Email Competence Group
Review 2024: Email Competence Group advances secure digital communication
The Email Competence Group is a key player of the German Internet industry, developing common standards for sending and receiving emails. The Email Competence Group brings together companies that represent a significant proportion of email traffic in Germany and neighbouring European countries. The group aims to efficiently solve technical challenges and coordinate new developments.
In order to meet the diverse requirements, the Competence Group defines standards that cover all relevant aspects of email communication – from protection against abuse to ensuring trustworthiness and deliverability. The group works confidentially, as many topics concern the security of the email infrastructure and participants often need to talk more openly about their systems than would be possible in a public setting in order to solve new challenges. However, participation is open to all eco-ISP members and qualified interested parties.
Proven experts lead the Competence Group: André Görmer (Mapp Digital Germany GmbH) represents the perspective of the email service providers (ESP), while Patrick Ben Koetter (sys4 AG) represents that of Internet service providers (ISPs). At the beginning of 2024, the Competence Group comprised 78 active participants from around 50 companies.
Professional exchange and new initiatives
An important initiative came from the eco member workshop in January 2024. The goal was to enhance the security of business email communication, prevent abuse and strengthen trustworthy digital identities in the corporate environment. Technical measures such as DMARC, S/MIME and a holistic approach to increasing trust and compliance were discussed.
On this basis, a concept for the broad implementation of secure email technologies in companies was developed. At the same time, the Competence Group revised the legal opinion on the compatibility of DMARC with the GDPR. The third version was published jointly with the Certified Senders Alliance (CSA) and submitted to the Federal Data Protection Commissioner for comment.
Another focus was the review of the revised Technical Guidelines TR-03108 and TR-03182 of the German Federal Office for Information Security (BSI), both of which were published in February. New additions included requirements for securing unused domains and greater emphasis on identity security in the email context – an aspect that the Competence Group also repeatedly emphasised in its discussions.
Visibility at professional events
One highlight of the year was the “Secure Email” workshop held as part of Internet Security Days (ISD) 2024. Patrick Ben Koetter (eco / sys4 AG) and Florian Bierhoff (BSI) joined other experts in highlighting current technologies such as DANE, DNSSEC, TLS, DMARC and S/MIME, as well as regulatory frameworks – including in the context of the NIS2 Directive. Practical examples demonstrated how companies can increase their cyber resilience by implementing secure email technologies.
The following day, the Competence Group hosted a panel discussion entitled “Secure Emails for Everyone”. The focus was on success factors, political framework conditions and technical challenges for the widespread implementation of secure email communication.
The Competence Group was also represented at it-sa 2024 in Nuremberg: André Görmer and Michael Weirich (eco) presented technical and organisational measures for “secure email communication in the corporate environment”. Their presentation of the same name was very well received and led to exchanges with IT.Niedersachsen, who shared their experiences at the following Competence Group meeting in November.
Technical implementation aids for secure email
As part of the “Secure Email” project, conducted in cooperation with the German Federal Office for Information Security (BSI), the Competence Group began developing technical documentation for DKIM, DMARC and SPF at the end of 2024. The goal is to provide practical assistance to interested companies and IT professionals to help them implement authentication mechanisms correctly and effectively.
Companies and professional users are invited to actively participate or provide feedback on the drafts. This ensures that the implementation aids remain practical and meet the real requirements in the corporate environment.
With its technical depth, close exchange with authorities and companies, as well as a clear focus on practical solutions, the Email Competence Group is making an important contribution to secure digital communication – today and in the future.
