Email made in Germany

from Wikipedia, the free encyclopedia

E-Mail made in Germany is an initiative launched by various Internet service providers in Germany with the stated aim of making the exchange of e-mails in Germany more secure.

background

The initiative was launched in August 2013 in response to the 2013 surveillance and espionage affair. According to their own information, the participating providers want to encrypt the data traffic between the mail servers and the data centers of the companies involved . Since April 29, 2014 only SSL -encrypted mails are transported.

Attendees

Founding members:

Other certified members:

According to its own information, the initiative is "open to other partners who are ready to commit themselves permanently to compliance with our security rules under their e-mail domain."

function

According to the initiators, the e-mail traffic between the participating providers is always SSL-encrypted. This should happen automatically when a webmail service is used. If the user uses a local e-mail program on his computer, the data traffic between the user's computer and the provider is a weak point, so it is officially recommended to activate SSL in the program settings. Since April 29, 2014, all mail accesses can only be used with SSL encryption.

When sending an e-mail to another provider that does not participate in e-mail made in Germany , especially with all foreign providers, the encryption can no longer be guaranteed. If you use the webmail interfaces or the own mobile apps of the participating providers or the corresponding extension for Outlook , e-mail contacts within the E-Mail made in Germany network are marked with a green tick. This should give the user orientation and signal trustworthiness.

In October 2013, it was also announced that Deutsche Telekom is also striving to no longer transport data traffic between the participating participants via data centers located abroad. Most of the German providers were already peering before this date .

criticism

In two press releases, the Chaos Computer Club (CCC) criticized the faulty and inadequate encryption of email made in Germany as being predominantly "effective for advertising". In particular, it should be noted that the SMTPS method used for transport encryption has been standardized as RFC for more than 10 years . Thus, only omissions would be made up. In December 2013, the CCC also showed that the encryption had not been fully implemented.

The e-mail providers Posteo and mailbox.org , as well as the specialist publisher Heise online , also criticize the fact that the Inter Mail Provider Trust procedure , with which servers in the network e-mail made in Germany authenticate each other, is opaque and an artificial isolation generate. With DANE an open standard (from August 2012) would be available as an alternative with which the trustworthiness of the communication partners and the integrity of the encryption could be ensured. With a view to DANE, the question arises as to whether the certification costs for providers who want to join E-Mail made in Germany are not an unnecessarily high hurdle.

The e-mail provider mailbox.org announced on its website that the initiative could in theory accept all providers, but "in reality the participation of other providers is systematically prevented". For several months, an application to participate has been ignored by the major initiators, and one wonders whether the "'E-Mail made in Germany" is just a marketing bubble ".

In addition, providers in Germany have to release data traffic or individual messages after a court order.

See also

Web links

Individual evidence

  1. "E-Mail Made in Germany": SSL encryption for (almost) everyone , heise online, August 9, 2013. Retrieved on October 13, 2013.
  2. a b Standard for Secure Email , Retrieved September 3, 2014.
  3. Official directory of participants . Retrieved April 17, 2018.
  4. Identification of secure communication for email made in Germany . Retrieved May 21, 2014.
  5. Telekom wants to shield Internet traffic from secret services , October 12, 2013. Retrieved October 13, 2013.
  6. ^ "E-Mail Made in Germany": The summer fairy tale of secure e-mail , August 9, 2013.
  7. Bullshit made in Germany: Chaos Computer Club warns of fraudulent packaging "E-Mail made in Germany" , December 28, 2013.
  8. RFC 2487 SMTP Service Extension for Secure SMTP over TLS http://tools.ietf.org/html/rfc2487
  9. RFC 3207 SMTP Service Extension for Secure SMTP over Transport Layer Security
  10. 30C3 lecture: Bullshit made in Germany http://media.ccc.de/browse/congress/2013/30C3_-_5210_-_de_-_saal_g_-_201312282030_-_bullshit_made_in_germany_-_linus_neumann.html
  11. Finally: connection encryption with other mail providers from August 9, 2013 at Posteo . Retrieved May 16, 2014.
  12. Posteo supports DANE / TLSA from May 12, 2014 at Posteo . Retrieved May 16, 2014.
  13. a b "E-Mail made in Germany" systematically prevents the participation of other providers ( memento of the original from May 17, 2014 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. at mailbox.org, May 15, 2014. @1@ 2Template: Webachiv / IABot / mailbox.org
  14. Encrypted mail transport: Posteo is the first provider to use DANE from May 12, 2014 on Heise online . Retrieved May 16, 2014.
  15. This is how E-Mail made in Germany from May 12, 2014 works on Heise online . Retrieved May 16, 2014.