Messages

"Current notices about Posteo: News, developments, background information and media appearances."

Blog and Media

Categories:

Important: Possible disturbances due to DDoS

Created on 18. May 2022, 12:00 | Category: Info

Update: Currently (19 May) we are not experiencing any further attacks.

Dear Posteo customers,

We would like to inform you that yesterday, and today, we had to fend off DDoS attacks on a larger scale.
Yesterday evening we experienced network disruptions, delays and limited accessibility for a few minutes.

This morning, the attacks continued. Even though they are currently being warded off effectively, we would like to inform you, purely as a precaution, that restrictions could possibly arise again. We have already strengthened our existing safeguards.

During DDoS attacks, Internet services are overloaded with connection requests by criminals. Customers are then temporarily unable to access the service in question – or only to a very limited extent. Data is not attacked during DDoS attacks. With the help of technical measures, the attacks can be contained and fended off. However, how quickly this can be achieved depends on the size and type of the respective attack and also on the defensive measures taken in each case.

Unlike previous attacks, this time we did not receive a threatening letter or a demand for money.
According to our security guidelines we have also informed the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik).
We take our responsibility as an email provider towards you very seriously. We would therefore like to give you a few more tips.

In case Posteo suddenly slows down or becomes unavailable for a short period of time in the coming days, please proceed as follows:

  • Do not be concerned. There are no technical disturbances on our side.
  • There may be short-term connection disruptions from certain networks and also for parts of Posteo (Website/IMAP):
    • If you cannot access our website, in the meantime it may help if you connect to the Internet via another network (e.g. mobile). If using a smartphone, it may also help to temporarily disable the WiFi.
    • Alternatively, you can try setting up Posteo in an email client like Thunderbird or Outlook on your Windows PC, Apple Mail on a Mac, or the system email apps on your device. Most clients will find the settings for automatically; we also provide guides in our help section: https://posteo.de/en/help/categories/email-clients
  • In case of accessibility problems, please wait and then try to access our site or check your emails again. You will soon be able to log back into your Posteo account as usual.
  • Visit our Twitter profile @Posteo_en or our status page https://posteo-status.de to stay up to date. Should it indeed happen that our services are unavailable, we will inform about the situation there.
  • Please do not send any emails to our customer support in case of short-term inaccessibility. It is an aim of the attackers to also push the blackmailed companies to their capacity limits by mass requests from their customers.
  • Emails sent to you will not be lost. In the event of disturbances, emails will be delivered as soon as our email servers are available again.

Best regards
Your Posteo team

Transparency notice: Our donations for 2021

Created on 17. May 2022, 11:35 | Category: Blog

Dear Posteo customers and interested parties,

We have a transparency notice for you: we have updated our donations page. On this page, we document the organisations that we financially supported during the previous year (2021).

Over the past year, we donated a total of 59,500 EUR. Of this, 56,139.93 EUR constituted voluntary donations by Posteo. The remaining 3,361.07 EUR came from users that donated remaining credit when terminating their account.

In March 2022, we additionally donated 10,000 EUR for emergency humanitarian aid in Ukraine (Médecins Sans Frontières/UN Refugee Agency). These donations will only be listed in our transparency notes next year when we disclose the figures for 2022.

#more#

It is important to us that we encourage social engagement and take responsibility as a company.
We therefore donate to carefully selected organisations in the fields of environmental and climate protection, digital freedom and freedom of expression, as well as refugee and humanitarian emergency aid.

Posteo donated to the following organisations in 2021:

UNHCR (UNO-Flüchtlingshilfe):
UNO-Flüchtlingshilfe is the German offshoot of the Office of the United Nations High Commissioner for Refugees (UNHCR). It ensures the survival of refugees in acute crisis situations with life-saving emergency measures. UNO-Flüchtlingshilfe thus provides for sufficient supplies of water, food and medicines in refugee camps or regions that are hard to access, for example.

Doctors Without Borders:
Doctors Without Borders was founded in France in 1971. The German section was added in 1993. Today, MSF (Médicins Sans Frontières) is an international network that provides emergency medical aid in over 70 countries. As a humanitarian medical organisation, Doctors Without Borders is committed to providing high-quality and efficient health care in countries where people’s survival is at risk due to diseases, wars and disasters.

Reporters Without Borders:
Reporters Without Borders engages itself worldwide for freedom of the press and freedom of information. The organisation documents violations against freedom of the press and supports journalists that are in danger. Reporters Without Borders combats censorship and restrictive media laws.

UNICEF – Living Schools:
The United Nations Children’s Fund (UNICEF) has been advocating for the health, education and rights of children and mothers in 190 countries since 1946. UNICEF is politically involved against the use of child soldiers and for protecting refugees and for implementing the Convention on the Rights of the Child. Posteo supports the project Living Schools in Malawi. Schools are being built there that are based on principles of ecological awareness, e-learning and participation in decision-making. The schools have their own water supply system for clean drinking water and sanitation, use solar energy and teach about environmental protection in their school gardens.

Netzpolitik.org:
netzpolitik.org is a journalistic platform for digital freedom rights and presents the important debates and developments about the internet. The platform documents how politics is changing the internet and society through regulation and the continued expansion of surveillance laws. With its work, netzpolitik.org wants to encourage people to become engaged for their digital freedom rights and an open society.

BUND:
Bund für Umwelt und Naturschutz Deutschland (BUND) is one of the largest German environmental organisations. Throughout Germany there are more than 2,000 voluntary BUND groups engaged with regional environmental topics. BUND is also engaged with climate protection, ecological agriculture and protection of threatened species, forests and water. BUND is the German member of the international environmental network, “Friends of the Earth”.

ECCHR:
The European Centre for Constitutional and Human Rights (ECCHR) is engaged with legal measures for human rights. The ECCHR lawyers’ aim is to hold state and non-state actors legally accountable for grave human rights abuses. Among others, the ECCHR was founded in 2007 by human rights lawyer Wolfgang Kaleck, who represents whistleblower Edward Snowden in Germany.

Posteo does business sustainably and is independent. Our service is financed entirely by our customers’ account fees. There are no investors or advertising partners at Posteo. You are what makes our involvement in these projects possible. We thank you very much for helping to make a difference.

Best regards,
The Posteo team

New security certificate

Created on 17. January 2022, 11:00 | Category: Info

Dear Posteo customers,

Over the next few days we will update our main security certificate. Security certificates are only valid for a specified time period and need to be renewed from time to time. Because of this, we will be changing this certificate before January 28, 2022.

In most cases, you will not notice any change.
All clients like Thunderbird or Outlook will automatically find the new certificate. You do not need to do anything. However, should your client display a certificate error during this changeover process, please restart your client. This should fix the error.
#more#
If you manage the trustworthiness of certificates manually, you can find the fingerprint for the new main certificate that we will shortly begin using below. You can also find complete fingerprints for all certificates in our legal notice.

New fingerprint for the TLS security certificate for posteo.de:

Geotrust:
SHA256: A5:11:E3:82:F2:EE:3C:2A:79:6C:0D:6B:3B:D7:DB:BF:7C:C3:2C:0C:7F:E0:3F:E8:93:A4:42:27:CC:5C:30:60
SHA1: BF:6D:27:28:FD:32:DC:3A:A6:78:74:5E:76:D3:8D:92:06:69:7A:4C

Best regards,
The Posteo Team

New: TLS-receiving guarantee

Created on 25. June 2021, 18:00 | Category: Info

Dear Posteo customers,

We have released a new feature: Our TLS-receiving guarantee.
The new security feature protects you from receiving emails from servers that send them insecurely and rounds off our TLS guarantees: We have been offering a similar guarantee for sending emails for some time now. You can now activate your TLS-receiving guarantee in the settings.

New: TLS-receiving guarantee
New: TLS-receiving guarantee

Protection against insecure senders

If you activate the new security feature, we will refuse to receive an email to your mailbox if a server tries to deliver it without up-to-date transport route encryption. An insecure transmission from such servers through the internet is guaranteed to be prevented and you will immediately receive a notification from us. Even as a layman, you can thus immediately recognise who is not making sufficient efforts to ensure email security.
#more#
TLS protects your emails on their way through the internet

Nowadays, emails are transmitted via encrypted connections: The transport route encryption (TLS) protects your communication on its way through the internet. Without TLS, emails could simply be intercepted and read in transit. Therefore, almost all email servers now establish encrypted connections with each other as a standard.
The rate of insecure servers without up-to-date TLS encryption is already below 5% (Posteo survey May 2021).

We have tested the new feature both internally and with users over the course of several months. The conclusion: as a rule, the receiving guarantee is not noticed in everyday life, since the vast majority of senders nowadays support up-to-date encryption.
The largest share (>90%) of unencrypted contact attempts is now accounted for by spammers and a few newsletter distributors.

In the rare case that the transmission of a desired email is stopped due to a lack of TLS encryption, you and the sender will immediately receive a notification from us.

Then you have two options:

1. You decide for yourself whether unencrypted transmission is also an option for you in this instance. If so, deactivate the feature for a short time and ask the sender to send it again.
2. You point out the lack of security to the sender; we offer a template for this in our help section. During our field tests, the senders usually reacted within 1-2 working days and activated the missing transport route encryption. Every newly secured server is a contribution to IT security for everyone.

If an operator does not respond or is evasive, you can ask us for assistance at support+tls@posteo.de. We will then also contact the sender for you.

New security check before each email is received

For security reasons, a new TLS check is carried out every time an email is received. This ensures that your emails are not transmitted insecurely even if a server is temporarily not TLS-capable – for example, due to technical problems or an attack.
Transmission is also stopped if unauthorised third parties attack a secure connection and want to force the switch back to an unencrypted connection.

How to activate the TLS-receiving guarantee

You can now activate your TLS-receiving guarantee in the settings of your Posteo account under “Settings → My account → Transport encryption”. Our tip: You can also activate your TLS-sending guarantee there, which we have already been offering for some time.

In our help section, we have provided an article for you on the new TLS-receiving guarantee. With it you will learn how to activate and deactivate the feature – and how to proceed if the transmission of an email from an insecure email server has been stopped.

The TLS-receiving guarantee at a glance:

  • Emails are always guaranteed to be received via an encrypted transport route.
  • You and the sender will immediately receive a notification if we have stopped the transmission of an email from an insecure server.
  • Even as a layman, you can immediately recognise who is not making enough effort to ensure email security.
  • Downgrade attacks, in which an attacker can switch off modern, secure encryption, are prevented.
  • Outdated encryption protocols such as SSLv3, TLS 1.0 or 1.1 are not tolerated.
  • Man-in-the-middle attacks are made more difficult. If, like Posteo, the receiving server uses DANE, they are impossible.

Best regards,
The Posteo Team

New security certificate

Created on 29. December 2020, 18:00 | Category: Info

Dear Posteo customers,

Over the next few days we will update our main security certificate. Security certificates are only valid for a specified time period and need to be renewed from time to time. Because of this, we will be changing this certificate before January 21, 2021.

In most cases, you will not notice any change.
All clients like Thunderbird or Outlook will automatically find the new certificate. You do not need to do anything. However, should your client display a certificate error during this changeover process, please restart your client. This should fix the error.
#more#
If you manage the trustworthiness of certificates manually, you can find the fingerprint for the new main certificate that we will shortly begin using below. You can also find complete fingerprints for all certificates in our legal notice.

New fingerprint for the TLS security certificate for posteo.de:

Geotrust:
SHA256: CA:AD:66:0A:5A:7F:0E:CD:85:31:77:89:0F:2B:41:82:D9:C7:37:A4:99:35:9F:C8:6D:83:A4:2C:94:5D:97:40
SHA1: A0:E0:98:21:9B:AE:81:56:21:50:7C:B4:76:AD:1F:76:24:2A:8B:32

Best regards,
The Posteo Team