In case of technical issues sending or receiving emails relating to Posteo mailservers, send a request to firstname.lastname@example.org or via our contact form. If you prefer encrypted and/or signed email communication please use our S/MIME or PGP key.
Abuse contact information
To report abusive behaviour originating from a Posteo email account, send an abuse report to email@example.com. Please add any form of evidence or other suitable information as a MIME attachment to your request or report. We accept automated abuse reports only in RFC5965/ARF format or as DMARC aggregate reports. Send ARF reports to firstname.lastname@example.org.
Posteo outbound and inbound mail server IP addresses
Below is a list of servers that send and receive Posteo users' email.
|DNS Name||IPv4 Address|
Official Posteo email domain names and SPF
These domain names are available to Posteo customers. We use the email domain posteo.biz for corporate purposes only. The email domain lists.posteo.de is used by the mailing list server. These domain names for email are intended to be sent only from the announced outbound mail servers. SPF TXT records for the Posteo email domain names document the sending email servers.
Email adresses and email domain names are set in alignment by Posteo webmail with regard to the from-header and the envelope-from/Return-Path email addresses.
Customers' domain names
Posteo customers may choose to use their own email address e.g. in the from-header of their emails. If you plan to implement a corresponding SPF record for your own domain, you can end it with a redirect=posteo.de mechanism, or add an include:posteo.de mechanism.
Outbound DKIM Signing Policy, domain alignment and DMARC
Posteo uses DomainKeys Identified Mail (DKIM). An email sent out from Posteo mail servers will be signed with a Posteo DKIM-Signature if the email is submitted with an email address or alias (in the from-header and envelope-from) which is owned by the sending Posteo account. If a customer uses any other email address (e.g. their own email address containing a custom email domain name), the email won't be signed with a Posteo DKIM signature.
Posteo domain names used in the from-header, in the envelope-from/Return-Path and for the signing DKIM domain (if DKIM-signed) are in strict aligment with each other. However, we have a DMARC "none" policy for Posteo email domain names, since DMARC is currently not recommended for mailbox providers. Outbound DMARC policies are primarily "best-suited for transactional emails and semi-transactional emails" (dmarc.org FAQ). At the present, DMARC has implications which do not meet customers' individual use of email.
Security of mail servers and the website
All Posteo email and web services are secured by TLS, PFS, DNSSEC and DANE. Client access to Posteo services, outgoing mandatory DANE, the Posteo TLS-receiving guarantee and the TLS-sending guarantee do not tolerate outdated encryption protocols such as SSLv3, TLS 1.0 or TLS 1.1. The fingerprints for the certificates in use can be found here.
Inbound mail handling
Posteo mail servers perform certain checks before receiving an email.
- Posteo mail servers perform greylisting on incoming mail communication. You should expect brief delays when sending from unknown domains and IP addresses for the first time.
- Well known and highly reputated DNS blacklists help us to discard malicious emails.
- Messages identified as spam are rejected – there are no spam folders in the users' mailboxes.
- Email attachments of the following types are rejected by default: .exe, .vbs, .pif, .scr, .bat, .cmd, .com, .cpl, .dll.
- We expect emails to be RFC-compliant and to be sent in a legal manner. In principle, we accept email messages containing redacted content for the purpose of anonymity.
- Where an email is rejected we expect the sending server to notify the sender.