For the IT user

How to recognize our messages and what to look out for.

E-mails are fundamentally not a secure means of communication. The structure of an e-mail corresponds to a common letter, which means that the sender can be entered/falsified as desired. The recipient can therefore not check the correct sender of an e-mail without further action. 

Evonik always uses the domain (trailing section of an e-mail address after the @ sign) or <xyz> as the sender (e.g. However, e-mails with these senders are not safe per se, as they can also be easily faked. Conversely, however, an Evonik e-mail with a different sender is a very good indicator of a bad forgery. This applies in particular to similar-looking domains such as,, or

So as a matter of principle, do not trust the sender and check the content of the email for consistency and legitimacy. If in doubt, always contact your internal IT department and/or report suspicious e-mails to your IT security team. If you have a contact person at Evonik, you can also contact them. However, under no circumstances should you use contact data from the suspicious e-mail for this purpose, but rather a telephone number you already know; only in an emergency should you make contact via a new e-mail to a known address.

Only additional technical methods can be used to verify whether the sender of an e-mail is genuine. Therefore, we recommend these steps to increase security:

1.    For mail programs that use the so-called "BIMI" (Brand Indicators for Message Identification), the Evonik logo is displayed next to the e-mail after successful verification:


2.    If your email program does not support "BIMI" (e.g. Outlook), contact your IT department or IT security team with the information for IT professionals.