"Current notices about Posteo: News, developments, background information and media appearances."


New: TLS-sending guarantee for additional security

Created at 13.July 2016, 15:45 | Category: Info

Dear Posteo users,

Today we have made a new, important feature available to you – our TLS-sending guarantee. This new security feature protects you from sending emails to insecure systems. You can now activate the new feature in the settings of your account.

Emails need to be transferred over encrypted connections so that criminals and intelligence services can not read them in an unauthorised manner. Three years after the NSA scandal, transport route encryption (TLS) has as a result become commonplace: All large email providers have now activated it on their systems. But what about the email systems to which you frequently send everyday emails or work-related emails? Prior to sending an email, it is not visible to the user whether the email systems used by business partners, doctors, clubs or schools support secure connections. Our systems, on the other hand, recognise this. Before sending each and every email, Posteo attempts to create an encrypted connection with the other email server in order to achieve secure sending.

If secure sending is not possible, the transfer is stopped
This is exactly where our new TLS-sending guarantee comes in: If you activate this security feature, we will only send your emails when the message can be securely delivered to the recipient. If secure sending over an encrypted connection is not possible, transfer of the email will be stopped – and you receive a notification from us. Sending is also stopped if an unauthorised third party attacks a secure connection, wanting to force an unencrypted connection.

If we notify you that sending was stopped, you can then decide yourself whether you would still like to send your message to the insecure system. To do this you can temporarily deactivate the TLS-sending guarantee and send your message (as an exception) without TLS. We designed the new feature as practically as possible: Whether you access your emails with a smartphone, in the webmail interface or in local email programs such as Outlook or Thunderbird, makes no difference. Each sending of an email undergoes our TLS security test. If you send an email to multiple recipients, sending is only stopped for those recipients to which the email can not be securely transferred. You are then notified by us via email as to which recipients were affected.

New security test before each email is sent
The new feature affords you additional clarity: You always find out about your contacts’ current communication security. For security reasons, a new TLS check occurs before sending every email, even for known recipients. Thus we ensure that your emails are not sent insecurely if a server is temporarily incapable of TLS, for example, due to technical problems or an attack.

You can now activate the TLS-sending guarantee in the settings of your Posteo account under “Settings” → “My account” → “Transport route encryption”. In our help section we have prepared an article on the new TLS-sending guarantee. There you can find out how to activate and deactivate the feature and how to proceed when the sending of an email to an insecure email server is stopped.

Additional information for IT pros:
- The TLS-sending guarantee prevents downgrade attacks, whose goal is to revert to unencrypted connections.
- Outdated and insecure encryption protocols such as SSLv3 or RC4 will not be tolerated: These also cause a stop on sending.
- Man-in-the-middle attacks are made more difficult and are always prevented if, like Posteo, the receiving server also uses DANE.

More about encryption at Posteo
Transport route encryption is one building block in our innovative encryption model. On our Encryption info page you can also learn about our other features: Here you discover, for example, how you can conveniently encrypt all saved data at the click of a button (crypto mail storage, address book and calendar encryption). We also inform about how we encrypt each access and all sensitive data, and present our end-to-end encryption features (key directory, PGP in the webmail interface, and more).

Best regards,

The Posteo team