19.09.2008

New regulation to improve availability and information security of e-mail services

FICORA has revised its regulation which imposes obligations on providers of e-mail services in order to ensure information security and functionality of e-mail services. The most important changes concern the protection of connections between the customer and server, management of e-mail addresses, and filtering of malicious e-mail traffic.

An e-mail service provider must now provide, as the primary alternative, the customers with a protected connection between the customer and e-mail server. The change promotes mobile use of e-mail services also from outside the service provider's own network, such as mobile broadband subscriptions.

The requirement also prevents usernames, passwords and e-mail messages from being disclosed to third parties when the customer reads his or her e-mail through, for example, an unprotected WLAN network.

In the future, an e-mail service provider must mark or filter the e-mail traffic it identifies as malicious. The e-mail service provider must, however, ensure that the measures it uses compromise the customers' communication possibilities as little as possible.

The filtering requirements help to decrease the load of the e-mail service and enhance the delivery of legitimate messages. This means also better service quality and information security.

A new obligation is a three months waiting time, which means that an e-mail service provider must not transfer an e-mail address to a new customer until three months has passed since the e-mail address became vacant. An e-mail service provider must also have an operations model for managing problem situations related to misleading e-mail addresses.

FICORA's regulation 11 A/2008 M on information security and functionality of e-mail services is available in English on the website www.ficora.fi.

Further information:

Head of IP networks Sami Kilkkilä, tel. +358 9 6966 889, +358 400 717 560