De-Mail - Identity Giver of the Web

As quick as an eMail, safe as a letter, traceable as registered mail - the one for all! Germans paraphrase such phenomenon as an "eierlegende Wollmilchsau". The idea is to make electronic communication more reliable and safe - and, more importantly, legally. In legal interactions, most important is receipt of a message. This so happens to be the gravest disadvantage of the common eMail because the sender's identity cannot be reliably identified.


Admissible as evidence, eMails can only be serviced when the recipient expressly affirms receipt. That is why many companies still entrust contracts, invoices and reminders to good old "snail mail". DeMail is to change all this and the costly sending documents is doomed.

With some delay, in May 2011, the Act on De-Mail passed parliament. Publicly known providers have announced applications for accreditation when they are not already in accreditation proceedings. Only such providers will be accredited that have been approved by Federal Office for Security in Information Technology. These providers have to fulfill strict security and data protection conditions pursuant to the De-Mail Act.

De-Mail User Accounts

Even during the initial phase, most providers offer the possibility to reserve an eMail address for De-Mail. Once the provider is accredited, you can open a De-Mail user account. Before you receive this address, your identity will be checked. The provider determines the procedure. For foreigners, this will typically be the postIdent procedure. For this you will have to visit a post office in your vicinity and produce your passport and "polizeiliche Anmeldung (registration slip)" with your provider's letter instructing you to do so. The post office will then return the slip to your provider. Juristic persons, like GmbH & Co. will have to submit an excerpt from the commercial registry and the managing director will have to identify himself as a physical person. After all that your account will be activated and you can send eMails with a provable identity.

Security Levels

Depending on your wish of security and which functions are needed, you can choose between two security levels: "normal" and "high".

When you wish to login with just with your user name and password, the "normal" security level will be sufficient. The high security level requires next to your user name and password also a so-called "token". This double opt-in solution requires also a chipcard with an eID, a USB device, or a one-time password generator, which generates a new password for each time you login.


Correspondence via De-Mail will exclusively be possible among De-Mail participants. Standard transmission ensures that secrecy is not broken; contents and metadata (sender, time, etc.) cannot be changed. The function "arrival notice" proves the receipt of a De-Mail at the recipient. The time of receipt will be later forwarded to you. It will be signed with a qualified electronic signature. Such is very strong evidence. The high security level also provides further services like "personal" receipt; the recipient will only be able to read the message when he logs in on a high security level.

Encryption During Transfer

The transmission of messages via from De-Mail account to the recipient are encrypted. Not until the message arrives at the receiver, will it be decrypted and inspected for malware like viruses, Trojans, and the like. Here, i.e. during receipt, the eMail will be scanned for malware on the De-Mail servers. The server hosts have no access to the eMail.

End-to-End Encryption

When sending confidential messages, not only the encryption of transmission but also the encryption of the message itself is supported by De-Mail.

Critics remark that only this transmission conforms to the secrecy of telecommunication. The Federal Commissioner for Data Protection suggests to use end-to-end encryption when health insurance companies transmit health data.

Directory Services

In order to ease the encryption for user, the De-Mail providers are obliged to maintain and offer directory services. Such directory is to be used to store one's public key. Without explicit permission, providers are not allowed to accept data in such directories. In case you do not know the De-Mail address of the recipient, the provider will enable searching for that person.

Further Services

If you happen to lose your login data, you will be able to have it blocked. This will happen automatically when after several times a wrong username and password were used. Some providers will offer other gimmicks like a digital safe, smart phone apps, plug-in, etc.

Conclusion and Outlook

De-Mail has the potential to revolutionize electronic correspondence in legal affairs. Parliament has well considered to construct De-Mail as simple as possible. When forwarding important data, it would make sense to use the end-to-end encryption. Let us see what future has in store.

Additional information