mailbox.org received the BSI IT Security Label

We are pleased to announce that mailbox.org has received the new IT Security Label issued by the German Federal Office for Information Security (BSI). The IT Security Label is an official recognition of the standards with which e-mail providers meet the requirements for consumer protection and IT security that were defined by the BSI.

As of today, our PREMIUM, STANDARD and LIGHT price plans bear the BSI's IT security label, which can be confirmed with a QR code.

The IT standards at mailbox.org met the requirements of the technical guideline "Secure E-Mail Transport" (BSI TR 03108, page in German) right away - we did not need to make any changes to our systems after the audit in order to receive the award.

What is the BSI IT Security Label about?

The German IT Security Act 2.0 made digital consumer protection a primary task of the BSI, who officially presented their "IT Security Label" in February 2022. The aim is to promote digital consumer protection and more straightforward consumer orientation when it comes to product security. Companies can apply for the security label by submitting a declaration about the security features of their services, which the BSI will then check for completeness and plausibility. This procedure has been successfully completed by mailbox.org.

Which security aspects were checked?

We have provided the BSI with a range of information about the security features guaranteed by mailbox.org, including:

1. Transport encryption
   We use the common IMAP, POP3 and SMTP protocols, with transport encryption enabled. Whenever possible, the latest TLS 1.3 standard is employed.
2. Server location Berlin
   We operate our own infrastructure across two independent data centres.
3. Protection of user data
   The principle of data economy is very important to us, and we allow anonymous registration and payment for our services. All our systems receive updates on a regular basis so that any emerging vulnerabilities get fixed as soon as possible. We also enforce a strict policy for the creation of strong passwords. Login procedures are protected against brute force attacks, and further by optional two-factor authentication (2FA) for private customers. The "Have I Been Pwned" service is integrated and alerts users in the event that their email addresses get compromised in data breaches around the Web.
4. Secure data transmission
   In addition to TLS transport security, all private mailbox.org customers have access to @secure.mailbox.org addresses. These enforce the use of transport encryption, without which e-mails will not be transmitted at all. Our systems also use the network protocol DANE (DNS-based Authentication of Named Entities) that further enhances the TLS standard. All mailbox.org customers also benefit from SPF and DKIM, which are additional protection measures and can even be configured to work with custom domain names.

The BSI IT Security Label could be an important first step towards more secure e-mail

Will the new security label make e-mail providers more secure? We are not sure about that. But we do think it will make it easier for consumers to choose trustworthy providers. In our opinion, the requirements for the BSI IT Security Label correspond to basic features that every e-mail provider who cares about data protection should fullfil.

We at mailbox.org help our customers to make their private and business communication as secure as possible. However, there is also something that users can do from their end. Consider that an unencrypted e-mail is as private as a normal postcard – everyone could read it if they make the effort. Only by adding encryption can you put your message into a sealed envelope. Ultimately, everyone can make decisions about how secure they want their own communication to be. Learn more about how to encrypt e-mails at mailbox.org in our knowledge base, and also find out about how security and data protection works at mailbox.org, and how to set up SPF and DKIM for your custom domain name.