Skip to main content
BusinessPrivate
LoginRegister now

Answers for private customers

The Knowledge Base for private customers is already largely up to date. A few individual articles are currently being revised and will be updated shortly. We thank you for your understanding and look forward to providing you with the latest information on using mailbox.

Please note: The Knowledge Base has changed slightly. Categories have been adjusted and any URLs stored in the old Knowledge Base are no longer valid.

Ensuring E-Mails are Sent Securely

Ensuring E-Mails are Sent Securely

Sending and receiving emails securely? We consider that important.
Whenever possible, we exchange emails with other providers over SSL/TLS-encrypted connections – provided that the other providers support this.

Normally, however, you unfortunately cannot rely on whether and how encrypted connections are used. With your secure mailbox, you can – with our service @secure.mailbox.org! Sometimes it is better not to send at all than to send unencrypted.

In addition to your normal email address me@mailbox.org, we also offer you the address me@secure.mailbox.org. You can use this address whenever you want to strictly enforce secure data transmission and prefer not to send information at all rather than accidentally sending it unencrypted.

A “real” encryption using PGP is the better way and is recommended by us. But sometimes PGP is unfortunately not available or unknown to the email partner. In these cases, you can fall back on your special email address @secure.mailbox.org. For example, for online portals, booking systems, short-term contacts, or for a quick mail to the hotel, the tax office, or other places where the term “PGP” is still unfamiliar.

Secure email reception

Emails to the address @secure.mailbox.org will only ever be received by us over encrypted connections.

Attention: If the other provider cannot send emails encrypted, the reception will fail. The sender will then receive the email to this address back as undeliverable.

Secure email sending

Send emails securely – without compromise: As soon as you have selected your alias @secure.mailbox.org as the sender address in the webmailer, our mail servers will send this email only via an SSL/TLS-encrypted connection. Such a connection must also be offered by the recipient’s provider, otherwise the email cannot be sent.

If the other side does not support encryption, the email transmission will fail. That is the purpose of the system.

You (i.e. the sender) will then receive the email back in your mailbox after a few seconds with a non-delivery notification. The respective sender will be unambiguously informed about the failed transmission.

In this case, you must consider how to transmit the sensitive information alternatively — and can be reassured that you did not accidentally send it unencrypted.

Such a security mechanism does bring certain limitations with it. You will only want to use your @secure.mailbox.org alias in specific situations. But you also know: with mailbox you at least have this option.

How to activate your secure mail alias

Log in to your mailbox Office and go to the menu Settings | Email encryption | Encrypted sending.

In the menu entry “Encrypted sending” you can activate your secure mail alias. Afterwards you can pass on this address to third parties and receive emails via it.

When writing emails in mailbox Office, you will see your personal mail alias @secure.mailbox.org as a special sender option in our webmailer.
Select this sender whenever you want to send emails definitely secure over encrypted connections.

Advanced configuration options for experts

The expert mode described below is only for users with in-depth knowledge of SSL/TLS. We strongly advise normal users against making settings in expert mode whose implications might not be clear to them.

We explicitly point out that the advanced encryption settings available here are often not supported by other providers and that these settings can result in emails often not being sent.

Real mail server experts can not only activate the normal secure mail alias in the administration menu, but also define a so-called TLS policy. If “just” encrypted SSL/TLS connections are not enough for you, you can define further security levels here:

  • encrypt: The mail must at least be normally SSL/TLS-encrypted. Only plain text transmissions are prohibited.
  • dane-only: A simple SSL/TLS connection is not sufficient, the SSL certificate of the other side must be verifiable via DANE.
  • verify: Sends emails only to providers whose SSL certificate we have explicitly stored.
  • LinkedIn icon
  • Mastodon icon
  • Bluesky icon
  • RSS icon

Heinlein Gruppe