"Current notices about Posteo: News, developments, background information and media appearances."

Blog and Media


New: TLS-receiving guarantee

Created on 25. June 2021, 18:00 | Category: Info

Dear Posteo customers,

We have released a new feature: Our TLS-receiving guarantee.
The new security feature protects you from receiving emails from servers that send them insecurely and rounds off our TLS guarantees: We have been offering a similar guarantee for sending emails for some time now. You can now activate your TLS-receiving guarantee in the settings.

New: TLS-receiving guarantee
New: TLS-receiving guarantee

Protection against insecure senders

If you activate the new security feature, we will refuse to receive an email to your mailbox if a server tries to deliver it without up-to-date transport route encryption. An insecure transmission from such servers through the internet is guaranteed to be prevented and you will immediately receive a notification from us. Even as a layman, you can thus immediately recognise who is not making sufficient efforts to ensure email security.
TLS protects your emails on their way through the internet

Nowadays, emails are transmitted via encrypted connections: The transport route encryption (TLS) protects your communication on its way through the internet. Without TLS, emails could simply be intercepted and read in transit. Therefore, almost all email servers now establish encrypted connections with each other as a standard.
The rate of insecure servers without up-to-date TLS encryption is already below 5% (Posteo survey May 2021).

We have tested the new feature both internally and with users over the course of several months. The conclusion: as a rule, the receiving guarantee is not noticed in everyday life, since the vast majority of senders nowadays support up-to-date encryption.
The largest share (>90%) of unencrypted contact attempts is now accounted for by spammers and a few newsletter distributors.

In the rare case that the transmission of a desired email is stopped due to a lack of TLS encryption, you and the sender will immediately receive a notification from us.

Then you have two options:

1. You decide for yourself whether unencrypted transmission is also an option for you in this instance. If so, deactivate the feature for a short time and ask the sender to send it again.
2. You point out the lack of security to the sender; we offer a template for this in our help section. During our field tests, the senders usually reacted within 1-2 working days and activated the missing transport route encryption. Every newly secured server is a contribution to IT security for everyone.

If an operator does not respond or is evasive, you can ask us for assistance at We will then also contact the sender for you.

New security check before each email is received

For security reasons, a new TLS check is carried out every time an email is received. This ensures that your emails are not transmitted insecurely even if a server is temporarily not TLS-capable – for example, due to technical problems or an attack.
Transmission is also stopped if unauthorised third parties attack a secure connection and want to force the switch back to an unencrypted connection.

How to activate the TLS-receiving guarantee

You can now activate your TLS-receiving guarantee in the settings of your Posteo account under “Settings → My account → Transport encryption”. Our tip: You can also activate your TLS-sending guarantee there, which we have already been offering for some time.

In our help section, we have provided an article for you on the new TLS-receiving guarantee. With it you will learn how to activate and deactivate the feature – and how to proceed if the transmission of an email from an insecure email server has been stopped.

The TLS-receiving guarantee at a glance:

  • Emails are always guaranteed to be received via an encrypted transport route.
  • You and the sender will immediately receive a notification if we have stopped the transmission of an email from an insecure server.
  • Even as a layman, you can immediately recognise who is not making enough effort to ensure email security.
  • Downgrade attacks, in which an attacker can switch off modern, secure encryption, are prevented.
  • Outdated encryption protocols such as SSLv3, TLS 1.0 or 1.1 are not tolerated.
  • Man-in-the-middle attacks are made more difficult. If, like Posteo, the receiving server uses DANE, they are impossible.

Best regards,
The Posteo Team

New security certificate

Created on 29. December 2020, 18:00 | Category: Info

Dear Posteo customers,

Over the next few days we will update our main security certificate. Security certificates are only valid for a specified time period and need to be renewed from time to time. Because of this, we will be changing this certificate before January 21, 2021.

In most cases, you will not notice any change.
All clients like Thunderbird or Outlook will automatically find the new certificate. You do not need to do anything. However, should your client display a certificate error during this changeover process, please restart your client. This should fix the error.
If you manage the trustworthiness of certificates manually, you can find the fingerprint for the new main certificate that we will shortly begin using below. You can also find complete fingerprints for all certificates in our legal notice.

New fingerprint for the TLS security certificate for

SHA256: CA:AD:66:0A:5A:7F:0E:CD:85:31:77:89:0F:2B:41:82:D9:C7:37:A4:99:35:9F:C8:6D:83:A4:2C:94:5D:97:40
SHA1: A0:E0:98:21:9B:AE:81:56:21:50:7C:B4:76:AD:1F:76:24:2A:8B:32

Best regards,
The Posteo Team

New at Posteo: Attachment browser with photo stream

Created on 03. September 2020, 12:30 | Category: Info

Dear Posteo customers,

We are releasing a new feature for you: the Posteo attachment browser with integrated photo stream.
The new feature makes your account noticeably more modern and easier to use.
As of this morning, the attachment browser has already been made available to some of you.

In the coming weeks we will gradually make it available for all accounts.
You can then find it in the menu under “Attachments”.

All attachments in a convenient overview

Email attachments neatly arranged in a list
Email attachments neatly arranged in a list.

This feature allows you to manage your emails in new ways — attachments are displayed in a separate overview, independent of the corresponding emails. From there you can view, download and delete attachments with ease. Also finding attachments has been made easier. In the attachment browser you can search for files sent from various contacts, at specific times, with specific file names or file types — and combine the search filters. Photos you have received can be found exactly as quickly as contracts or invoices.

The attachment browser makes it easier to work in your own account — while providing you with more convenience and organisation. There is a photo stream available for viewing images.

Viewing photos in privacy with the photo stream

The new photo stream provides a modern appearance for your account. Photo attachments are visually displayed in a way that might be familiar to you from social media platforms, but remain within the privacy of your email account. The stream can be filtered at your convenience — the photos from your recent vacation can be found as quickly as the photos from the family reunion. Additionally, you can quickly identify which photos you no longer need: a photo can be downloaded or deleted with two clicks.

Images from emails displayed in the photo stream
Photos can be viewed in the photo stream.

Delete attachments, save storage space and protect the climate

Many of you requested a separate feature for deleting attachments.
This is now conveniently made possible with the attachment browser at the touch of a button. Attachments that are no longer needed can be deleted while keeping the corresponding email. This frees up storage space and saves resources. Because data saved online continually uses energy. So that you can remember that the deletion occurred, a note summarising which file was deleted as well as the time of deletion is added to the email. This will also be reflected in local email clients and apps.

With the filter option “size” you can quickly obtain an overview of which files and images are taking up a considerable amount of storage space.
You can load the photo stream in the attachment browser via “Images”. In our help section you can find information as well as step-by-step guides for the new feature.

Comprehensive tests and external security check

Deleting an attachment
Attachments can be deleted from emails.

The attachment browser with photo stream is a Posteo in-house development. We develop ourselves because we have specific requirements for privacy, security and sustainability. For example, as a matter of principle we do not collect any personally related inventory data or traffic data like IP addresses. As a service without advertisements we also refrain from tracking and incorporating social media plug-ins. Because of this, new features are conceptualised so that they effectively continue to not accumulate any personal data in the background. This strengthens your right to informational self-determination — and saves energy resources. Because unnecessary processes, logs and data heaps use a lot of energy.

Your attachments are a sensitive commodity worth protecting: they are subject to telecommunications secrecy and are protected by basic rights. Because of this, your access to your data and its display occur in real time within your account. It is not temporarily saved in databases which is frequently the case with such features. Your data always remains within your account. Also the preview images of the photo stream are not held in databases, but rather generated in real time from your emails as soon as you access the stream. The new feature has been comprehensively tested and additionally checked by independent security researchers (Cure53).

Encryption at the touch of a button

The attachment browser and photo stream are also compatible with our crypto mail storage. If it has been activated, all data saved within the account is encrypted with your password. The new feature is then accessed within the privacy of your own encrypted account. Even we, as the provider, do not have access to your data. This principle can be compared with device encryption on smartphones.

Email attachments that have been sent with end-to-end-encryption (PGP/S/MIME) can not be displayed in the attachment browser.

More updates coming soon

Already in the near future we will be making additional improvements available to you — an optimised version of Posteo webmail for smartphones will also be made available soon. The attachment browser and photo stream have already been customised for mobile use.

Best Regards
The Posteo Team

Enigmail users: do not update to Thunderbird 78

Created on 01. July 2020, 14:45 | Category: Blog

Dear Posteo customers and interested parties,

Today we address all users of the encryption add-on Enigmail in Thunderbird. If you regularly encrypt your emails with OpenPGP and depend on this feature, please avoid updating to the forthcoming Thunderbird release (version 78.0). Enigmail will no longer be supported in Thunderbird 78. The program’s new and own implementation of OpenPGP encryption is still in an experimental phase and is deactivated by default.

Should you use automatic updates, no further action is required. An installation of the Thunderbird 78 update will not occur automatically.

Background information:
This summer, Mozilla is planning on releasing a new version of Thunderbird (78.0) that will change how add-ons are supported. Among other reasons, this became necessary due to security issues.
This was also made clear from a security audit commissioned by Posteo at the end of 2017. Various security issues in Thunderbird were identified, particularly with its add-on interface.

Third-party add-ons like Enigmail, that need to access internal components of Thunderbird, will no longer be supported.

Because of this, Mozilla is implementing their own OpenPGP feature in Thunderbird 78. This built-in encryption is planned to replace the Enigmail add-on..
Currently OpenPGP support in Thunderbird 78 is categorised as experimental and is disabled by default: Enigmail is no longer supported in Thunderbird 78.

Waiting for Thunderbird 78.2

From Thunderbird 78.2 onwards, OpenPGP is planned to be made available by default in Thunderbird. We will inform you as soon as this version is made available and an update for OpenPGP users is possible.

Best regards
The Posteo Team

Precautions against corona: Posteo Lab in Berlin is temporarily closed

Created on 10. March 2020, 18:30 | Category: Blog

Dear Posteo customers,

We have a brief announcement:
Because of the increasing spread of the coronavirus, our Posteo Lab, located on top of Berlin’s “Kreuzberg”, will remain closed until further notice.

Our Posteo Lab is our public space in Berlin.
Interested parties can normally come and visit daily between 3 and 6 p.m. to test out Posteo, add credit to their accounts and ask questions.

We apologise to everyone who planned to visit in the near future. We appreciate your understanding.
We will make a new post in our blog as soon as we open the lab again.

The background behind closing the lab is that we have recommended to our team that they work from home whenever possible already since the end of February.
Because of this, we are no longer able to consistently have staff in the lab. We also would like to reduce the risk of infection with this temporary closure. Apart from that, our business operations are not affected by the coronavirus. You can send all inquiries via email to and can add credit to your account again online.

Best regards,
The Posteo Team