Vulnerability in EPiServer.Forms
Please update the SmtpClient utilized by EPiServer.Forms.Implementation.Actors.SendEmailAfterSubmissionActor to check appSettings for its configuration. Since the system.net/mailSettings/smtp/network web.config section cannot be encrypted in the DXC environment, it would be beneficial to be able to store these values (i.e. host, enableSsl, port, userName, password, etc.) in Azure's Application settings where they are securely stored.
You could create a Custom Email Actor which inherits from SendEmailAfterSubmissionActor and then Override the Email Config