A safe start into the new year: The "forgotten password" feature

Created on 27. January 2023, 11:33 | Category: Blog

Dear Posteo customers,

have you made any resolutions for the new year? We have a useful tip that only takes a few minutes. Activate or update the “forgotten password” feature for your Posteo account!

If you ever forget your Posteo password, you can use this feature to conveniently receive a new password via email or SMS.

#more#

Activate the “forgotten password” feature

It’s very easy to activate. You can find this feature in the settings via “Password and security”. Once there, enter the mobile phone number or alternative email address you want us to send the new password to in case you lose it.

Activating the forgotten password feature
The “forgotten password” feature is easily activated.

You have already activated this feature? Then make sure that your specified contact is still up-to-date. Simply enter your current mobile phone number or alternative email address, and you’re guaranteed to be up-to-date again.

You can find step-by-step instructions for activating and using the “forgotten password” feature in our help section: https://posteo.de/en/help/forgotten-password-feature

Access security for your email account

Our email address is the core of our digital identity: We log in to most online services with it and receive new passwords to our email address whenever we need them.

If, however, we forget the password for our own email address, we don’t have this option. That’s why it’s so important to activate the “forgotten password” feature and provide an alternative email address or mobile phone number for resetting the password.
In case you lose your password, you can then go to “Forgotten password?” to reset your password.

Reset password
With the “forgotten password” feature enabled, if needed, you can go to “Forgotten password?” to reset your password.

The feature is designed to be privacy-friendly, secure, and will give you immediate access to your account again if you need it.

Note: If you have activated your Posteo crypto mail storage, the reset does not work automatically because your emails are encrypted with the forgotten password. However, the feature authenticates you as an account user: our support will then be able to quickly help you regain access to your address in case of a lost password. Previously stored emails remain encrypted with the forgotten password. If crypto mail storage is activated, it is therefore especially important to remember your password.

Best regards
The Posteo Team

Your alternative email addresses and mobile phone numbers are not stored in our databases at any point in time.


For security reasons, we do not store your sensitive data in our database. Your mobile number or alternate email address is converted to a hash value. If you activate or update the feature, your sensitive data remains with you. Only the hash value is sent to Posteo via the Internet. You can find more detailed information about this process here.

Transparency notice: Our donations for 2021

Created on 17. May 2022, 11:35 | Category: Blog

Dear Posteo customers and interested parties,

We have a transparency notice for you: we have updated our donations page. On this page, we document the organisations that we financially supported during the previous year (2021).

Over the past year, we donated a total of 59,500 EUR. Of this, 56,139.93 EUR constituted voluntary donations by Posteo. The remaining 3,361.07 EUR came from users that donated remaining credit when terminating their account.

In March 2022, we additionally donated 10,000 EUR for emergency humanitarian aid in Ukraine (Médecins Sans Frontières/UN Refugee Agency). These donations will only be listed in our transparency notes next year when we disclose the figures for 2022.

#more#

It is important to us that we encourage social engagement and take responsibility as a company.
We therefore donate to carefully selected organisations in the fields of environmental and climate protection, digital freedom and freedom of expression, as well as refugee and humanitarian emergency aid.

Posteo donated to the following organisations in 2021:

UNHCR (UNO-Flüchtlingshilfe):
UNO-Flüchtlingshilfe is the German offshoot of the Office of the United Nations High Commissioner for Refugees (UNHCR). It ensures the survival of refugees in acute crisis situations with life-saving emergency measures. UNO-Flüchtlingshilfe thus provides for sufficient supplies of water, food and medicines in refugee camps or regions that are hard to access, for example.

Doctors Without Borders:
Doctors Without Borders was founded in France in 1971. The German section was added in 1993. Today, MSF (Médicins Sans Frontières) is an international network that provides emergency medical aid in over 70 countries. As a humanitarian medical organisation, Doctors Without Borders is committed to providing high-quality and efficient health care in countries where people’s survival is at risk due to diseases, wars and disasters.

Reporters Without Borders:
Reporters Without Borders engages itself worldwide for freedom of the press and freedom of information. The organisation documents violations against freedom of the press and supports journalists that are in danger. Reporters Without Borders combats censorship and restrictive media laws.

UNICEF – Living Schools:
The United Nations Children’s Fund (UNICEF) has been advocating for the health, education and rights of children and mothers in 190 countries since 1946. UNICEF is politically involved against the use of child soldiers and for protecting refugees and for implementing the Convention on the Rights of the Child. Posteo supports the project Living Schools in Malawi. Schools are being built there that are based on principles of ecological awareness, e-learning and participation in decision-making. The schools have their own water supply system for clean drinking water and sanitation, use solar energy and teach about environmental protection in their school gardens.

Netzpolitik.org:
netzpolitik.org is a journalistic platform for digital freedom rights and presents the important debates and developments about the internet. The platform documents how politics is changing the internet and society through regulation and the continued expansion of surveillance laws. With its work, netzpolitik.org wants to encourage people to become engaged for their digital freedom rights and an open society.

BUND:
Bund für Umwelt und Naturschutz Deutschland (BUND) is one of the largest German environmental organisations. Throughout Germany there are more than 2,000 voluntary BUND groups engaged with regional environmental topics. BUND is also engaged with climate protection, ecological agriculture and protection of threatened species, forests and water. BUND is the German member of the international environmental network, “Friends of the Earth”.

ECCHR:
The European Centre for Constitutional and Human Rights (ECCHR) is engaged with legal measures for human rights. The ECCHR lawyers’ aim is to hold state and non-state actors legally accountable for grave human rights abuses. Among others, the ECCHR was founded in 2007 by human rights lawyer Wolfgang Kaleck, who represents whistleblower Edward Snowden in Germany.

Posteo does business sustainably and is independent. Our service is financed entirely by our customers’ account fees. There are no investors or advertising partners at Posteo. You are what makes our involvement in these projects possible. We thank you very much for helping to make a difference.

Best regards,
The Posteo team

New security certificate

Created on 17. January 2022, 11:00 | Category: Info

Dear Posteo customers,

Over the next few days we will update our main security certificate. Security certificates are only valid for a specified time period and need to be renewed from time to time. Because of this, we will be changing this certificate before January 28, 2022.

In most cases, you will not notice any change.
All clients like Thunderbird or Outlook will automatically find the new certificate. You do not need to do anything. However, should your client display a certificate error during this changeover process, please restart your client. This should fix the error.
#more#
If you manage the trustworthiness of certificates manually, you can find the fingerprint for the new main certificate that we will shortly begin using below. You can also find complete fingerprints for all certificates in our legal notice.

New fingerprint for the TLS security certificate for posteo.de:

Geotrust:
SHA256: A5:11:E3:82:F2:EE:3C:2A:79:6C:0D:6B:3B:D7:DB:BF:7C:C3:2C:0C:7F:E0:3F:E8:93:A4:42:27:CC:5C:30:60
SHA1: BF:6D:27:28:FD:32:DC:3A:A6:78:74:5E:76:D3:8D:92:06:69:7A:4C

Best regards,
The Posteo Team

New: TLS-receiving guarantee

Created on 25. June 2021, 18:00 | Category: Info

Dear Posteo customers,

We have released a new feature: Our TLS-receiving guarantee.
The new security feature protects you from receiving emails from servers that send them insecurely and rounds off our TLS guarantees: We have been offering a similar guarantee for sending emails for some time now. You can now activate your TLS-receiving guarantee in the settings.

New: TLS-receiving guarantee
New: TLS-receiving guarantee

Protection against insecure senders

If you activate the new security feature, we will refuse to receive an email to your mailbox if a server tries to deliver it without up-to-date transport route encryption. An insecure transmission from such servers through the internet is guaranteed to be prevented and you will immediately receive a notification from us. Even as a layman, you can thus immediately recognise who is not making sufficient efforts to ensure email security.
#more#
TLS protects your emails on their way through the internet

Nowadays, emails are transmitted via encrypted connections: The transport route encryption (TLS) protects your communication on its way through the internet. Without TLS, emails could simply be intercepted and read in transit. Therefore, almost all email servers now establish encrypted connections with each other as a standard.
The rate of insecure servers without up-to-date TLS encryption is already below 5% (Posteo survey May 2021).

We have tested the new feature both internally and with users over the course of several months. The conclusion: as a rule, the receiving guarantee is not noticed in everyday life, since the vast majority of senders nowadays support up-to-date encryption.
The largest share (>90%) of unencrypted contact attempts is now accounted for by spammers and a few newsletter distributors.

In the rare case that the transmission of a desired email is stopped due to a lack of TLS encryption, you and the sender will immediately receive a notification from us.

Then you have two options:

1. You decide for yourself whether unencrypted transmission is also an option for you in this instance. If so, deactivate the feature for a short time and ask the sender to send it again.
2. You point out the lack of security to the sender; we offer a template for this in our help section. During our field tests, the senders usually reacted within 1-2 working days and activated the missing transport route encryption. Every newly secured server is a contribution to IT security for everyone.

If an operator does not respond or is evasive, you can ask us for assistance at support+tls@posteo.de. We will then also contact the sender for you.

New security check before each email is received

For security reasons, a new TLS check is carried out every time an email is received. This ensures that your emails are not transmitted insecurely even if a server is temporarily not TLS-capable – for example, due to technical problems or an attack.
Transmission is also stopped if unauthorised third parties attack a secure connection and want to force the switch back to an unencrypted connection.

How to activate the TLS-receiving guarantee

You can now activate your TLS-receiving guarantee in the settings of your Posteo account under “Settings → My account → Transport encryption”. Our tip: You can also activate your TLS-sending guarantee there, which we have already been offering for some time.

In our help section, we have provided an article for you on the new TLS-receiving guarantee. With it you will learn how to activate and deactivate the feature – and how to proceed if the transmission of an email from an insecure email server has been stopped.

The TLS-receiving guarantee at a glance:

Best regards,
The Posteo Team

New security certificate

Created on 29. December 2020, 18:00 | Category: Info

Dear Posteo customers,

Over the next few days we will update our main security certificate. Security certificates are only valid for a specified time period and need to be renewed from time to time. Because of this, we will be changing this certificate before January 21, 2021.

In most cases, you will not notice any change.
All clients like Thunderbird or Outlook will automatically find the new certificate. You do not need to do anything. However, should your client display a certificate error during this changeover process, please restart your client. This should fix the error.
#more#
If you manage the trustworthiness of certificates manually, you can find the fingerprint for the new main certificate that we will shortly begin using below. You can also find complete fingerprints for all certificates in our legal notice.

New fingerprint for the TLS security certificate for posteo.de:

Geotrust:
SHA256: CA:AD:66:0A:5A:7F:0E:CD:85:31:77:89:0F:2B:41:82:D9:C7:37:A4:99:35:9F:C8:6D:83:A4:2C:94:5D:97:40
SHA1: A0:E0:98:21:9B:AE:81:56:21:50:7C:B4:76:AD:1F:76:24:2A:8B:32

Best regards,
The Posteo Team