BSI reconfirms the IT Security Labels for mailbox.org

2024-05-07

We are delighted that the German Federal Office for Information Security (BSI) has reconfirmed our three IT Security Labels. Our PREMIUM, STANDARD and LIGHT plans have been bearing the BSI's IT Security Label since 2022. The authenticity and up-to-dateness can be checked by scanning the QR code.

We are proud that we fulfil the BSI's requirements for consumer protection and security requirements – following the technical guideline "Secure e-mail transport" (BSI TR 03108, page in German) – as an e-mail provider, even after being re-tested. We did not have to make any changes to our systems for the audit.

PREMIUM-Tarif IT-Sicherheitszertifikat

IT Security Label for
mailbox.org PREMIUM

STANDARD-Tarif IT-Sicherheitszertifikat

IT Security Label for
mailbox.org STANDARD

LIGHT-Tarif IT-Sicherheitszertifikat

IT Security Label for
mailbox.org LIGHT

What is the BSI IT Security Label about?

The German IT Security Act 2.0 made digital consumer protection a primary task of the BSI, who officially presented their "IT Security Label" in February 2022. The aim is to promote digital consumer protection and more straightforward consumer orientation when it comes to product security. Companies can apply for the security label by submitting a declaration about the security features of their services, which the BSI will then check for completeness and plausibility. This procedure has been successfully completed by mailbox.org.

Which security aspects were checked?

We have provided the BSI with a range of information about the security features guaranteed by mailbox.org, including:

Transport encryption
We use the common IMAP, POP3 and SMTP protocols, with transport encryption enabled. Whenever possible, the latest TLS 1.3 standard is employed.
Server location Berlin
We operate our own infrastructure across two independent data centres.
Protection of user data
The principle of data economy is very important to us, and we allow anonymous registration and payment for our services. All our systems receive updates on a regular basis so that any emerging vulnerabilities get fixed as soon as possible. We also enforce a strict policy for the creation of strong passwords. Login procedures are protected against brute force attacks, and further by optional two-factor authentication (2FA) for private customers. The "Have I Been Pwned" service is integrated and alerts users in the event that their email addresses get compromised in data breaches around the Web.
Secure data transmission
In addition to TLS transport security, all private mailbox.org customers have access to @secure.mailbox.org addresses. These enforce the use of transport encryption, without which e-mails will not be transmitted at all. Our systems also use the network protocol DANE (DNS-based Authentication of Named Entities) that further enhances the TLS standard. All mailbox.org customers also benefit from SPF and DKIM, which are additional protection measures and can even be configured to work with custom domain names.