Postmaster Information
Contact information
In case of technical issues sending or receiving emails relating to Posteo mailservers, send a request to postmaster@posteo.de or via our contact form. If you prefer encrypted and/or signed email communication please use our S/MIME or PGP key.
Abuse contact information
To report abusive behaviour originating from a Posteo email account, send an abuse report to abuse@posteo.de. Please add any form of (redacted) evidence or other suitable information as a MIME attachment to your request or report. We accept automated abuse reports only in RFC5965(ARF) format or as DMARC aggregate reports. Send automated reports to fbl-reports@posteo.de.
Posteo outbound and inbound mail server IP addresses
Below is a list of servers that send and/or receive Posteo users' email.
| DNS Name | IP Address |
|---|---|
| mx01.posteo.de | 185.67.36.61 |
| mx01.posteo.de | 185.67.36.62 |
| mx02.posteo.de | 89.146.194.165 |
| mx02a.posteo.de | 89.146.194.168 |
| mx03.posteo.de | 185.67.36.63 |
| mx03.posteo.de | 185.67.36.70 |
| mx04.posteo.de | 185.67.36.64 |
| mx04.posteo.de | 185.67.36.71 |
| mout01.posteo.de | 185.67.36.65 |
| mout01.posteo.de | 185.67.36.141 |
| mout01.posteo.de | 2a05:bc0:1000::65:1 |
| mout01c.posteo.de | 185.67.36.193 |
| mout02.posteo.de | 185.67.36.66 |
| mout02.posteo.de | 185.67.36.142 |
| mout02.posteo.de | 2a05:bc0:1000::66:1 |
| mout02c.posteo.de | 185.67.36.194 |
| mout99.posteo.de | 185.67.36.96 |
| mout99.posteo.de | 185.67.36.149 |
| mout99c.posteo.de | 185.67.36.199 |
| mout99.posteo.de | 2a05:bc0:1000::96:1 |
| mout99.posteo.de | 2a05:bc0:1000::149:1 |
| mout99c.posteo.de | 2a05:bc0:1000::199:1 |
| mailfwd01.posteo.de | 185.67.36.111 |
| mailfwd01.posteo.de | 2a05:bc0:1000::111:1 |
| mailfwd02.posteo.de | 185.67.36.110 |
| mailfwd02.posteo.de | 2a05:bc0:1000::110:1 |
| listsout.posteo.de | 185.67.36.195 |
| listsout02.posteo.de | 185.67.36.196 |
| * | 89.146.230.92 |
| mxv601.posteo.de | 185.67.36.77 |
| mxv601.posteo.de | 2a05:bc0:1000::77:1 |
| mxv602.posteo.de | 185.67.36.78 |
| mxv602.posteo.de | 2a05:bc0:1000::78:1 |
Official Posteo email domain names and SPF
These domain names are available to Posteo customers. We use the email domain posteo.biz for corporate purposes only. The email domain lists.posteo.de is used by the mailing list server. These domain names for email are intended to be sent only from the announced outbound mail servers. SPF TXT records for the Posteo email domain names document the sending email servers.
Email adresses and email domain names are set in alignment by Posteo webmail with regard to the From header and the envelope from/Return-Path header email addresses.
Customers' domain names
Some Posteo legacy customers may choose to use their own email address e.g. in the From header of their emails.
Outbound DKIM Signing Policy
Posteo uses DomainKeys Identified Mail (DKIM). An email sent out from Posteo mail servers will be signed with a Posteo d=posteo.[tld] DKIM-signature if the email is submitted with an email address or alias (in the From, Sender or Reply-To header and in the envelope from) which is owned by the sending Posteo account and if date and time in the Date header are accurate. Customers may only use Posteo email addresses in the From, Sender and Reply-To header fields which are owned by the sending Posteo account. If a customer uses any other email address (e.g. their own email address containing a custom email domain name), the email won't be signed with a Posteo DKIM signature.
The following header fields will be signed, if all requirements are met: From, Reply-To, Sender, Subject, Message-ID, Date, To, Cc, MIME-Version, Content-Type, Content-Transfer-Encoding, Content-Disposition, Content-ID, Content-Description, Autocrypt and OpenPGP
The mailing list server signs with a d=lists.posteo.de DKIM-signature, if the From header contains the email address of the mailing list. The following header fields will be additionally signed: List-Id, List-Unsubscribe, List-Post, List-Subscribe, List-Help, Errors-To
Domain Alignment and DMARC
Posteo domain names used in the From header, in the envelope from/Return-Path header and for the signing DKIM domain (if DKIM-signed) are in strict aligment with each other. However, we have a DMARC "none" policy for Posteo email domain names, since DMARC is currently not recommended for mailbox providers. Outbound DMARC policies are primarily "best-suited for transactional emails and semi-transactional emails" (dmarc.org FAQ). At the present, DMARC has implications which do not meet customers' individual use of email.
Security of mail servers and the website: TLS, DNSSEC and DANE
All Posteo email and web services are secured by TLS 1.2 and 1.3, PFS, DNSSEC and (mandatory) DANE. Client access to Posteo services, STARTTLS, outgoing mandatory DANE, the Posteo TLS-receiving guarantee and the TLS-sending guarantee do not tolerate outdated encryption protocols such as SSLv3, TLS 1.0 or TLS 1.1. The fingerprints for the certificates in use can be found here. Posteo customers may decide on their own whether they want to send e-mails mandatorily with TLS and whether they receive only e-mails encrypted with TLS. However, incoming Delivery Status Notifications (DSN) are always accepted.
Inbound mail handling
Posteo mail servers perform certain checks before receiving an email.
- Posteo mail servers perform greylisting on incoming mail communication. You should expect brief delays when sending from unknown domains and IP addresses for the first time.
- Well known and highly reputated DNS blacklists help us to discard malicious emails.
- By default, the spam folder is deactivated at Posteo. Emails that have been identified as spam are therefore rejected by our server. Regardless, users can also activate the spam folder.
- Email attachments of the following types are rejected by default: .exe, .vbs, .pif, .scr, .bat, .cmd, .com, .cpl, .dll.
- We expect emails to be RFC-compliant and to be sent in a legal manner. In principle, we accept email messages containing redacted content for the purpose of anonymity.
- Where an email is rejected we expect the sending server to notify the sender.