Product Security

  • GRI 417-1

United Internet offers users solutions for secure, data privacy-compliant internet-based communication and cloud services. The Group’s “E-Mail made in Germany” and “Cloud made in Germany” initiatives underscore its commitment to ensuring the secure dispatch and receipt of private e-mails, and to protecting digital privacy in the cloud.

High Security Standards for E-mail Accounts

Our e-mail portals and the related cloud storage at GMX and WEB.DE allow people to access internet services and to participate in the digital day-to-day world. Protecting our customers’ data is our top priority here. E-mails and data are processed in line with the European Union’s General Data Protection Regulation (GDPR) and are stored solely in Germany in line with German data protection requirements. We are working together with other companies in data security initiatives such as “E-Mail made in Germany” and “Cloud made in Germany”, so as to actively help shape security standards for protecting sensitive data in our market environment.

The De-Mail standard – a state-approved, legally valid method of e-mail communication – was introduced in 2012. GMX, WEB.DE, and 1&1 have been accredited De-Mail service providers since 2013, and have also been qualified trust service providers pursuant to the EU’s eIDAS Regulation (Regulation on electronic identification and trust services) since 2016. The eIDAS Regulation creates an EU-wide standard for unique electronic identification, digital signatures, and cross-border data transfer. In addition, our portals with their single sign-on system, which is based on our De-Mail infrastructure, have been approved as identity providers under the German Online Access Act (Onlinezugangsgesetz – OZG). Since September 2022, we have offered customers of Telekom’s discontinued De-Mail service the option to migrate to 1&1. To do this, we enhanced the De-Mail system and adapted it to meet large customers’ requirements. This move both gave us access to this new target group and permitted ongoing cooperation with multipliers. This is helping to further spread this secure, mandatory electronic standard in Germany and to increasingly replace paper-based communication.

We are also working continuously to improve our recognition and filtering of spam – unsolicited or harmful messages – so that these do not reach our users in the first place. In the 2022 reporting period, we were able to increase the proportion of spam mails that were recognized and filtered out by our proprietary spam scanner from 33% to 47% – a rise of 14 percentage points – thanks to the use of new methods and data science. Spam can be anything from dangerous or harmful e-mails aimed at distributing viruses or at phishing down to unsolicited mails such as frequent mass mailings for advertising purposes.

To achieve this result, we developed a proprietary spam scanner in 2022 that is customized for our services and that uses machine learning techniques, among other things. Machine learning help us to better identify e-mail accounts that are controlled by botnets, so as to prevent spam mails from being distributed in this way.

Another way of improving our spam recognition is to train our artificial intelligence functionality using feedback from users who move e-mails manually to the WEB.DE and GMX spam filters. This allows us to protect users faster and more effectively against new types of spam. It goes without saying that users must have agreed to this in advance. The data is used strictly for its intended purpose and is processed in accordance with the provisions of European data protection law. A total of 691,543 customers gave their approval for enhanced spam recognition of solicited e-mails in the 2022 reporting period (2021: 573,401; 2020: 376,207). The figure for unsolicited e-mails was 845,699 (2021: 687,466; 2020: 454,400).

Measures taken allowed us to significantly increase both the relevance of incoming mails and the security of e-mail usage for our customers’ benefit.

Secure E-commerce

Customer trust is a critical factor in e-commerce. In addition to concerns about the security of their personal data, consumers have questions regarding the reliability of online transactions, providers’ delivery capability, and online services. This is why we take the measures necessary to allay any consumer concerns and to enhance their trust in us.

IT security audits are becoming more and more of a focus every year. Among other things, TÜV Saarland regularly audits the online shops run by Drillisch Online’s core brands (maXXim,, simplytel, PremiumSIM, winSIM, yourfone,,, Free-Prepaid, and Galaxyexperte). This certification also helps us implement the GDPR’s technical and organizational security requirements.