Secure email transport required by the German Federal Office

May 26, 2016

This important document has been developed over the past nine months by a working group consisting of both BSI employees and representatives from assorted email providers including your very own Open-Xchange.

We worked with the government to outline the specifications behind the guidelines, and shape the necessary security requirements for service providers in Germany. The document mandates email providers to implement a number of security measures including:

the need to be ISO/27001 certified, or to have an IT security concept under the Telecommunications Actmandatory use of DNSSECprotection of the SSL certificate by DANEthe obligation to actively report security incidentsthe requirement to inform users if emails have been sent or received from certified participants

The working group debated long and hard on whether DANE/DNSSEC could be required as standard and this was only accepted in the group’s last meeting, a month before the final guidelines were published. Even though the document doesn’t mandate the need for end-to-end encryption, (something we lobbied hard for!) it is a major step in the right direction for the security of German email nonetheless.

This overview shows the components that participate inthe infrastructure and their communication relationships to each other.

One thing to note is that, as of today, the process for acquiring the certification of Email Service Provider is not yet defined. However, the government should be careful as it outlines this process as if this proves to be prohibitively costly or time intensive, many providers may simply choose not to certify their email service as secure. As well as putting smaller providers at a disadvantage, such a process could negatively affect consumers, limiting their choice or providers, and ultimately damaging the secure email market.

We at Open-Xchange have been pushing for a unified, certifiable approach to secure email transmission for over a year. The BSI guidelines now reflect our own standards and requirements and stand as vindication for our efforts.

About the author

The Editorial Team

The Editorial Team

Open-Xchange news and announcements

Categories

Related Articles

Dovecot Pro and Lua

As 2019 begins, we at Open-Xchange would like to provide you with an update and a few details regarding the latest Dovecot...

Michael Slusarz Feb 14, 2019

From Latin America to the Far East

The summer of TES in 2018 goes all around the planet – and for a project that was born in the heart of Europe, this is a...

Vittorio Bertola Aug 28, 2018

Boost your revenue with OX Display v1.4

A few weeks ago we introduced you to the three monetization solutions for OX products. Today we are pleased to announce the...

Florian Steps Jul 18, 2018

Open-Xchange releases new major versions of OX App Suite, OX...

We are excited to announce the release of three new major product versions: OX App Suite and OX Documents are now available...

Stephan Specketer Jul 4, 2018