Dear Posteo users,

Introduction of the new crypto mail storage is complete: all Posteo users can now encrypt the email data they have saved with us at the click of a button. We make this new encryption feature available to you at no extra charge.

You don’t require any special technical knowledge: the encryption is activated at the click of a button and occurs in the background without you needing to do anything. You can find the new encryption option in the settings of your account via “Encryption” > “Posteo crypto mail storage”. Step-by-step instructions are found in the Posteo help section. If you have additional questions, our support team is available to you at no extra charge. #more#

When you activate crypto mail storage, all email data saved with Posteo is encrypted at the click of a button – with the help of your password. The encryption encompasses the content and attachments of all emails saved with Posteo as well as their corresponding metadata (e.g. subject and header). As well as your existing email archive, all newly-arriving emails are also encrypted. The encrypted data within crypto mail storage are no longer readable by us. Posteo can not deactivate the encryption; only you can do this yourself. If you are interested, you can find out concretely how the data is encrypted and where the technical data for encryption is viewable on our encryption info page.

Password must be taken special care of

When you have activated crypto mail storage, you need to take special care with your password. The password is the key to your data. If crypto mail storage is activated and you forget your password, you will lose access to your encrypted email storage. The password reset function is no longer available to you, as your data is encrypted using your forgotten password. Posteo support can no longer reset your password or deactivate the encryption. Please therefore consider carefully whether you would like to use this password-based encryption function before activating it.

Can be combined with all other encryption options

Posteo crypto mail storage constitutes an additional layer of encryption in our security model, with which you can protect the data you have saved with us. It can be combined with all other Posteo encryption features, for example, inbound encryption, without issue. Please note that each layer of encryption fulfills different protective purposes: crypto mail storage protects your saved email data and their corresponding metadata. By combining it with end-to-end encryption, which protects your emails during the communication process (when sending and receiving emails via the internet), you can further increase the security level of your communication.

The most frequently asked questions on crypto mail storage

Following our first blog entry we received many questions from users. We would like to respond to the most frequent ones again here.

– You can continue to use your account in the webmail interface as usual, though the search function could take a little longer.
– You can continue to access emails via IMAP and POP3 as usual.
– You can continue to manage your emails in local email programs.
– You can continue to access your emails on a smartphone, tablet or other device.
– Posteo crypto mail storage encrypts all email data saved on our servers. If local, insecure copies of your email data are created by a program, we recommend securing all devices used for this or deactivating creation of local copies.
– Legal: we had the legal situation checked by our lawyers. In Germany, email providers can not be compelled to “break” encryption. We designed crypto mail storage such that technically, Posteo can not remove the encryption of all saved email data applied by the users.
– Because incoming emails are first encrypted when they reach our server, crypto mail storage does not protect against lawful interception (TKÜ) of an account.
– Our encryption plug-in underwent an external, multi-level security audit (by Cure53). For reasons of transparency, the code for the encryption is also openly viewable. This conforms to our open-source strategy and is an essential trust-building measure in the post-Snowden era.
– We recommend that you further secure your account with two-factor authentication, to additionally increase your level of security.

Best regards,

The Posteo team

Dear Posteo users and interested parties,

Migrating your previous email accounts to Posteo just got easier: as of today, the new Posteo migration service is available to you, with which you can bring your previous accounts (including their folder structures) across to your Posteo account.

Many of you desired an ability to transfer folder structures without needing any particular technical knowledge.

For security reasons, we did not want to employ or recommend any third parties to transfer your sensitive email data; we therefore developed our own solution for secure and convenient migration to Posteo. #more#

The new migration service can now be found in the settings of your Posteo account (via “My account”).

You can now completely copy up to three external email accounts across to Posteo.

You do not require any special technical knowledge: when you set up a new migration service in the settings of your Posteo account, it will display the folders in your previous account. Conveniently, you can then decide which folders you would like to copy to Posteo with a click of the mouse. Our migration service will then transfer all selected folders across to your Posteo account.

You can decide yourself whether you would like to permanently delete the emails from your previous provider. The Posteo migration service is free of charge – and you retain control over your data:
At no point are your emails transferred via a third party.
The selected folders are collected from your previous provider by Posteo and transferred directly to your Posteo account over an encrypted connection.
We have designed the Posteo migration service in line with our policy of maximum data economy: we do not, for example, save information such as which email address the data is copied to your Posteo account from.

Best regards,

The Posteo team

New: Posteo introduces crypto mail storage

Dear Posteo users,

We have news:
Today we have introduced a new encryption option for you: Posteo crypto mail storage. The new function was already made available to users this morning. In the coming weeks, we will progressively make crypto mail storage available for all accounts. With crypto mail storage you have the ability to personally encrypt all email data you have saved with Posteo at the click of a button. The encryption is comprehensive. It encompasses the content and attachments of all emails saved at Posteo as well as their corresponding metadata (for example, the subject and email header). As well as your existing email storage, all newly-arriving emails will be encrypted.

We are making this new encryption feature available to you at no additional charge. It is important to us that all Posteo users obtain maximum security. You don’t need any special technical knowledge, either: the encryption is activated at the click of a button. It occurs in the background without you needing to do anything. #more#

The data within the crypto mail storage is no longer readable by us. We can not deactivate the encryption; only you can do this yourself. You can see whether this new encryption option is already available for your account via “Encryption” > “Posteo crypto mail storage”. If it is not yet available, we ask for your patience. Crypto mail storage will be made available to all users in the coming weeks.

Encryption at the click of a button – with the help of your password:

As soon as you have activated crypto mail storage in the settings of your account, Posteo creates a personalised key pair for you. Using this, we encrypt all the email data (content, attachments and metadata). This occurs with the part of your key that is responsible for “encrypting”. Each email is encrypted individually. The key that can make an email “readable” again is stored in the Posteo database, protected by your password. Thus, only you can access your encrypted email storage. Nothing changes in the workflow in your account: if you click on an email when crypto mail storage is activated, it is made readable for you in the background – and only for the moment of access. You manage your emails just as simply and conveniently as before.

Password must be taken special care of
When you have activated crypto mail storage, you need to take special care with your password. The password is the key to your data. If crypto mail storage is activated and you forget your password, you will lose access to your encrypted email storage. The password reset function is no longer available to you, as your data is encrypted using your forgotten password. Posteo support can no longer reset your password or deactivate the encryption.

Crypto mail storage is a plug-in we developed for the open-source email server Dovecot. Asymmetrical encryption occurs with the help of RSA; symmetrical encryption and authentication happens with AES and HMAC. Hashing occurs with bcrypt.

Further information can be found on our encryption info page.

Comprehensive tests and external security audit
Your personal email data is a sensitive commodity and worthy of protection. For this reason, extensive preparation work has been done prior to making crypto mail storage available. We not only comprehensively tested our encryption plug-in internally: the feature was also submitted to an external, multi-level security audit (by Cure53).

Transparent code and legal check
In addition, we had the legal situation clarified in advance. The result was that in Germany, email providers can not be compelled to “break” encryption.

We have implemented the crypto mail storage such that from a technical standpoint, the encryption initiated by Posteo users can not be removed by Posteo. In addition, the code for the encryption is openly viewable for reasons of transparency. This conforms to our open-source strategy and is an essential trust-building measure in the post-Snowden era.

Can be combined with all other encryption options
Posteo crypto mail storage can be combined with all other Posteo encryption features without issue. Thus, you can encrypt all your calendar and address book data at the click of a button. Posteo inbound encryption, which encrypts all newly-arriving emails with OpenPGP or S/MIME, can also be combined with crypto mail storage without issue.

If you already use inbound encryption, we recommend also activating crypto mail storage, as crypto mail storage encrypts not only newly-arriving emails but also all emails in all folders of the account as well as their corresponding metadata.

If you already use end-to-end encryption, you will also profit from crypto mail storage. The end-to-end process such as OpenPGP will generally only encrypt the content of individual emails, and not your saved emails or the emails’ metadata. Our password-based crypto mail storage constitutes comprehensive encryption, which distinctly increases the security level at Posteo. For maximum security, we recommend securing access to your crypto mail storage with Posteo two-factor authentication. Then, at login, not only your regular password will be required, but also a current one-time password. Such is the overall security level further increased. If you create local, insecure copies of your email data, we recommend securing all devices used for this.

We have made numerous pages with information and help instructions on Posteo crypto mail storage and our other encryption options available on our website.

Best regards,

The Posteo team

Dear Posteo users,

As of today, a new “Gentle Grey” theme for our webmail interface is available. This is a reduced-colour version of our new standard design for those who prefer a more discreet colour scheme.

You can now activate the “Gentle Grey” theme in your account settings via “Settings” → “Preferences” → “User Interface”. To use the theme, simply select “Gentle Grey” and confirm by clicking “Save”.

We will soon be making additional versions of the webmail interface available to choose from.

Best regards,

The Posteo team

Dear Posteo users, 



Today our payment process has been superseded by our new, extended single-use code system for anonymised payments. Until now, our code-based payment system was used exclusively to separate payment data from the email accounts. From now on, the single-use codes also contain an encoded country determination, such that we can continue to maintain our concept of data economy despite new legal requirements.#more#

On January 1st, the so-called “Kroatiengesetz” came into effect. This law is the German implementation of an EU regulation. It specifies that for electronic services, value added tax must be paid in the country in which the user lives. Previously, the service provider’s headquarters determined the tax location. From January 1st we are therefore required for each payment process to determine which country each payment comes to us from, using multiple measures. This can be done, for example, with the help of a Geo-IP determination or an evaluation of the payment information. The lawmakers require at least two attributes to be ascertained, which do not differ. Fulfilling these new legal requirements was a challenge for us as we don’t save any of your personal information and wish to continue not to do so.

We have therefore extended our anonymous payment process for the event of the new law coming into effect, in order to maintain our consistent concept of data economy. We are now required to conduct a legally-specified country determination. Its result is encoded in a part of our payment codes that only you receive, when you now start a payment process. This part of the code contains the result of a Geo-IP determination and a browser region determination (your IP address is not saved). The part of the code that is in our system is somewhat shorter and does not contain this sensitive information. The encoded part is “outsourced” to you until the payment is completed. This is important, because otherwise we would have personal data connected to your account in our system until completion of the payment, which is something we don’t want.

You provide us with the complete code, and thereby also the result of the country determination, in the purpose/description field of your payment. When a payment arrives at Posteo via bank transfer or in the post, our payment system automatically evaluates the code and can then allocate the payment to your account. The encoded country determination in the last three characters is also automatically evaluated, to determine the value added tax payable in the relevant EU country. The result is not connected with your account. The evaluation process only takes a fraction of a second. When the code is evaluated, credit is added to your account and the single-use code is deleted from the system. Thus it is no longer possible to tell which account you have transferred funds for. Nor is it possible to tell which country the user of an account lives in.

PayPal and credit card payments occur directly after starting a payment process. The use of a code system is therefore unnecessary here. Information on the country determination is also immediately evaluated and does not need to be temporarily saved. Neither the PayPal or credit card payment nor the country determination collected is connected with the email account.

We understand the lawmakers’ intention to block tax loopholes with the new law. It is, however, problematic that companies who want to operate with data reduction can become required to collect and save users’ personal information via this EU regulation. Providers generally do not have complicated code-based systems allowing data reduction available to them – plainly, they must then retrieve and save the information. This is how mounds of data pile up. In addition, a bank account is very secure against manipulation. We doubt whether additional measures such as geolocation would markedly increase reliability.

Further information on Posteo’s anonymous payment system can be found on the payment info page that we have set up.

Kind regards and all the best in the new year,

The Posteo team