The foundation for your
digital communication.
Protecting your company's online identity – email and domain security
The BSI Email Security Year 2025 and why
Email security is now a top priority.
The BSI Email Security Year 2025 and why
Email security is now a top priority.
Email is still one of the most important communication and branding channels, but what few people know is that at the same time, emails and the associated domains are the number one attack vector for criminals.
Cybercriminals use various methods, such as spoofing and phishing, to enrich themselves, causing billions in damage. Without proper email authentication, cybercriminals can impersonate executives to employees or customers, or send mass spam emails in your name. One fake supplier invoice is enough to wipe out five-figure sums in a matter of minutes.
But even the Internet's phone book, the DNS, can be easily manipulated without protection, for example to redirect visitors to a website to a fake site. Visitors and site operators themselves often don't notice this for a long time, which leads to high business losses and a loss of trust. These are just a few examples of the numerous ways in which emails and domains can be used to cause damage.
That's why email security is so important and often underestimated:
- CEO fraud and supplier fraud through fake senders
- Brand phishing & misuse of from name/logo
- DNS manipulation & domain hijacking
- Misconfigurations at SaaS senders
- Payment and revenue losses, SLA violations
- Reputation loss & legal consequences
- Block lists, deliverability slumps and SEO problems
- Obligations to provide evidence to customers & supervisory authorities
BSI standards for email security
In the BSI Email Security Year 2025, SPF, DKIM, DMARC (authenticity) as well as MTA-STS/TLS-RPT and
DNSSEC/DANE (transport & infrastructure) will take center stage, with clear recommendations for action.
*Source: BSI survey 2025 “Awareness of email security in the Cybersecurity Monitor 2025”
Figures in % | Multiple answers possible | Basis: n = 3,061
Q34a: Imagine you receive an email. Which of the following scenarios do you consider (technically) possible?
Where you stand: the domain security score, explained
The domain security score measures your status from 0 to 100 based on the components sender traceability, acceptance rules, transport, domain/zone operation, and monitoring.
Target range: ≥ 80 points.
Below this, there remains an unnecessary attack surface.
Diese Maßnahmen für sichere E-Mails
sollten laut BSI alle Organisationen umsetzen.
Diese Maßnahmen für sichere E-Mails
sollten laut BSI alle Organisationen umsetzen.
The BSI awarded silver or gold status to organizations that complied with the requirements.
We (nicmanager / InterNexum) were awarded gold status in the “Hall of Fame of Email Security” this year and will show you how you can achieve the same security standard.
Here you can see the necessary measures and which BSI guidelines they are based on.
Complies with: TR-03182 Email Authentication
Basic protection
Secure the foundation
Basic protection
Secure the foundation
Complies with: TR-03108 Secure Email Transport
Silver status -
Protect transport
Silver status -
Protect transport
Gold status -
Strengthen your foundation
Gold status -
Strengthen your foundation
What do I need to do now?
The 3-step plan for excellent email security
in just 8 weeks.
What do I need to do now?
The 3-step plan for excellent email security
in just 8 weeks.
We have put together a clear 3-step plan for you
that will help you achieve optimal email security in 8 weeks.
From basic protection to gold status, quick to understand, measurable, and easy to implement
–
based on the technical guidelines of the BSI.
BSI TR‑03182 (e-mail authentication) and BSI TR‑03108 (secure email transport)
Stage 1: Eliminate errors, implement basic security measures
Inventory of all sending domains and tools;
Eliminate obvious configuration errors;
Set clear acceptance limits.
Result: noticeable jump in score; less obvious junk in the inbox; initial delivery problems with legitimate emails decrease.
Stage 2: Fine-tuning and binding rules
Tighten rules;
Consistently reject counterfeits;
Standardize sender addresses; daily monitoring.
Result: fewer false alarms, more stable delivery; the score continues to rise.
Level 3: Goal achieved, operation established
Rules and transport security are running in regular operation;
Responsibilities, change windows, and playbooks are in place;
Key figures in the management report.
Result: Audit-ready evidence for management, supervisory authorities, and partners.
Ceremonial honor “Hall of Fame of Email Security” at the Federal Office
From left: Prof. Dr. Norbert Pohlmann (eco), Susanne Dehmel (bitkom), Karina Göthlich-Strauß (nicmanager), Daniel Strauß (nicmanager), Claudia Plattner (BSI) | Photo: bitkom
If you need support, we are here for you. Take the first step with a free analysis call.
Email security can seem quite complex, and implementing BSI standards is a real challenge for many companies. But you don't have to tackle it alone.
As a Gold Status member of the BSI Hall of Fame, partner of the Alliance for Cybersecurity, and official supporter of the BSI campaign “Email Security Year 2025,” we are one of Germany's leading providers of secure email infrastructures.
Why we are the right partner for you:
- Award-winning & recognized – BSI Hall of Fame Gold status
- Network & expertise – Partner of the Alliance for Cybersecurity
- Made in Germany – Solutions developed and operated in Germany
- Practical – measures that work immediately and ensure compliance
We will work with you to carry out a free email security check on a domain of your choice to clarify where you are already compliant and where there is still room for improvement.
Lookup and generator tools
Discover more nicmanager tools and improve your domain and email security and delivery rates.
