Handling instruction: Use of e-mail client software

There are many supposedly local email clients that do not store access data and/or emails and calendar data on the end device itself, but in the cloud of the software provider. Access to TU Darmstadt e-mail servers is then not via a direct connection, but via a server of the provider.

Such a procedure violates the applicable information security guidelines of TU Darmstadt. The storage of access data on the software provider's servers violates TUDa's password policy in particular: “the disclosure of personal passwords to third parties is not permitted”. In addition, the storage of emails and their content on external servers fundamentally jeopardizes the confidentiality of sensitive data and contradicts EU GDPR-compliant use, as all (personal) data in the email inboxes is made accessible to the software provider.

The use of e-mail clients of this type is therefore prohibited for TUDa e-mail inboxes. This prohibition also applies to linking TUDa e-mail inboxes with the services of (cloud) e-mail providers that require the deposit of TUDa account credentials and / or retrieve customer e-mails on their behalf.

E-mail clients explicitly not permitted for use

The following is a list of email clients and apps which, according to current knowledge, exhibit this problematic behavior and may not be used at TU Darmstadt.. This list is not final and may be extended as further information becomes available. Problematic apps are added to the block list.

The unauthorized e-mail clients will be blocked on the central mail servers of TU Darmstadt on 01.02.2024.

Windows 10 and 11

The “new Outlook for Windows” (supplied with Windows; Outlook as part of MS Office is not affected, see Permitted email clients below).

Android /iOS

Mobile apps are affected particularly often.

App Developer
Outlook-App for iOS and Android Microsoft
Edison Mail Yipit
Xiaomi Mail / MiMail Xiaomi
Newton Mail Cloud Magic
BlueMail Blix Inc.
myMail VK
Mail.ru VK
Canary Mail Canary Mail
Spark Readdle

Cloud provider

Linking TUDa email inboxes with the services of (cloud) email providers that require TUDa account credentials to be stored and/or retrieve customer emails on their behalf is generally not permitted.

Permitted e-mail clients

The classic license-based Outlook program is not affected by the problem. This is part of the Microsoft Office package and retrieves emails directly from our servers without storing the login data in the Microsoft Cloud. You can use Outlook on Windows and MacOS in the current versions (2016, 2019 and 2021 as well as M365). Using the web-based version, the Outlook Web App (OWA), is also not critical.

Furthermore, Thunderbird (Windows, Linux, MacOS) and Apple Mail (Mac OS) should not be regarded as critical.

For iOS, we recommend using the preinstalled Apple Mail app.

As far as we are aware, the pre-installed standard Android mail apps are not affected by the security flaws, with the exception of Xiaomi Mail (see above). Alternatively, the Gmail app can be used on Xiaomi devices as well as on other Android devices. FairEmail, K-9 Mail or Nine – Email & Calendar are further alternatives.

If you want to use an alternative mail app, please inform yourself extensively about possible shortcomings in the app's data security beforehand.

If you also need to access shared calendars from colleagues on your cell phone, the best way to do this is via the Outlook Web App (OWA), which you can simply open via your browser.

What needs to be done?

If you have synchronized your mailbox with one of the problematic e-mail client applications, please update the e-mail configuration immediately. Uninstall the problematic application from your device. Please also change your TU-ID password due to the outflow of access data. You can find out how to do this and what you need to consider here. See in particular: Handout: Changing the TU-ID password. (opens in new tab)

Then set up e-mail access again with your new access data using one of the permitted e-mail client applications. You can find setup instructions here (the content of this page is only available in German).