New: TLS-sending guarantee for additional security

Created on 13. July 2016, 15:45 | Category: Info

Dear Posteo users,

Today we have made a new, important feature available to you – our TLS-sending guarantee. This new security feature protects you from sending emails to insecure systems. You can now activate the new feature in the settings of your account.

Emails need to be transferred over encrypted connections so that criminals and intelligence services can not read them in an unauthorised manner. Three years after the NSA scandal, transport route encryption (TLS) has as a result become commonplace: All large email providers have now activated it on their systems. But what about the email systems to which you frequently send everyday emails or work-related emails? Prior to sending an email, it is not visible to the user whether the email systems used by business partners, doctors, clubs or schools support secure connections. Our systems, on the other hand, recognise this. Before sending each and every email, Posteo attempts to create an encrypted connection with the other email server in order to achieve secure sending.

If secure sending is not possible, the transfer is stopped
This is exactly where our new TLS-sending guarantee comes in: If you activate this security feature, we will only send your emails when the message can be securely delivered to the recipient. If secure sending over an encrypted connection is not possible, transfer of the email will be stopped – and you receive a notification from us. Sending is also stopped if an unauthorised third party attacks a secure connection, wanting to force an unencrypted connection.

If we notify you that sending was stopped, you can then decide yourself whether you would still like to send your message to the insecure system. To do this you can temporarily deactivate the TLS-sending guarantee and send your message (as an exception) without TLS. We designed the new feature as practically as possible: Whether you access your emails with a smartphone, in the webmail interface or in local email programs such as Outlook or Thunderbird, makes no difference. Each sending of an email undergoes our TLS security test. If you send an email to multiple recipients, sending is only stopped for those recipients to which the email can not be securely transferred. You are then notified by us via email as to which recipients were affected.

#more#
New security test before each email is sent
The new feature affords you additional clarity: You always find out about your contacts’ current communication security. For security reasons, a new TLS check occurs before sending every email, even for known recipients. Thus we ensure that your emails are not sent insecurely if a server is temporarily incapable of TLS, for example, due to technical problems or an attack.

You can now activate the TLS-sending guarantee in the settings of your Posteo account under “Settings” → “My account” → “Transport route encryption”. In our help section we have prepared an article on the new TLS-sending guarantee. There you can find out how to activate and deactivate the feature and how to proceed when the sending of an email to an insecure email server is stopped.

Additional information for IT pros:
- The TLS-sending guarantee prevents downgrade attacks, whose goal is to revert to unencrypted connections.
- Outdated and insecure encryption protocols such as SSLv3 or RC4 will not be tolerated: These also cause a stop on sending.
- Man-in-the-middle attacks are made more difficult and are always prevented if, like Posteo, the receiving server also uses DANE.

More about encryption at Posteo
Transport route encryption is one building block in our innovative encryption model. On our Encryption info page you can also learn about our other features: Here you discover, for example, how you can conveniently encrypt all saved data at the click of a button (crypto mail storage, address book and calendar encryption). We also inform about how we encrypt each access and all sensitive data, and present our end-to-end encryption features (key directory, PGP in the webmail interface, and more).


Best regards,

The Posteo team

New security technology and additional certificate

Created on 04. April 2016, 14:30 | Category: Info

Dear Posteo users and interested parties,

We would like to inform you about some new pieces of security technology at Posteo.

We have begun to support “Certificate Transparency” technology. In addition, we started using new technology known as “Certification Authority Authorization (CAA)” and “HTTP Public Key Pinning (HPKP)” a few weeks ago. These further increase the security of Posteo for you.

Nothing changes for you – and you do not need to do anything. In this blog article we merely wish to provide an insight into how we are protecting your data at Posteo using these features.

Certificate Transparency: No chance for certificate forgers

With Certificate Transparency, we can automatically monitor worldwide whether an unauthorised third party (criminal or intelligence service) attempts to represent itself as Posteo by falsifying certificates for our Posteo domains. Until now, it was very unlikely that a certifying authority would actually incorrectly authenticate an unauthorised party to be Posteo. The reason for this is that for many years we have used a so-called extended security certificate (EV certificate). These certificates are only issued following presentation of a range of documents. Criminals and intelligence services do, however, attempt to take on another identity using falsified certificates. They do this, for example, to lure customers of internet services to falsified phishing sites and capture their login details there, or to place themselves as the “Man-in-the-Middle” of a communications process.

With the new technology, we can evaluate 24 hours a day in close to real time whether someone attempts to manipulate our certificates and can therefore react immediately – ideally, before an attacker can make an attempt at fraud. You no longer need to trust the diligence of the certification authorities’ (CA) issuing of certificates: With the new technology, online services such as Posteo can check for themselves whether a certifying authority has incorrectly issued a certificate to an unauthorised party.

New certificate in the course of the changes

In order to be able to support the new pieces of security technology, we will in April begin implementing an additional certificate from Geotrust. This certifying authority already supports the new technology. Interested parties can find the fingerprints of all certificates (a series of characters with which a certificate can be verified as “real”) from now on the legal notice page of our website. All programs such as Thunderbird or Outlook will find the new certificate automatically. You do not need to do anything. If your program produces a certificate error during the transition process, please simply restart it, which should overcome the issue.

#more#

New security technology “Certification Authority Authorization” (CAA) in use for some weeks

For a few weeks we have been using an additional new piece of security technology in connection with certificates: Certification Authority Authorization (CAA). CAA is very new technology that is not yet widely circulated. With this new technology, we have lodged information in the DNS (the central request registry of the internet) as to which certifying authorities are authorised to issue certificates for our domains. This technology is still very new, which means that there is not yet any requirement for certifying authorities to observe it. We are nonetheless of the opinion that these entries are already very sensible: We want to show what is technically possible today and we hope that many telecommunications providers and certification authorities will soon use CAA. The technology can make internet access more secure overall, and further minimise the risk of falsified certificates.

German certifiers with Certificate Transparency are not yet practical

At the moment, it remains impossible for email services such as Posteo to implement certificates from German certification authorities as a main certificate in practice. Providers such as D-Trust (the Bundesdruckerei) do not (yet) know of some devices and programs that are widely in use. If an email service nonetheless uses a certificate from such an “unknown” certification authority, a large number of users receive constantly repeating error messages. The programs state that the certificates in place are not trusted. The situation does not look good in terms of the support of new technology, either: The Telekom Trust Center (TeleSec), for example, which is the certification authority for Deutsche Telekom AG, has indicated to us that it has no plans to support Certificate Transparency. These existing problems with German certifiers will only improve in the course of the coming years, if at all. A prerequisite for this, for example, is that German certifiers ensure that their so-called root certificates are recognised as trustworthy in all new-generation devices and programs.

Additional information for pros: Additional certificate security technology at Posteo

- For each secured domain, we always use at least two extended validation certificates on an equal basis. In case problems with a certification authority arise, we can immediately switch to the other certificate, without any disturbance to our users.
- We use HPKP (HTTP Public Key Pinning) to force browsers to accept our certificates only.
- We use DANE so that other email servers, browsers and programs can check our certificates with a falsification-proof DNS request.

Best regards,

The Posteo team

New: Posteo webmail interface can find public keys

Created on 22. December 2015, 14:00 | Category: Info

Dear Posteo users,

We have now made end-to-end encryption in the Posteo webmail interface even easier.
Attachments can now also be conveniently encrypted (with PGP/MIME) in the webmail interface.

At the same time we have made the first application for our new Posteo key directory available:

If you use end-to-end encryption with Posteo in the browser, Posteo finds the public keys for your contacts – in many cases, automatically. This is made possible by the Posteo key directory and Posteo key search: Our key search automatically searches worldwide for corresponding public keys for your contacts and displays them to you before you send an email.

In many cases, therefore, you no longer need to ask a contact for their public key before being able to send them an encrypted email.
#more#
It occurs in the background:
When you enter a recipient for your email, our innovative key search peforms a search for corresponding keys for the email address. It searches not only the worldwide PGP key servers, but also the DNS – the so-called “internet telephone book”, as well as additional sources of the Posteo key directory. If the key search finds a key for your contact’s email address, this will be displayed. Thus end-to-end encryption becomes convenient and modern, and without losing security: The encryption in the webmail interface occurs with the open source plug-in Mailvelope, which is installed locally. This ensures genuine end-to-end encryption in which your private key always remains locally on your devices. It is not saved on our servers at any point, as this would reduce the principle of end-to-end encryption (between the sender and recipient of an email) to an absurdity. The encryption and key search also work with all email providers that adhere to internationally agreed-upon standards for the field of email. This is no stand-alone or proprietary solution for which both communication partners would need to use the same provider in order to communicate with one another using encryption.

For security reasons, our philosophy is to exclusively use genuine end-to-end solutions, open-source technologies and free standards. In our view, only thus can maximum security, transparency, comfort and compatibility be obtained. The Mailvelope plug-in is open source and has undergone a security audit (by Cure53).

Instructions:
Step-by-step instructions for the setup and use of end-to-end encryption in the Posteo webmail interface can be found in our help section.

Customers who already use end-to-end encryption in the Posteo webmail interface can also find instructions in the Posteo help section on activating the new Posteo key search and encrypting attachments in a few easy steps.

For developers:
We have developed an open source plug-in for the Roundcube email client, which is published under the AGPL licence and can be found on Github.

Best regards and happy holidays,

The Posteo team

New: Posteo public key directory

Created on 04. December 2015, 15:30 | Category: Info

Dear Posteo users and interested parties,

It is our desire to make the exchange of public keys for end-to-end encryption easier and more secure. Today we have taken a first step to this end: You can now publish your public PGP or S/MIME key in our new Posteo key directory and thereby also securely in the DNS, the internet’s so-called telephone book. In the coming weeks we will be progressively activating further options for the new Posteo key directory.

Background:
For a while now, various players in the area of internet security have been working on making the exchange of keys for end-to-end encryption easier and more secure. Public keys are to be securely stored and made available in the DNS. To this end, new, free standards will soon be adopted. For a long time, behind the scenes, we have worked on simplifying the key exchange process in multiple steps, to occur in line with the new standards. So far, the standards remain in draft format, but we consider them advanced enough that we have begun to use them.
#more#
The technical designation for the upload of PGP keys was determined some months ago. Over the last few months we engaged ourselves in the responsible working group, such that the DNS parameters for S/MIME keys also be determined by IANA, which is responsible for administration of the DNS in the internet. For us, S/MIME is an equally worthy and just as important encryption standard.

On Tuesday, the organisation also determined the technical designation for lodging S/MIME keys in the DNS.

Your public S/MIME or PGP key used to encrypt emails can therefore now be securely added by us to the DNS. There, others can find your key and use it to encrypt emails to you. Your key is stored in the key directory secure against falsification with standards OPENPGPKEY and SMIMEA, which are soon to arrive. This process corresponds to DANE technology: DANE secures TLS server certificates in the DNS, while OPENPGPKEY and SMIMEA secure (against falsification) public keys used for email communication, in the DNS. Keys for end-to-end encryption that are published in the DNS are also secured with DNSSEC, as for DANE.

Through the use of security technologies such as NSEC3, we also prevent the mass-collection of email addresses and keys from the DNS: A key can only be retrieved for a specific email address known to the person searching. This actively prevents the misuse of the DNS as a source of email addresses for spammers.

OPENPGPKEY and SMIMEA are to constitute an alternative to previously widespread key servers, which exhibit multiple problems:
Until now, anyone can upload your public key to worldwide key servers, even if you personally do not want this. In addition, anyone can upload a falsified key for you. Keys that are uploaded there can no longer be deleted. This results in multiple as well as outdated or incorrect keys for an email address being found in key searches on the worldwide key servers. On the key servers, a multitude of valid email addresses are saved, and can be found by spammers who request email addresses from key servers on a mass scale in order to send spam to these addresses. Anonymity is also affected by the key servers: With OpenPGP, anyone can see who has declared their “trust”, similar to a social network. Thus social connections can be openly viewed for each person. The new process at Posteo is implemented without exhibiting any of these weaknesses.

The Posteo key directory is found in the settings of your Posteo account, under “PGP and S/MIME encryption”.

Before uploading your key to the Posteo key directory, please check whether it conforms to the Posteo guidelines. To protect your privacy, you can only upload a key that contains your Posteo email address or one of your aliases, among other things.

The new OPENPGPKEY technology is already implemented in the standard software GnuPG, and Verisign is working on an SMIMEA plugin for Thunderbird. We hope that the dissemination of OPENPGPKEY and SMIMEA proceeds quickly, so that the exchange of public keys becomes easier and more secure.

Best regards,

The Posteo team

Migration service now includes address book

Created on 16. November 2015, 18:00 | Category: Info

Dear Posteo users and interested parties,

Moving to Posteo just became even easier. With the Posteo migration service, you can now transfer more than just your existing email accounts (including folder structures) to Posteo at the click of a button.

From now on, the migration service also transfers your previous address book from most large providers to Posteo. You can conveniently transfer your contacts to Posteo without requiring any special technical knowledge.
#more#
Because we do not use any third-party solutions at Posteo for the transfer of your personal data, we have developed individual solutions for the secure transfer of your data from each of the providers listed. In particular, your contacts’ sensitive data (e.g. name, address and phone numbers) are not transferred via a third party at any point. The data is collected by Posteo directly from your previous provider and transferred to your Posteo address book via an encrypted connection.

Posteo address book migration is available for the following providers:

AOL
Gmail
GMX
iCloud
Microsoft services such as Outlook.com, Hotmail, Office 365
Yahoo!
WEB.DE

The migration service is found in the settings of your Posteo account under “My account”.

You can decide yourself whether you would like to permanently delete your email and address book data from your previous provider.

The Posteo migration service is free of charge. It was developed in line with our principle of maximum data economy. Thus, for example, we do not save the email address from which you have transferred data to Posteo.

Tip: After migration you can individually encrypt all data you have saved with Posteo. Available for this purpose are Posteo’s address book and calendar encryption and Posteo crypto mail storage (for your email data). For both features you do not require any special technical knowledge; the encryption occurs at the click of a button. These encryption features are found in the settings of your account under “Encryption”.

Best regards,

The Posteo team