diff --git a/internal/app/bridge.go b/internal/app/bridge.go
index d174f544..9a911ffb 100644
--- a/internal/app/bridge.go
+++ b/internal/app/bridge.go
@@ -56,6 +56,13 @@ func withBridge( //nolint:funlen
 	cookieJar http.CookieJar,
 	fn func(*bridge.Bridge, <-chan events.Event) error,
 ) error {
+	// Delete old go-imap cache files
+	if deleteOldGoIMAPFiles {
+		if err := locations.CleanGoIMAPCache(); err != nil {
+			logrus.WithError(err).Error("Failed to remove old go-imap cache")
+		}
+	}
+
 	// Create the underlying dialer used by the bridge.
 	// It only connects to trusted servers and reports any untrusted servers it finds.
 	pinningDialer := dialer.NewPinningTLSDialer(
@@ -64,13 +71,6 @@ func withBridge( //nolint:funlen
 		dialer.NewTLSPinChecker(dialer.TrustedAPIPins),
 	)
 
-	// Delete old go-imap cache files
-	if deleteOldGoIMAPFiles {
-		if err := locations.CleanGoIMAPCache(); err != nil {
-			logrus.WithError(err).Error("Failed to remove old go-imap cache")
-		}
-	}
-
 	// Create a proxy dialer which switches to a proxy if the request fails.
 	proxyDialer := dialer.NewProxyTLSDialer(pinningDialer, constants.APIHost)
 
diff --git a/internal/dialer/dialer_pinning_checker.go b/internal/dialer/dialer_pinning_checker.go
index 5c918295..7e9463ce 100644
--- a/internal/dialer/dialer_pinning_checker.go
+++ b/internal/dialer/dialer_pinning_checker.go
@@ -18,11 +18,9 @@
 package dialer
 
 import (
-	"crypto/tls"
 	"crypto/x509"
 	"errors"
 	"fmt"
-	"net"
 
 	"github.com/ProtonMail/proton-bridge/v2/pkg/algo"
 )
@@ -40,28 +38,6 @@ func NewTLSPinChecker(trustedPins []string) *TLSPinChecker {
 	}
 }
 
-// CheckCertificate returns whether the connection presents a known TLS certificate.
-func (p *TLSPinChecker) CheckCertificate(conn net.Conn) error {
-	tlsConn, ok := conn.(*tls.Conn)
-	if !ok {
-		return errors.New("connection is not a TLS connection")
-	}
-
-	connState := tlsConn.ConnectionState()
-
-	for _, peerCert := range connState.PeerCertificates {
-		fingerprint := certFingerprint(peerCert)
-
-		for _, pin := range p.trustedPins {
-			if pin == fingerprint {
-				return nil
-			}
-		}
-	}
-
-	return ErrTLSMismatch
-}
-
 func certFingerprint(cert *x509.Certificate) string {
 	return fmt.Sprintf(`pin-sha256=%q`, algo.HashBase64SHA256(string(cert.RawSubjectPublicKeyInfo)))
 }
diff --git a/internal/dialer/dialer_pinning_checker_default.go b/internal/dialer/dialer_pinning_checker_default.go
new file mode 100644
index 00000000..107a437e
--- /dev/null
+++ b/internal/dialer/dialer_pinning_checker_default.go
@@ -0,0 +1,48 @@
+// Copyright (c) 2022 Proton AG
+//
+// This file is part of Proton Mail Bridge.Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+//go:build !build_qa
+
+package dialer
+
+import (
+	"crypto/tls"
+	"errors"
+	"net"
+)
+
+// CheckCertificate returns whether the connection presents a known TLS certificate.
+func (p *TLSPinChecker) CheckCertificate(conn net.Conn) error {
+	tlsConn, ok := conn.(*tls.Conn)
+	if !ok {
+		return errors.New("connection is not a TLS connection")
+	}
+
+	connState := tlsConn.ConnectionState()
+
+	for _, peerCert := range connState.PeerCertificates {
+		fingerprint := certFingerprint(peerCert)
+
+		for _, pin := range p.trustedPins {
+			if pin == fingerprint {
+				return nil
+			}
+		}
+	}
+
+	return ErrTLSMismatch
+}
diff --git a/internal/dialer/dialer_pinning_checker_qa.go b/internal/dialer/dialer_pinning_checker_qa.go
new file mode 100644
index 00000000..0429dff3
--- /dev/null
+++ b/internal/dialer/dialer_pinning_checker_qa.go
@@ -0,0 +1,28 @@
+// Copyright (c) 2022 Proton AG
+//
+// This file is part of Proton Mail Bridge.Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+//go:build build_qa
+
+package dialer
+
+import "net"
+
+// CheckCertificate returns whether the connection presents a known TLS certificate.
+// The QA implementation always returns nil.
+func (p *TLSPinChecker) CheckCertificate(conn net.Conn) error {
+	return nil
+}