Welcome to the Posteo Postmaster Site

„Contact information in case of technical issues“

Postmaster Information

Contact information

In case of technical issues sending or receiving emails relating to Posteo mailservers, send a request to support@posteo.de or via our contact form. If you prefer encrypted and/or signed email communication please use our S/MIME or PGP key.

Abuse contact information

To report abusive behaviour originating from a Posteo email account, send an abuse report to abuse@posteo.de. Please add any form of evidence or other suitable information as a MIME attachment to your request or report. We only accept automated abuse reports in RFC5965 format or as DMARC aggregate reports.

Posteo outbound and inbound mail server IP addresses

Below is a list of servers that send and receive Posteo users' email.

DNS Name IPv4 Address
posteo.de 89.146.220.134
mx01.posteo.de 185.67.36.61
mx02.posteo.de 89.146.194.165
mx02a.posteo.de 89.146.194.168
mx03.posteo.de 185.67.36.63
mx04.posteo.de 185.67.36.64
mout01.posteo.de 185.67.36.65
mout01.posteo.de 185.67.36.141
mout02.posteo.de 185.67.36.66
mout02.posteo.de 185.67.36.142
* 89.146.230.92

Official Posteo email domain names, SPF and SenderID

These domain names are available to Posteo customers. These domain names for email are intended to be sent only from the announced outbound mail servers. SPF TXT records for the Posteo email domain names document the sending mail servers.

Email adresses and email domain names are set in alignment by Posteo webmail with regard to the from-header and the envelope-from/Return-Path email addresses.

Customers' domain names

Posteo customers may choose to use their own email address e.g. in the from-header of their emails. If you plan to implement a corresponding SPF record for your own domain, you can end it with a redirect=posteo.de mechanism, or add an include:posteo.de mechanism.

Outbound DKIM Signing Policy and DMARC

Posteo uses DomainKeys Identified Mail (DKIM). An email sent out from Posteo mail servers will be signed with a Posteo DKIM-Signature if the email is submitted with an email address or alias (in the from-header and envelope-from) which is owned by the sending Posteo account. If a customer uses other email addresses (e.g. their own email address containing a custom email domain name), the email won't be signed with a Posteo DKIM signature.

Posteo domain names used in the from-header, in the envelope-from/Return-Path and for the signing DKIM domain (if DKIM-signed) are always in strict aligment with each other. However, we have a DMARC "none" policy for Posteo email domain names currently, since DMARC is not recommended for mailbox providers. Outbound DMARC policies are primarily "best-suited for transactional emails and semi-transactional emails" (dmarc.org FAQ). At the present, DMARC has implications which do not meet customers' individual use of email.

Security of mail servers and the website

Posteo email and web services are secured by SSL, TLS, PFS, DNSSEC and DANE. The fingerprints for the certificates in use can be found here.

Why is older encryption technology still used in communication with other providers' email servers in some exceptional cases?

Inbound mail handling

Posteo mail servers perform certain checks before receiving an email.

  • Posteo mail servers perform greylisting on incoming mail communication. You should expect brief delays when sending from unknown domains and IP addresses for the first time.
  • Well known and highly reputated DNS blacklists help us to discard malicious emails.
  • Messages identified as spam are rejected – there are no spam folders in the users' mailboxes.
  • Email attachments of the following types are rejected by default: .exe, .vbs, .pif, .scr, .bat, .cmd, .com, .cpl, .dll.
  • We expect emails to be RFC-compliant and to be sent in a legal manner. In principle, we accept email messages containing redacted content for the purpose of anonymity.
  • Where an email is rejected we expect the sending server to notify the sender.