"Current notices about Posteo: News, developments, background information and media appearances."

Blog and Media


New from Posteo: Create S/MIME certificates and start using right away

Created on 30. April 2024, 15:00 | Category: Info

Dear Posteo Customers,

We’re adding to our offerings for end-to-end encryption and email signing: effective immediately you can use our service to easily obtain inexpensive S/MIME certificates for your Posteo email addresses with a single click.

S/MIME is a standard for end-to-end encryption that is used around the world and is already integrated into many email clients. An S/MIME certificate issued by a recognized certificate authority is displayed as trustworthy in email clients – and verifies the authenticity of an email address and the contents of an email. That means: more security in email communication.

For private users, obtaining certificates has for years been relatively complicated and cost-intensive, even though S/MIME certificates can play an important role in ensuring secure communication across email platforms. We want to encourage the use of S/MIME, and so effective immediately we are offering inexpensive certificates for your Posteo address(es) that you can create with just one click and start using right away. The S/MIME certificates come from a recognized certificate authority (Certum); emails signed with the certificates are displayed as trustworthy in email clients. The certificates are valid for one year and cost €3.65. You will be notified before the expiration date and given the option to renew. Certificates can also be obtained for aliases. You’ll find the new option in Settings under “My S/MIME certificates”.


S/MIME signatures are verified in Posteo webmail
S/MIME signatures are verified in Posteo webmail

To sign your emails with S/MIME, only you need a certificate; for encryption all recipients must also be using S/MIME. S/MIME works with almost all email clients (such as Thunderbird, Apple Mail, and Outlook) and effective immediately you can start using certificates obtained through Posteo with these clients.

We are currently at work on a browser plug-in for Posteo webmail and the Posteo web app. With this plug-in you’ll be able to sign your emails directly in Posteo webmail and the web app. You’ll also be able to encrypt and decrypt emails – without us, the email provider, storing your private key on our servers. This is the only way to ensure real and trustworthy end-to-end encryption.

S/MIME signatures are already verified and displayed in Posteo webmail and the Posteo web app. Some large companies, like DHL, and some government agencies as well have begun signing their emails with S/MIME, so that you can recognize the authenticity of an email at a glance.

For those interested in the technical details: here’s what happens when you generate a certificate “with a single click.”

Certificates are not server-generated at Posteo: if you create an S/MIME certificate in Settings, a key pair is automatically generated locally in the browser on your device. Your browser then generates a certificate signing request, and only this request (not the private key) is transferred via Posteo to the certificate authority (Certum), where it is signed and sent back, again via Posteo, to your browser. The browser then saves the certificate together with your private key in a file on your computer’s hard drive. The certificate can be installed in email clients. To do so you will need the installation password provided when you created the S/MIME certificate – please store it in a safe place. Throughout this process the private key continues to be stored locally on your device at all times. Or to put it another way: private keys, which are used to sign and decrypt emails, are never at any point in time available to either Posteo or the certificate authority (Certum) and are not saved by Posteo. To reiterate: This is important, because real end-to-end encryption means the email providers never have the end users’ private keys.

Best regards,
Your Posteo Team

Girls'Day 2024 at Posteo

Created on 26. April 2024, 15:45 | Category: Blog

Making coding exciting for girls: This is what our team set out to do again in 2024 for Girls’Day.
It was a great experience once again for us to welcome female students interested in computer science at the Posteo Lab located on top of Berlin’s Kreuzberg – and to give them insight into the job of a software developer.


Email workshop at Girls'Day 2024
Email workshop at Girls’Day 2024

Starting steps for computer science

After a round of getting to know each other, our developer Monika shared how she trained for her profession. She told the girls what subject matter should be expected when studying computer science and what job possibilities exist afterwards. She then answered questions regarding choosing a profession and everyday life on the job.

Workshop: How email protocols works

Afterwards, there was a more detailed look into working as a developer. Our team explained to the students what protocols are, what role they have in the global exchange of information – and how the SMTP protocol (Simple Mail Transfer Protocol) is used for transferring emails.

Finally, it was the girls’ turn: With help from Anne, a team leader from our technical support, they could communicate with an email server using SMTP protocol, enter commands and deliver emails from the command line.

Choosing a field of study or profession without gender stereotypes

Our Girls’Day Team enjoyed the day very much. “The girls were awesome and it was nice to see how motivated they are”, said Posteo developer Monika. “It was not just important for us to give them insight into software development. As women working in IT, we also wanted to show that they are not bound by antiquated gender roles. We hope that they had just as much fun as we did and that they have become even more confident about their potential career choices.”

Girls’Day is a day of action for career guidance in Germany. On this day, girls in the 5th grade and higher can gain more insight into jobs that are primarily chosen by men.
This includes software development. Posteo’s development team has a balanced ratio between men and women. Many of our features were programmed by women: for example the Posteo migration service, our mobile user interface, the attachment browser with photo stream – and also our new dark mode. But it’s not like that everywhere: In computer science studies and in the technology sector, women in Germany are still strongly under-represented.

New security certificate

Created on 23. February 2024, 11:35 | Category: Info

Dear Posteo customers,

We are updating our main security certificate. Security certificates are only valid for a specified time period and need to be renewed from time to time.

In most cases, you will not notice any change.
All current clients like Thunderbird or Outlook will automatically find the new certificate. You do not need to do anything. However, should your client display a certificate error during this changeover process, please restart your client. This should fix the error.
If you manage the trustworthiness of certificates manually, you can find the fingerprint for the new main certificate below. You can also find complete fingerprints for all certificates in our legal notice.

New fingerprint for the TLS security certificate for

SHA256: AA:FC:E1:21:F4:15:14:E6:8D:09:ED:F4:87:EA:E6:1E:02:99:BC:9B:41:51:4C:FC:DC:BE:F5:E8:A5:60:9C:DD
SHA1: ED:87:9A:C6:E6:2E:72:82:42:AD:30:D9:05:38:30:34:7C:47:2F:24

Best regards,
The Posteo Team

Now available: and additional Posteo domains

Created on 15. December 2023, 13:45 | Category: Info

Dear Posteo customers,

We are expanding our range of services: From now on, accounts can also be registered with the email domain Additionally, we offer the domains,,,,,,,,, and


Previously, accounts could only be registered with either or endings. Many of you have asked for these additional options.

If you prefer one of the new domains for your existing account, you can now rename it easily in the settings via “Email aliases”. Your previous address will then be converted into an alias, so that you can continue to receive emails to that address.
If necessary, you can find further information in our help section.

There are many other top-level domains (the address part after “@posteo.”) also available for Posteo email aliases, such as .me or .eu.

By the way: Your Posteo address can only be registered by you for the other Posteo domains. For example, if you have the address, only you can register the address

Best regards,
Your Posteo Team

New at Posteo: Optional spam folder and spam log

Created on 17. October 2023, 17:20 | Category: Info

Dear Posteo customers,

We have released two new spam options. From now on, you can manage your mailbox with or without a spam folder – or use the spam log. The new options can be activated or deactivated in your account settings. Allow us to introduce them to you.


If you do not use a spam folder, emails that have been classified as spam are rejected and the sender is informed of this rejection. You save time in your daily routine as there is no spam folder that must be checked regularly and sorted through. Because from a legal point of view, emails in a spam folder are also generally considered as delivered. Additionally, your email address becomes considerably less enticing for spammers if their potentially dangerous digital trash is regularly rejected.

Attempts to reach out to someone are also often overlooked in spam folders or noticed much later. This is the reason why the Snoop Dogg song “Chai Tea with Heidi” almost didn’t exist because Heidi Klum overlooked an email sent by the rights holder, Rod Stewart, for almost two months in her spam folder. Email clients like Thunderbird, Outlook or smartphone apps may even automatically delete emails in spam folders after a short period of time. Therefore, please be sure to check the settings for deleting emails in your programs if you use a spam folder. Otherwise, communication could be lost. We do not delete emails from the spam folder.

Spam illustration

Spam folder: Receive all spam emails

Whoever decides to use the optional spam folder can check there at any time which emails have been classified as spam by us. All spam emails will be delivered in this folder.

From a customer service perspective, we know that it is very uncommon for spam to be falsely classified and is mostly only suspected. If an expected email is missing, in most cases it turns out that either the email address was misspelled or the message was sent to another email address. Often the email in question arrives shortly thereafter. Sometimes customers have also activated a filter that immediately sorts incoming emails to subfolders or deletes them. Or they use external email clients that sort emails into their own spam folders. Sometimes, it’s just that the inbox has also been accidentally sorted differently – and incoming emails are not longer displayed as usual.

Please check the scenarios described above if you have activated the spam folder and suspect that an email has not been received. From a technical standpoint, you can be sure that we deliver all emails sent to your mailbox, even if they have been classified as spam.

Activating the spam folder can lead to your email address becoming considerably more attractive for spammers – and result in you receiving more spam. Therefore, you can also temporarily activate your spam folder as needed. For example, during a period where you are sending off job applications and want to be absolutely sure that nothing can go wrong under any circumstance or that something may need to be clarified first.

Screenshots of the spam log in the Posteo web app
The spam log in the Posteo web app

Steer a middle course with the spam log

Are you not interested in managing a spam folder but still want to know which emails are rejected? Then, as an alternative to the spam folder, you can activate our new spam log.

By doing so, potentially dangerous spam emails will continue to be rejected. We also document each rejection for you transparently in a spam log folder. The log contains details about the sender, date, time and subject (if applicable) of the rejected email and is created in real-time. Warning: Sender names are often falsified by spammers.

Should you suspect that an email has been incorrectly rejected, you can check the log and know with immediate certainty.

Screenshot of a spam message
Images, attachments and links are deactivated in the spam folder

Be careful with spam

Regardless of whether you decide for or against a spam folder: Always be careful when dealing with suspicious emails. Never click on links or open attachments in such emails and never answer them. In general, legitimate senders do not request that you click on links and then enter login credentials or other data. For your security, images are not loaded in the spam folder and clicking on attachments and links is deactivated in the Posteo interface and our web app. If you move the email to another folder, contents can be loaded and clicked on as usual.

If a sense of urgency is suggested or pressure is exerted, it is often a clear indication of spam or phishing. This rule of thumb helps: Never give in to such harassment. If you are unsure, you can always first contact our free customer support. We can advise you how to deal with suspicious emails. There are also no dumb questions: Even IT professionals can become unnerved by well-made spam emails and will contact us. Our team always takes you seriously.

Best regards,
Your Posteo Team