"Current notices about Posteo: News, developments, background information and media appearances."

Blog and Media


Posteo company portrait in c't magazine

Created on 05. November 2015, 12:00 | Category: Press

Posteo is one of the more unusual German startups: The email provider foregoes advertising and wants to collect as little data from its users as possible. This regularly leads to unreasonable conflicts with authorities. Posteo’s breakthrough came in 2013 via the Snowden revelations. More or less overnight, the company became known in nerd circles as an email provider that does not merely pay lip service to privacy and security. Germany’s Der Spiegel and FAZ as well as The Guardian celebrated Posteo as a poster child for secure communication.

Read article

Posteo testing certificate pinning

Created on 16. October 2015, 12:00 | Category: Press

Email provider Posteo is one of the first German online service providers to use a brand new concept to make encryption on the web more secure.

Certificate pinning is a relatively young standard that has come in to restore trust in encryption on the web. A very simple intervention for the server itself can prevent most cases of certificate misuse. Posteo becomes the first larger German service to test this concept in practice.

Certificate Pinning
The security of a TLS connection is based on the fact that you are actually connected to the correct partner. So-called certification authorities (CAs) guarantee this, by checking the identity of a service provider, certifying it with their digital signature. The problem is that there are too many CAs, and the list of those that have abused this trust is long. Recently, Symantec, Verisign, Thawte and RapidSSL were found to have issued certificates to Google domains for test purposes and without authorisation. With certificate pinning, a server operator can determine which certificates a browser should accept for its domain in future. It works with Chrome, Firefox and Opera, but Internet Explorer, Edge and Safari have not yet implemented the internet standard for public key pinning extension for HTTP (RFC 7469). On the server side, the implementation of pinning is not yet widely in use. Some large services such as Google, Facebook and Twitter use it, but don’t use pins anchored in the browser. Internet services that use dynamic HTTP public key pinning (HPKP) are currently still hard to find. Posteo is one of the first German providers to implement it in its current practice. Checking the header delivered by the server reveals the entry, Public-Key-Pins: pin-sha256=“HuTEMYw…”, which nails down the Posteo certificate. More on how certificate pinning functions, how to set it up yourself and things to note can be found in the “SSL wird sicherer” article (in German) in the current issue of c’t.

Read article

The Guardian: Protect your email the German way

Created on 24. August 2014, 10:00 | Category: Press

After seeing off the police, Berlin email provider Posteo wants to expand user security and anonymity. Last summer, German secure email provider Posteo faced a do-or-die moment: give in to police threats to seize its servers or fight back in court.

Read article

Berlin start up surges with anonymous post

Created on 26. June 2014, 14:27 | Category: Press

No matter how much we say we’re angry about the NSA scandal, we still use all the services that – in some way – are tied up in surveillance. In Europe some are trying to get us to stop.

Read article

Posteo the first provider to implement DANE

Created on 12. May 2014, 12:00 | Category: Press

A small company has again outwitted the large providers. Unlike their competitors from “Email made in Germany”, Posteo is using an open standard whose implementation does not require expensive certification.

As of today, Berlin-based company Posteo is presumably the first email provider in the world to implement modern DANE technology in order to secure encrypted email transport. DNS-Based Authentication of Named Entities (DANE) eradicates various weaknesses for common SSL/TLS transport route encryption and thus increases the security of emails’ encrypted transport and website access. With that, the small provider has again got one over on the industry big boys. Posteo previously became the first German provider to present a transparency report on investigative and surveillance procedures.

Read article