Navigation and service

BSI - Federal Office for Information Security (Link to homepage)

Procedure for communicating via De-Mail

How do I get an account?

  1. The user selects the service provider of their choice and registers with them. As part of this process, the user gives their personal details and is assigned a De-Mail address.
  2. After registering, the user has their identity verified by providing a valid identification document. This allows the data supplied by the user at registration to be verified and confirmed.
  3. After the data for the account has been confirmed as correct, the De-Mail account is enabled and available for the user to use.

Institutions can apply to a service provider of their choice for a subdomain to "de-mail.de", which they can use as a De-Mail address.

How do I use my account?

Logging in to the account

There are two different types of login available, as outlined briefly below:

"normal" level

  • User name and password
  • Not all delivery options are available
  • There is a risk of the password falling into the "wrong" hands

"high" level

  • Two-factor authentication

    • Makes use of possession and knowledge
    • E.g. new ID document
  • Lower risk of misuse
  • Additional delivery options are available and account data can be modified

Sending messages

  1. The user creates their message in a web interface or their message client.
  2. The message is transmitted to the service provider via an encrypted channel. This channel ensures the data is encrypted on its journey from the sender to the service provider and cannot be be manipulated.
  3. The sender's service provider accepts and processes the message. The message is saved in the sender's mailbox as a sent message and checked for malware, viruses and so on. After that, a confirmation of dispatch is issued, if required, and metadata is added (including data integrity protection).
  4. Once it has been processed, the message is transmitted to the recipient's service provider. The message content is encrypted and the message is also transmitted via an encrypted channel.
  5. The recipient's service provider accepts the message from the transport channel. The service provider checks that data integrity is protected and saves the message in the recipient's mailbox. If the sender has chosen to receive a confirmation of receipt for the message, this is created and sent accordingly.
Ablauf der Kommunikation über De-Mail

Reading messages

  1. The user opens their inbox, where they can see an overview of available messages. Only those messages that the user can read according to their current login level are displayed.
  2. The user can then select and read a message in the same way as with previous e-mail solutions.
  3. The user can also forward or reply to the message.

What functions are available with De-Mail?

  • Confirmation of dispatch (proof that I have sent a message)
  • Confirmation of receipt (proof that the recipient has received (not read) the message)
  • Private (recipient must be logged in with level "high" to read the message)
  • Authoritative (recipient receives confirmation that the sender was logged in with level "high")

Similar topics

Back to De-Mail