Dear Posteo customers,

Perhaps you have already noticed that we have released a new feature: the deletion notification. The new security feature protects you from unnoticed data loss; for example, if you have accidentally deleted emails from your account. The new feature has proven to be successful in everyday use. That’s why we would now like to officially present the deletion notification in our blog.

#more#

It is not so uncommon for customers to accidentally delete emails or an entire folder. We would like to provide you with the best possible protection for such cases: Posteo has always offered a special service of creating daily security backups of all email accounts and storing them 7 days for you. If needed, we can then restore these backups for you free of charge.

We have developed the new deletion notification because on a daily basis it was sometimes not satisfactory for us when customers would notice too late – after more than 7 days – that they – or the programs and devices they use – accidentally deleted many emails. We were then no longer able to help them.

With the new deletion notification, this no longer happens. Our system automatically sends a notification via email as soon as the amount of emails in your account is reduced by at least 50 emails within the past 24 hours.
And we can already say that the new feature is a complete success. Meanwhile, almost all customers that accidentally deleted emails contact us in time so that we can restore their data from our security backups. We have been happy to see the positive and relieved responses – thank you for this.

Unlocked cell phones, errors in local clients

The main reasons for accidentally deleting emails can be quickly listed:
Often customers report of “cleaning” gone wrong in their own account – or from smartphones that were not locked in a pocket or bag.

Deletions are more likely to go unnoticed when customers are unaware of deletion settings in their local email clients – such as in Apple Mail, Outlook or Thunderbird. Therefore, it’s generally worth it to check the deletion settings in external email programs. Also, when updating these email clients, errors can sometimes occur that cause emails to be deleted unexpectedly.

By the way, out of principle Posteo never deletes emails from your email account – not even if your storage quota has been filled. We often receive this question.

I received a deletion notification – what do I do now?

If you receive a deletion notification from us in the future, follow these steps:

If you intentionally deleted the emails, simply ignore the deletion notification.

If the messages were accidentally deleted, verify if apps or email clients on your devices are automatically deleting emails. Perhaps your email client (e.g. Apple Mail) automatically emptied the trash. This is sometimes set by default in some email clients. You can, however, change this setting retroactively if you do not want emails to be automatically deleted. For example, also check individual folders, such as the “Sent” folder or your archive.

We do not have any information whatsoever regarding which emails were specifically deleted. The deletion notification has been implemented in a privacy-friendly manner and is entirely generated from values when calculating storage space. We do not look into email accounts and we also do not log which emails were deleted.

Should you be missing emails that you still need and do not have your own backup, please request for us to restore a backup within the next 7 days. This can be done in your settings via “Restore emails”. The backup contains all of the data in your account before the time of deletion. Alternatively, you can request to restore a backup from our customer service via email.
If needed, you can also adjust the deletion settings in your external email client to prevent unwanted deletions in the future.

Adjusting or deactivating deletion notices

Another tip: You can specify in your settings via “Password and security” to receive a notification only when more emails are deleted. This setting is particularly useful for people who regularly delete a lot of emails. If you no longer wish to receive deletion notifications, you can also deactivate the feature there.

We also recommend regularly creating your own backups of all saved data.

Best regards,
Your Posteo Team

Dear Posteo customers,

Over the next few days we will update our main security certificate. Security certificates are only valid for a specified time period and need to be renewed from time to time. Because of this, we will be changing this certificate before February 14, 2023.

In most cases, you will not notice any change.
All clients like Thunderbird or Outlook will automatically find the new certificate. You do not need to do anything. However, should your client display a certificate error during this changeover process, please restart your client. This should fix the error.
#more#
If you manage the trustworthiness of certificates manually, you can find the fingerprint for the new main certificate that we will shortly begin using below. You can also find complete fingerprints for all certificates in our legal notice.

New fingerprint for the TLS security certificate for posteo.de:

Geotrust:
SHA256: E8:E2:06:71:4D:15:6E:68:DF:24:CE:FD:7F:53:5D:EE:E1:FA:75:5A:87:14:6D:EC:36:76:15:70:E1:09:8F:92
SHA1: 27:CD:27:2F:23:5B:B8:1F:89:72:8A:71:9B:1A:A0:70:F6:8B:49:BE

Best regards,
The Posteo Team

Dear Posteo customers,

Over the next few days we will update our main security certificate. Security certificates are only valid for a specified time period and need to be renewed from time to time. Because of this, we will be changing this certificate before January 28, 2022.

In most cases, you will not notice any change.
All clients like Thunderbird or Outlook will automatically find the new certificate. You do not need to do anything. However, should your client display a certificate error during this changeover process, please restart your client. This should fix the error.
#more#
If you manage the trustworthiness of certificates manually, you can find the fingerprint for the new main certificate that we will shortly begin using below. You can also find complete fingerprints for all certificates in our legal notice.

New fingerprint for the TLS security certificate for posteo.de:

Geotrust:
SHA256: A5:11:E3:82:F2:EE:3C:2A:79:6C:0D:6B:3B:D7:DB:BF:7C:C3:2C:0C:7F:E0:3F:E8:93:A4:42:27:CC:5C:30:60
SHA1: BF:6D:27:28:FD:32:DC:3A:A6:78:74:5E:76:D3:8D:92:06:69:7A:4C

Best regards,
The Posteo Team

Dear Posteo customers,

We have released a new feature: Our TLS-receiving guarantee.
The new security feature protects you from receiving emails from servers that send them insecurely and rounds off our TLS guarantees: We have been offering a similar guarantee for sending emails for some time now. You can now activate your TLS-receiving guarantee in the settings.

Protection against insecure senders

If you activate the new security feature, we will refuse to receive an email to your mailbox if a server tries to deliver it without up-to-date transport route encryption. An insecure transmission from such servers through the internet is guaranteed to be prevented and you will immediately receive a notification from us. Even as a layman, you can thus immediately recognise who is not making sufficient efforts to ensure email security.
#more#
TLS protects your emails on their way through the internet

Nowadays, emails are transmitted via encrypted connections: The transport route encryption (TLS) protects your communication on its way through the internet. Without TLS, emails could simply be intercepted and read in transit. Therefore, almost all email servers now establish encrypted connections with each other as a standard.
The rate of insecure servers without up-to-date TLS encryption is already below 5% (Posteo survey May 2021).

We have tested the new feature both internally and with users over the course of several months. The conclusion: as a rule, the receiving guarantee is not noticed in everyday life, since the vast majority of senders nowadays support up-to-date encryption.
The largest share (>90%) of unencrypted contact attempts is now accounted for by spammers and a few newsletter distributors.

In the rare case that the transmission of a desired email is stopped due to a lack of TLS encryption, you and the sender will immediately receive a notification from us.

Then you have two options:

1. You decide for yourself whether unencrypted transmission is also an option for you in this instance. If so, deactivate the feature for a short time and ask the sender to send it again.
2. You point out the lack of security to the sender; we offer a template for this in our help section. During our field tests, the senders usually reacted within 1-2 working days and activated the missing transport route encryption. Every newly secured server is a contribution to IT security for everyone.

If an operator does not respond or is evasive, you can ask us for assistance at support+tls@posteo.de. We will then also contact the sender for you.

New security check before each email is received

For security reasons, a new TLS check is carried out every time an email is received. This ensures that your emails are not transmitted insecurely even if a server is temporarily not TLS-capable – for example, due to technical problems or an attack.
Transmission is also stopped if unauthorised third parties attack a secure connection and want to force the switch back to an unencrypted connection.

How to activate the TLS-receiving guarantee

You can now activate your TLS-receiving guarantee in the settings of your Posteo account under “Settings → My account → Transport encryption”. Our tip: You can also activate your TLS-sending guarantee there, which we have already been offering for some time.

In our help section, we have provided an article for you on the new TLS-receiving guarantee. With it you will learn how to activate and deactivate the feature – and how to proceed if the transmission of an email from an insecure email server has been stopped.

The TLS-receiving guarantee at a glance:

• Emails are always guaranteed to be received via an encrypted transport route.
• You and the sender will immediately receive a notification if we have stopped the transmission of an email from an insecure server.
• Even as a layman, you can immediately recognise who is not making enough effort to ensure email security.
• Downgrade attacks, in which an attacker can switch off modern, secure encryption, are prevented.
• Outdated encryption protocols such as SSLv3, TLS 1.0 or 1.1 are not tolerated.
• Man-in-the-middle attacks are made more difficult. If, like Posteo, the receiving server uses DANE, they are impossible.

Best regards,
The Posteo Team

Dear Posteo customers,

Over the next few days we will update our main security certificate. Security certificates are only valid for a specified time period and need to be renewed from time to time. Because of this, we will be changing this certificate before January 21, 2021.

In most cases, you will not notice any change.
All clients like Thunderbird or Outlook will automatically find the new certificate. You do not need to do anything. However, should your client display a certificate error during this changeover process, please restart your client. This should fix the error.
#more#
If you manage the trustworthiness of certificates manually, you can find the fingerprint for the new main certificate that we will shortly begin using below. You can also find complete fingerprints for all certificates in our legal notice.

New fingerprint for the TLS security certificate for posteo.de:

Geotrust:
SHA256: CA:AD:66:0A:5A:7F:0E:CD:85:31:77:89:0F:2B:41:82:D9:C7:37:A4:99:35:9F:C8:6D:83:A4:2C:94:5D:97:40
SHA1: A0:E0:98:21:9B:AE:81:56:21:50:7C:B4:76:AD:1F:76:24:2A:8B:32

Best regards,
The Posteo Team