The Email Security Year 2025: A Strategic Alliance with the BSI

For the Email Competence Group, 2025 was marked by a far-reaching partnership. Together with the German Federal Office for Information Security (BSI) and other supporters, it backed the “Email Security Year 2025” initiative launched as part of “Cybernation Germany” – a campaign that sends a strong signal in favour of secure digital communication.

At the first meeting of the Email Competence Group, Caroline Krohn (BSI) presented the joint “Secure Email” project. During this meeting, Sebastian Kluth from the CSA Certified Senders Alliance also discussed reply codes used by providers, and the group explored how these could be standardised.

This was followed by several events in collaboration with the BSI to rally the industry behind the new security standards. The series kicked off with a meeting on 20 March at the BSI, where an exclusive workshop for ESPs was held in the presence of BSI President Claudia Plattner. A further workshop for hosting providers and ISPs with Claudia Plattner took place on 7 April.

A third meeting at the BSI, aimed at networking and involving major DAX-listed companies, took place on 26 May. The Email CG supported this process on an ongoing basis. On 20 May, the CG held in-depth discussions on the strategic direction of the BSI project.

Further CG meetings followed on 12 June and 4 July, with policies and cooperation with the BSI among the items on the agenda. At the CG meeting in Cologne in July, the CG invited all participants involved in the “Secure Email” project who’d expressed an interest in technical support at the BSI meeting on 26 May to an open exchange and an opportunity to get to know one another.

Public Relations: Webinars, Podcasts and Media Presence

To communicate complex technical knowledge across the industry, the Email CG 2025 successfully utilised media channels such as the eco-podcast on the “Email Security Year 2025”. The focus was on the security of what remains the most important means of electronic communication. BSI President Claudia Plattner emphasised that effective phishing protection means intercepting malicious emails before they reach the user. Julia Janssen-Holldiek (CSA) also explained the strategic relevance of email standards, whilst André Görmer highlighted practical security solutions for smaller companies without large IT departments.

In addition, as part of the “Secure Email” year, eco organised a comprehensive series of webinars with the BSI. The first series was entitled “Who is reading my emails? Measures against Man-in-the-Middle attacks” and took place on three dates (15 April, 29 April and 13 May). Experts from the BSI presented the measures outlined in Technical Guideline BSI TR-03108. They explained how secure email transport protects against unauthorised reading and the manipulation of emails. The second webinar series focused on the topic “The BSI’s Email Checker – Secure email transport put to the test! ” (16 April, 30 April and 14 May). Together with BSI experts, participants learnt about the scope and functionality of the Email Checker. The Email Checker is a further development of a testing tool for TR-03108. Guidance was also provided on interpreting the results.

The campaign was accompanied by specialist articles, including the piece “Secure email starts with the sender” on the eco website, but also in specialist media such as heise.de. At an international level, CG Leader Patrick Ben Koetter also contributed to dotmagazine with the article “DNSSEC: Bridging the Trust Gap in the DNS Infrastructure”, emphasising the necessity of cryptographic signatures. Finally, a visible success of the joint campaign was the launch of the BSI Hall of Fame, which the BSI announced on 28 August 2025 with a call for applications to honour pioneers in secure email communication.

Internet Security Days (ISD) 2025: Practical Workshop on Email Security

Another key event in the reporting year was the Internet Security Days (ISD), which took place from 15 to 16 September. On the very first day of the event, the Competence Group organised a focused workshop under the theme “Email security for companies – from compliance to competitive advantage”.

Florian Bierhoff from the BSI began by highlighting the current state of email security in Europe. He outlined in detail the decision-making processes behind the BSI’s recommendations and introduced the Katti tool, which public authorities use to assess the state of domain security.

Daniel Strauß, CEO of InterNexum GmbH / nicmanager, then addressed the topic “Domain Security in Practice: DANE and Other Technologies Put to the Test”. He made it clear that domains remain one of the biggest blind spots in many security strategies – even though they are simultaneously a gateway, an identity marker and an anchor of trust. Using specific testing methods, he demonstrated the effectiveness of mechanisms such as DANE, DMARC and DNSSEC, and provided practical tips for identifying weaknesses and ensuring sustainable strengthening of trust.

Christoph Callewaert, Senior Associate at reuschlaw, provided the legal perspective with his presentation “Secure Email: The Impact of Current Case Law on Corporate Practice”. Drawing on recent court rulings, he worked with the audience to develop concrete solutions for how companies can navigate legal requirements in their day-to-day operations and ensure email security in a legally compliant manner.

The programme was rounded off by the presentation “Secure Email – A Report from the Field” by Steffen Siguda, Corporate InfoSec Officer at OSRAM GmbH. He clearly demonstrated how the introduction, ongoing surveillance and improvement of email security can be successfully implemented within complex corporate structures.

Guidelines, Best Practices and the Challenge of E-invoicing

In 2025, the Competence Group continued to review its documents and work on updating them. The group revised and published an updated version of “Best Practices for Email Marketing” on 18 February 2025 and “Selecting a DNSBL” on 25 July 2025.

New legal requirements also gave rise to a major operational focus: Since 1 January 2025, companies in Germany have been obliged to issue and receive electronic invoices in accordance with the EN 16931 standard. This e-invoice represents the digital format for invoices that enables automated and standardised dispatch.

It’s intended to increase tax transparency, optimise business processes and reduce errors – however, the most important prerequisite for this is its reliable delivery. A frequently used delivery channel for e-invoices is email, which places particular focus on deliverability via this medium for many companies. The Expert Group played a key role in shaping the strategic approach to this challenge to prevent essential invoices from ending up in spam by mistake.