The total number of enquiries in 2025 was 74, a decrease on the previous year. As in 2024, mailbox received the majority of requests by email, encrypted with PGP. Unauthorised requests for information are consistently rejected by mailbox. In 2025, unencrypted requests were corrected by the investigating authorities in 15 cases, meaning that mailbox answered a total of 56 requests last year. 18 requests were not corrected and were rejected due to various deficiencies. As in previous years, the most common reason for rejection remains the unencrypted transmission of the request.
Unencrypted requests for information are not permitted
mailbox has a standardised process for processing and responding to requests for information from the authorities. Each request is comprehensively reviewed and evaluated by the data protection officer and lawyer and answered or rejected accordingly. In the event of a rejection, the authority can correct its request. In any case, mailbox will only release data if the request is lawful and error-free.
"Data protection and information security are a priority for mailbox. We also adhere to the strict requirements of the Federal Network Agency (Bundesnetzagentur) for requests for information from authorities, which stipulate that requests must be encrypted," explains Balint Gyemant, Chief Product Officer at mailbox. However, of the 63 enquiries sent to mailbox by email, 27 were unencrypted. A further six were unauthorised for other reasons, and mailbox received five requests by post. "It is pleasing that we received no more enquiries by fax in 2025. This was still the case until 2024, although requests for information by fax have actually been prohibited since 2021," says Balint Gyemant.
Who requested which data?
The majority of requests in 2025 came from German authorities. Only three requests were made by authorities from other EU countries and one request was made by an authority outside the EU. 72 requests for information were made in the context of criminal prosecution, two by intelligence services. Requests for inventory data were the most common type of request, including telephone number, name and address of the owner, contract details and tariff characteristics.
Only two requests related to a mailbox seizure, in which all emails in the account's mailbox are confiscated. In 2025, mailbox did not receive any traffic data queries (including IP addresses from which logins to the mail server take place or from which emails were sent) or requests for telecommunications surveillance (temporary monitoring of all emails received and sent and the entire account).
