Messages

"Current notices about Posteo: News, developments, background information and media appearances."

Blog and Media

Categories:

  • Blog
  • Press
  • Info

Transparency report: Requests from authorities to Posteo have markedly decreased

Created on 03. February 2017, 16:30 | Category: Info

Dear Posteo users,

We would like you to know how often authorities request user information from us. We have therefore released our transparency report for the year 2016. In the report, we detail how often investigative authorities reached out to us in the year 2016 – and how often we actually had to release data. The report contains all requests from authorities that we received in the year 2016. In addition, we also list the number of illegal requests in our statistics, because in practice, grievances exist, which we have for a while now been documenting with blacked-out examples.

Number of requests from authorities to Posteo markedly decreased

The number of email accounts operated by Posteo increased during 2016 by about 40%, while the number of requests from authorities markedly decreased. Altogether we received 35 requests from authorities in 2016 – in 2015 there were 48.

For content data, the number of requests decreased by 50%. In 2015, authorities requested content data from us on eight occasions, while in 2016 only four requests reached us. The number of accounts affected by releases also decreased from five to three.

For traffic data, the number of requests decreased even more. There were six such requests in 2015 and two in 2016.

Only the number of requests for user information increased slightly, from 27 in 2015 to 28 in 2016. As we do not collect any user or traffic information for email accounts for reasons of data economy, this data does not exist at Posteo – and therefore can not be released. We always quickly inform the authorities making these requests of this fact. All requests that arrived came from German authorities. Among them – as was the case last year – there was one request from an intelligence service.

Number of illegal requests unchanged

Unfortunately, numerous requests continue to arrive with us that are not formally correct. In 2016, this was the case for half of all requests for user information. The proportion of illegal requests for user information has therefore remained practically the same in comparison to last year. In all these cases we made complaints to the respective privacy offers responsible.



A new format for our transparency report in 2017

Until now, we always published our transparency reports in the summer. The reason that the publication date occurred later in the year was that we added emphases to the content of the reports, which often involved intensive research. Many of you desired publication of the numbers at the beginning of the year. For this reason, our transparency report for 2017 takes a different form. We now want to always publish numbers on the requests from authorities at the beginning of the year.

A second change is that we will in future publish thematic emphases spread between our transparency report site and this blog, during the year. These could, for example, be legal opinions that we have obtained, grievances that we identify in practice, or successes that we would like to report.

We have decided on this new, more flexible format for transparency because it fits better with our practical work. In addition, we are more often experiencing that the particularly privacy-oriented nature of our service is new to some authorities and leads to discussion about content or decisions that set a precedent. We would like to inform you about this outside of pre-specified times.

Transparency reports should become more comparable

Posteo was in 2014 the first German telecommunications provider to publish a transparency report. In the meantime, numerous other providers also publish similar reports.

We believe that transparency reports strengthen the informational self-determination of users. We are therefore pleased about this development. We would like to note that for users, these reports only have real value if they take a form that is as comparable as possible – and when the numbers provided are complete.

We therefore insist that two pieces of information are provided in reports on all requests from authorities for different types of data. First, how many requests there were for specific data, e.g. user information or traffic data. And second, how often the data was released in response to the request. In our view, transparency will only be obtained by providing both of these.

You can find our transparency report here.

Best regards,

The Posteo team

New security certificates

Created on 17. January 2017, 10:00 | Category: Info

Dear Posteo users,

In the coming days we will be updating our security certificates. Security certificates are only valid for a specified time period and need to be renewed from time to time. We will therefore be changing them by 22.01.2017. We continue to use certificates from Geotrust and the Bundesdruckerei (D-Trust).

In most cases you will not notice anything when the certificates are changed over. All programs such as Thunderbird or Outlook will find the new certificate automatically. You do not need to do anything. If your program displays a certificate error during the changeover process, please simply restart the program, which should overcome the error.

If you check the trustworthiness of certificates manually, you can find the fingerprints for the new certificates that we will shortly begin using, below. You can also find the fingerprints in our legal notice.

New fingerprints for TLS security certificates

Geotrust:
SHA256: 30:2A:06:B8:CF:A8:5B:93:66:5A:44:66:E2:BB:84:05:FE:80:95:3F:5A:FE:D1:08:DB:3B:B0:0D:7C:42:B4:39
SHA1: BD:16:71:84:B0:B1:40:D9:0A:65:99:8C:E6:7B:01:D6:AA:5B:8B:67
MD5: 55:F5:81:51:91:CD:88:64:14:D5:AA:E2:D5:2E:2C:AB

D-Trust:
SHA256: 06:48:D6:E4:D3:79:42:79:81:77:0F:49:88:43:D7:65:EE:A8:6F:1F:12:6F:72:11:8F:A9:4C:A9:66:34:FE:B5
SHA1: 79:DB:A0:A9:57:D9:30:FA:EF:5F:72:69:FB:1B:EA:06:90:27:9F:4D
MD5: DA:59:74:62:7C:D1:12:4E:15:41:25:37:9B:56:D0:58

Best regards,

The Posteo team

Posteo becomes the first provider to receive a certificate for secure sending of emails

Created on 08. December 2016, 18:40 | Category: Info

Dear Posteo users and interested parties,

At Posteo it is especially important to us that you can securely send and receive emails. Today there is news on this front: We have become the first provider to receive a certificate for the new “secure email transport” technical guidelines by the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, henceforth BSI). The goal of the BSI is to promote IT security.

The certificate was today awarded to us by the certifying authority “datenschutz cert”. Representatives of the BSI were also present. Via the certificate on our website, you can now identify that our security measures have been independently checked and proven to conform to BSI requirements.


Thomas Gast (BSI), Thomas Gilles (BSI), Ralf von Rahden (datenschutz cert), Patrik Löhr (Posteo), Florian Bierhoff (BSI)

The new technical guidelines detail the measures that an email service is to undertake in order to actively protect emails from unauthorised third parties during their transport. Email providers need to implement DANE if they wish to receive certification. DANE overcomes various weaknesses in the commonly-used transport route encryption, TLS. Among other things, DANE prevents so-called man-in-the-middle attacks, in which an attacker latches onto a communication process, annulling the encryption. In 2014, Posteo became the first provider to implement DANE. Since then we have committed ourselves to the dissemination of this new technology, which is pioneering in the confidentiality of digital communication. Thus our users can not only securely communicate with one another, but also with the users of other email services. We were therefore especially pleased that the free standard DANE has become necessary for the certification.

Since 2014 we have been engaged in a working group together with other email providers involved in a dialogue with the BSI that led to the formation of the technical guidelines. We pushed for high security requirements and simple implementation.

We frequently criticise authorities when things don’t work in practice, for example, in our transparency reports. On the other hand, we welcome the BSI’s new guidelines for secure email transport. The BSI was especially interested in working together with the providers to design the guidelines with a practical orientation. The guidelines correlate with the highest security requirements and the certification is also implementable in terms of the time and money involved for smaller providers such as Posteo.

New certificate identifies secure email services

In our view, the fact that claims made by email providers about their security measures can now be evaluated by independent authorities also constitutes great progress for users. From now on, users can identify whether a service has been proven to fulfil the criteria in the guidelines via the certificates on the providers’ websites. The logo with text “BSI TR-03108 zertifiziert” indicates the corresponding guidelines.

The BSI guidelines do not constitute a legal requirement, but rather recommend security measures to email providers. Providers that wish to receive a corresponding certificate need to prove that they fulfil all requirements set out.

Certification is undertaken by an independent body – Posteo was certified by datenschutz cert. Certification occurs entirely remotely, checking the email service’s public interfaces. Other email providers and services such as those of companies or universities, for example, can now register to be evaluated according to the technical guidelines. We hope that the guidelines further increase dissemination of the recommended security technology. High common standards also increase the level of security for emails that you send to contacts that use other email providers. Thus communication becomes more secure overall.

Best regards,

The Posteo team

Additional information for those with technical interests:

- The technical guidelines can be found on the BSI website,
- Posteo has used DANE since May 2014. You can read more about DANE here.
- End-to-end encryption does not render transport route encryption redundant. End-to-end encryption generally only protects the content of your communication, but not metadata such as the subject field and information as to who is communicating with whom. Transport route encryption with TLS protects the content as well as the metadata for emails on their way across the internet. DANE additionally secures this encryption. End-to-end encryption is always in the hands of the users, because no-one else can have access to the private keys. We recommend combining end-to-end encryption with strong transport route encryption on the provider’s side.

New: Webmail interface displays servers with the highest sending security

Created on 18. August 2016, 17:00 | Category: Info

Dear Posteo users,

We have just released a new feature for you: Our webmail interface now shows you which of your contacts you can send to with the optimal security of DANE technology. This can be recognised by a small, green DANE symbol above an email address.



For us, the new DANE display is something very special. When we introduced this new piece of security technology in May 2014, Posteo was according to heise.de the first provider worldwide to support DANE. Many IT experts were unsure at that time whether the new technology would become established. In the meantime, this has changed – it is now worthwhile displaying whether another server supports DANE: We now transfer emails to many email servers worldwide using DANE as standard, including large email providers such as 1&1 (as well as mail.com, GMX and web.de) and Comcast.

The technology is becoming widespread for good reason: DANE eliminates various weaknesses in the widely used transport route encryption between servers – STARTTLS, and increases security of the encrypted transport of emails. Without DANE, encryption would not be “forced”, for example, but instead newly-negotiated for each connection between the email servers involved. With DANE, email servers communicating with one another must encrypt every connection. If the encryption is disrupted or the communication is subject to an attack, the email will not be sent. Servers that are capable of DANE also undertake a check of their security certificates prior to sending – in a process similar to an ID check. This ensures that the other server is in fact the “actual target” of the communication and not a so-called man-in-the-middle placed in between. With DANE, encrypted sending can be ensured in advance, which is why we are providing a DANE status display in the webmail interface. In summary, for you the new display means that if you see the symbol displayed, your email is guaranteed to be transferred to that recipient with DANE. Firstly, it will be sent over an encrypted transport route, and secondly, it will be sent to the actual, legitimate recipient.

Tip: The TLS-sending guarantee also protects you for servers without DANE

If the DANE symbol is not displayed for an address, then the receiving server does not yet support DANE. Examples of large providers that do not yet support DANE include Gmail and Yahoo.

These do support encrypted connections between email servers. Without DANE, however, in case of interruptions or attacks as described above, unencrypted connections can occur. This the case anew for every single email. Without DANE, therefore, no serious assertion can be made about the security of a connection between two email servers.

Here is an important tip for you: With Posteo, you can categorically prevent sending without TLS.

Activate your personal TLS-sending guarantee in your account settings

This ensures that the transport route for your emails is guaranteed to be encrypted with TLS, even to servers that do not support DANE. If you activate the TLS-sending guarantee, we will only send your email when the message can be sent with encryption. If secure sending over an encrypted connection is not possible, sending of the email will not occur – and you receive a notification from us. Therefore, if an unauthorised third party attacks a secure connection wanting to force an unencrypted connection, sending will be prevented.

Best regards,

The Posteo team

Related reading: Why does Posteo display the DANE status but not the TLS status?

Kindle, GOP etc: What to do with insecure email servers

Created on 28. July 2016, 17:00 | Category: Blog

Dear Posteo users,

In the last few days we have received a lot of positive feedback on our new TLS-sending guarantee, for which we would like to say thank you. We’re very pleased about how well the new security feature is being adopted. Within just a few days more than 20% of our users have activated the new feature. With the TLS-sending guarantee activated, your emails are only sent if they can be transferred to the recipient over an encrypted transport route. Because we are currently receiving a lot of queries, we will here look at some insecure email servers and show what options are available when sending is stopped.

First, here is an example, which we are receiving many enquiries about: Amazon “@kindle.com”.

The email servers for the commonly-used domain “@kindle.com” are in fact not secure. Even three years after the NSA scandal, the domain still does not support TLS encryption when receiving emails. Our tests confirm this. We have received numerous queries about the security of “@kindle.com” from users with the TLS-sending guarantee activated. In our view, the lacking TLS support presents a large problem, because customers use “@kindle.com” addresses to send their own documents to their Kindles. Amazon describes this feature as follows: “Kindle customers can send documents to their registered Kindle devices, free Kindle reading applications, and their Kindle Library in the Amazon Cloud by e-mailing them to their Send-to-Kindle e-mail address name@kindle.com.”

It appears that Amazon domains are not generally affected.

#more#

The current configuration of “@kindle.com” is insecure and presents a security risk. Whether you wish to continue sending sensitive data to “@kindle.com” addresses is your own personal decision. If desired, you could temporarily disable the TLS-sending guarantee in order to send. Please note, however, that due to the lacking security of @kindle.com, these communications can be read by unauthorised third parties such as criminals and intelligence services. For privacy reasons, you should not send other people’s data to kindle.com addresses – the others should be able to decide this for themselves.
We have no influence over Amazon’s IT. You could contact Amazon directly. It is generally not especially difficult for administrators of email services to activate TLS encryption on their servers. We assume that the domain will soon be secured if complaints arrive, as the lacking security constitutes a grave security risk. You would then once again be able to send emails to kindle.com addresses with the TLS-sending guarantee activated.

No encryption for GOP (Republican National Committee), the University of Oxford or Ryanair either

We are asking all users who have contacted us regarding email servers that are not capable of TLS encryption such as @gop.com, @kodakpulse.com, @communication.microsoft.com, @ox.ac.uk, @ryanair.com, @unog.ch, @melia.com and other domains (listed below) to decide in each individual case whether they wish to send an email to the insecure email system. For all servers that are not capable of TLS, communicating with these outdated email systems is insecure.

When sending is stopped, you have the following options:
- You can inform the recipient (if desired, using an alternative contact method) that securely sending an email to their address is not possible and ask them to provide an alternative email address.
- You can temporarily deactivate the Posteo TLS-sending guarantee and send the email securely, by furnishing it with end-to-end encryption.
- You can temporarily deactivate the TLS-sending guarantee and send the email unencrypted/insecurely, as an exception.

Ask the domain holders for better security

If you would like to, you could contact the holder of a domain to ask them to activate TLS encryption on their servers. By doing this, you contribute to achieving an improved overall security of email traffic.
Overall, it can be said that these days, mainly only outdated and poorly-maintained email servers do not support TLS. If you activate the TLS-sending guarantee, it will generally only rarely occur that one of your emails is not sent for security reasons.

Last of all, we have collated a list of examples of commonly-used email domains that astonishingly do not yet support TLS, about which we have received queries during the last few days:

- Amazon Kindle: @kindle.com
- Microsoft: @communication.microsoft.com
- United Nations Office at Geneva: @unog.ch
- University of Oxford: @ox.ac.uk
- Yahoo! Japan: @yahoo.co.jp
- Melia Hotels: @melia.com
- Kodak Pulse “Email pictures to the display”: @kodakpulse.com
- Germanwings: @germanwings.com
- eBay: @members.ebay.com
- German American Chamber of Commerce: @gaccny.com
- Pacific National Bank: @pnb.com
- Ryanair: @ryanair.com
- Voyages SNCF: @voyages-sncf.com
- Republican National Committee: @gop.com

Best regards,

The Posteo team