Your data is exposed to new threats every day. That's why we do everything we can to protect your communications and information as best as possible. With state-of-the-art email encryption, continuous monitoring and innovative security procedures, we offer you a secure digital space. Trust in the expertise of our specialists – we make no compromises when it comes to your security.
Encryption
We use SSL/TLS-encrypted connections: DigiCert security certificates can be recognised by the green padlock in your browser's URL bar. You also have the option of encrypting your emails with S/MIME and PGP.
Extended security protocols
We were one of the first providers to secure our domain using DNSSEC and DANE/TLSA. Procedures such as HSTS, CAA, CSP, MTA-STS and X-XSS effectively prevent so-called "man-in-the-middle" attacks and ensure users are actually communicating with our servers when using SSL/TLS.
State-of-the-art crypto algorithms
Our specialists monitor all developments and reliably shut down insecure processes. We consistently rely on (EC)DHE algorithms with Perfect Forward Secrecy (PFS).
Certified security
ISO 27001 and BSI C5
ISO 27001 is the international standard for information security. It confirms that a company protects data and systems with structured security management and actively manages risks.
BSI C5 is the cloud criteria catalogue of the German Federal Office for Information Security. A C5 certificate proves that a cloud provider works according to tested German cloud security criteria.
BSI IT Security Label
Our security mechanisms are officially recognised by the German Federal Office for Information Security (BSI). The IT security label that we received confirms that mailbox meets the BSI's consumer protection and security requirements for email providers.
In accordance with the requirements of the technical guideline "Secure email transport" (BSI TR 03108), our PREMIUM, STANDARD and LIGHT plans bear the BSI's IT security label, which can be checked by scanning the QR code.
Safety & comfort
We are constantly rethinking email and security, solving problems and enabling our users to have a say when it comes to the security of their emails. This is shown through the many innovations we have introduced in recent years.
TLS Checker
Our TLS checker in the webmail client. Before sending out an email, users can find out if the message will be encrypted using SSL/TLS. And if so, how good the encryption offered by the receiving server is. We can also guarantee that this security level cannot be compromised by manipulation.
Learn moresecure.mailbox.org
In addition to your normal email address @mailbox.org, we also offer secure aliases @secure.mailbox.org. Everyone can use a secure alias address whenever they want to make mandatory the secure data transmission using SSL/TLS transport encryption. That means a message is only transmitted if encryption can be guaranteed – it will not be sent without.
Learn moreSingle Sign-On (SSO)
With Single Sign-On (SSO), you only need to log in once to access all mailbox services. This allows you to switch seamlessly between email, user forum, support, and other services while increasing security through central authentication. This saves you time and makes your daily use of your mailbox account more convenient.
Two-factor authentication (2FA)
Two-factor authentication (2FA) adds a second security factor to your password, such as a code from an authenticator app. We also offer special email app passwords – individual login details for email apps that can be created separately and blocked if necessary. Together, these measures create a multi-layered security system for your email communications.
Encryption at mailbox: PGP and S/MIME
At mailbox, you can encrypt your emails using PGP and S/MIME. Our commitment to email security goes even further: We are a founding member of the “TES – Transport Email Security” initiative. We also developed new procedures in the “Keys4All” project, in collaboration with the Fraunhofer Institute, the Independent State Centre for Data Protection, the Berlin University of the Arts, and the University of Kassel, among others, to develop new techniques for providers to provide and automatically exchange public PGP keys between users reliably. This development is now part of the WKS/WKD standard by the GnuPG project.
Encrypt and sign emails with S/MIME
Confidentiality, integrity, authenticity
Encrypting your email with S/MIME protects the content of the message from unauthorised access or interception. Thanks to S/MIME signing, the recipient can verify that the email actually originates from the respective sender.
Digital signature
Integrate your valid S/MIME certificate into mailbox Guard to automatically sign and encrypt emails.
Supported certificates
A list of compatible S/MIME Certificate Authorities allows you to select trusted, supported certificates for signing and encrypting your messages.
Encryption with PGP: Keeping private matters private
Guard: PGP in the webmail client
PGP in the webmail client, without the need for additional software. You can access your emails securely at any time, even when using other computers or public internet terminals. For any recipients who do not use PGP, the mailbox Guard can automatically set up https-secured guest mailboxes that are hosted with us.
Mailvelope: The browser plugin
Do you prefer to save your private PGP key exclusively on your local machine? Simply install the browser plugin "Mailvelope" (e.g., in Firefox or Chrome). This is fully supported by our webmail interface.
The encrypted mailbox
Is your INBOX full of sensitive but unencrypted emails? Upon request, we can subsequently encrypt unencrypted emails with your own PGP key that were received or sent by you. This keeps your data safe even in the event of password theft.
PGP-Key-Server
Simplified key exchange: To simplify encrypted communication via email, we operate our own PGP key server (HKPS). At mailbox, external communication partners can automatically retrieve the public and verified PGP keys of our users from our key server.
How we protect your data
- Anonymous registration
- No advertising and no exploitation of user data
- Anonymous payment options by cash, by post, or by cash deposit into a bank account
- Clearly communicated storage and deletion periods for log files and connection data
- Anonymised mail headers that do not contain user information about IP addresses or software used
- Aliases and disposable email addresses
- The strongest encryption whenever possible
- A certified data protection officer
German data protection law is one of the strictest in the world - and we think that is a good thing. Protecting personal and business data is our mission. At mailbox, we only collect the data that is required for the technical operation of our service. If it is possible to achieve something without collecting user data, then will seek ways to make that possible. In our privacy policy, we explain clearly and transparently which information we need to operate your mailbox securely.
Our servers are located exclusively in Germany (Berlin), as this ensures German data protection law and the European GDPR apply. A TÜV-certified data protection officer monitors compliance with data protection regulations.
Spam and virus protection
A team of two dozen administrators maintains the systems in the background, analyses the volume of spam and viruses received and keeps all filter systems up to date. This is how we protect your mailbox from spam, viruses and trojans. If desired, suspicious emails can even be rejected outright. This is easier for you, saves time, and helps avoid legal trouble.
The spam-free mailbox
With mailbox, you benefit from our innovative spam filter technologies. In the background, we take many steps to ensure that spam does not penetrate our systems in the first place and thus, prevents these messages from clogging up your mailbox. This conserves resources, saves computing power, and ultimately also reduces power consumption.
Multi-stage virus protection
All emails are scanned multiple times for possible malware using different methods. We also recognise viruses by the type, by whom and how they are sent. This enables us to filter viruses that normal anti-virus software cannot yet detect.
Legal certainty
Users can be held responsible for the receipt of certain emails, even if these ended up in their spam folder.
At mailbox, we instantly check for spam and viruses upon arrival and reject such content right away. That means there is legal certainty about which emails you have actually received and read, and which you have not.
We may be small in size but a big player in IT security
Secure and free communication is not just an empty phrase for us - it has been our “source code” for decades. We are Linux experts, and reliable partners for businesses, public institutions and private individuals. We are happy to share our knowledge with everyone as part of our mission.
