Created on 24. August 2014, 10:00 | Category: Press
After seeing off the police, Berlin email provider Posteo wants to expand user security and anonymity. Last summer, German secure email provider Posteo faced a do-or-die moment: give in to police threats to seize its servers or fight back in court.
Read articleCreated on 26. June 2014, 14:27 | Category: Press
No matter how much we say we’re angry about the NSA scandal, we still use all the services that – in some way – are tied up in surveillance. In Europe some are trying to get us to stop.
Read articleCreated on 12. May 2014, 12:00 | Category: Press
A small company has again outwitted the large providers. Unlike their competitors from “Email made in Germany”, Posteo is using an open standard whose implementation does not require expensive certification.
As of today, Berlin-based company Posteo is presumably the first email provider in the world to implement modern DANE technology in order to secure encrypted email transport. DNS-Based Authentication of Named Entities (DANE) eradicates various weaknesses for common SSL/TLS transport route encryption and thus increases the security of emails’ encrypted transport and website access. With that, the small provider has again got one over on the industry big boys. Posteo previously became the first German provider to present a transparency report on investigative and surveillance procedures.
Created on 12. May 2014, 08:45 | Category: Info
Dear Posteo users,
From today onwards, we support the innovative technology DANE/TLSA (DNS-based Authentication of Named Entities). DANE eliminates various weaknesses in the widely-used transport route encryption SSL/TLS – and increases the security of encrypted transport of emails and when accessing websites.
#more#
With DANE, the so-called “digital fingerprints” of an encryption certificate are stored in the internet’s “telephone book” (DNS). There they can be automatically checked by email servers, email programs and browsers before an encrypted connection to a website is established or an email is delivered. The authenticity of a server can thereby be verified before each connection. Until now, most servers sent data over an encrypted connection without first verifying the authenticity of the other server. DANE effectively prevents third parties (such as criminals or intelligence agencies) from pretending to be a particular web or email server in order to obtain login data or content (using a falsified certificate).
Entries in the internet’s so-called “telephone book” are additionally secured with DNSSEC technology, such that DANE can be trusted. DNSSEC prevents third parties from altering entries and switching the “digital fingerprints” of the encryption certificates. Unfortunately, DNSSEC is not yet supported by most domain providers. Posteo had to change its domain provider in order to introduce DANE.
DANE also opens possibilities on another level: Email servers can now force a connection to be encrypted with the help of a DANE entry. Previously, email servers would negotiate whether they could support encryption before establishing the connection. Posteo has already configured its server for this: If other email providers also have a DANE entry, then Posteo sends to their servers with encrypted connections. If no encrypted connection can be achieved, then email sending will be cancelled for security reasons. This not only prevents man-in-the-middle attacks, but is also important for the following reason: With DANE, email servers can clearly authenticate themselves worldwide – and mutually guarantee that emails are always exchanged over an encrypted connection. This is not the case, for example, with “Email Made in Germany”, a group of a few German providers that leaves out all other email servers and only promises its users encrypted connections between each other. Posteo rejects such “partitioning” of some German providers: A global network requires global improvements to the security of communication via consistent, open standards.
Because the technology is not yet widespread, there are currently hardly any other programs or providers who support DANE. Despite this, we want to lead by example, and promote the spread of this important process – DANE will, in the future, make an essential contribution to making the internet safer.
There are already DANE add-ons for all current browsers, with which internet users can secure their access to Posteo using DANE. Via this link, you can find a list of all currently available extensions. We can not provide any support for add-ons or tools. We appreciate your understanding.
The technology is, however, not yet directly implemented in any browser. We hope that the developers of DANE and DNSSEC will achieve this as soon as possible. We also encourage other email providers to implement DANE, so that communication between email servers over encrypted connections becomes more secure worldwide.
Best regards,
The Posteo team
Created on 05. May 2014, 11:32 | Category: Press
Posteo was the first German provider to disclose how often investigative authorities had requested user information. The provider hopes that others now follow suit.
On Monday, Posteo became the first German email provider to publish numbers regarding requests from authorities. According to the report, criminal investigative authorities requested information on users a total of seven times in the last year. In six of these, the authorities only wanted user information from the provider – more or less the name, address and bank details connected to an email account. In one case it went beyond this and included the content of the account and ongoing communication – so-called telecommunication surveillance (TKÜ). There were no requests from intelligence agencies.