain);
 
     // `sc` option is actually ignored and `ic` is used instead
-    // because `smtp_certificate_checks` is deprecated.
+    // because `smtp_certificate_checks` has been removed.
     assert_eq!(param.certificate_checks, EnteredCertificateChecks::Strict);
 
     Ok(())
diff --git a/src/transport/transport_tests.rs b/src/transport/transport_tests.rs
index c197acab6..3fc3183d7 100644
--- a/src/transport/transport_tests.rs
+++ b/src/transport/transport_tests.rs
@@ -117,8 +117,6 @@ async fn test_posteo_alias() -> Result<()> {
     t.set_config(Config::ConfiguredSendUser, Some(user)).await?;
     t.set_config(Config::ConfiguredSendPw, Some("foobarbaz"))
         .await?;
-    t.set_config(Config::ConfiguredSmtpCertificateChecks, Some("1"))
-        .await?; // Strict
     t.set_config(Config::ConfiguredServerFlags, Some("0"))
         .await?;
 
@@ -205,8 +203,6 @@ async fn test_empty_server_list_legacy() -> Result<()> {
         .await?; // Strict
     t.set_config(Config::ConfiguredSendPw, Some("foobarbaz"))
         .await?;
-    t.set_config(Config::ConfiguredSmtpCertificateChecks, Some("1"))
-        .await?; // Strict
     t.set_config(Config::ConfiguredServerFlags, Some("0"))
         .await?;