Sign In
Banks · MaRisk · BAIT · DORA

Bank inbox.Brand integrity.With MaRisk context.

MailGuard plus DMARC for institutions under MaRisk AT 9, BAIT and DORA. Outbound identity as its own discipline, EU hosting, BaFin audit-ready. As of 2026.

Request a demoMailGuard in detail
At a glanceAs of 2026

Inbound protection and outbound identity in one stack.

  • BAIT as an audit point without toolingBAIT mapping as a measure list
  • Brand abuse without visibilityDMARC reports and BIMI prep
  • CEO-fraud waves only seen after damageBEC detection at the authentication layer
MailGuard catches phishing and CEO fraud, DMARC protects the brand against abuse. SecureMail delivers encrypted communication to counsel and auditors.
Right for you if:Bank, savings bank, FS firmBaFin supervisionDORA from 2025
100 %
EU hosting
MaRisk AT 9
outsourcing
DORA
from 17 Jan 2025
30 min.
Setup per tenant

Compliance anchors

MaRisk AT 9 outsourcingBAIT 8 information securityDORA Art. 6 ff ICT risk§ 25a KWG IT systems

Conbool supports MaRisk and BAIT requirements at the level of technical measures. Supervisory duties and the internal control system remain with the institution. DORA contract clauses are reflected in the DPA.

Four building blocks for the bank.

MailGuard for the inbox, DMARC for the brand, SecureMail for counsel and auditor mail, Disclaimer for required disclosures.

MailGuard

MailGuard

BEC, CEO fraud, URL reputation and attachment protection for branches, back office and the board.

MailGuard in detail
DMARC

DMARC Reports

Reject policy with reports and BIMI prep. Brand integrity as its own discipline.

DMARC Reports in detail
SecureMail

SecureMail

Encrypted correspondence to counsel, auditors and supervisors.

SecureMail in detail
Disclaimer

Disclaimer

Per-mandate and per-business-unit disclosures, consistent across devices.

Disclaimer in detail
Typical workflows

Four scenarios from a working bank.

From the branch inbox to the BaFin audit.

1

Catch CEO fraud from the executive office

Spoofed CEO mail ordering an urgent transfer is filtered by MailGuard at the authentication layer before the back office acts.

2

Protect outbound identity

DMARC reject policy against phishing campaigns claiming to come from the bank.

3

Counsel correspondence

Encrypted counsel mail and litigation files straight from Outlook.

4

BaFin audit

Audit log per GDPR Art. 30 as evidence of security measures during IT audits.

Architecture

Conbool as an independent layer.

Conbool sits in front of Microsoft 365 and provides a standalone layer that does not depend on the Microsoft license.

MX switch

Inbound SMTP runs through Conbool, M365 stays the back-end.

Independent threat intelligence

Defence-in-depth: Conbool as the first line, Microsoft Defender as the M365-internal second line.

BAIT layer

Configuration is documentable as a technical measure in the BAIT measure plan.

SIEM hook

Audit log via standard connector to the bank SIEM.

Compliance mapping

MaRisk, BAIT and DORA in technical terms.

Three supervisory rule sets, one technical stack. Conbool covers measures at the mail and data-transport layer.

MaRisk AT 9 outsourcing

Conbool as outsourcing service provider with DPA, sub-processor list and audit rights.

BAIT 8 information security

Measures for confidentiality, integrity and availability at the mail layer.

DORA ICT risk

DORA contract clauses in the DPA, threat sharing through industry initiatives.

§ 25a KWG

IT systems as part of business organisation; Conbool as a documentable technical component.

Migration

From a branch pilot to a group rollout.

Pilot in one branch region or subsidiary, then group rollout via the Microsoft admin centre.

Pilot

One branch region or subsidiary starts, the rest stays unchanged.

Group rollout

Outlook add-in for all employees via the Microsoft admin centre.

Defence-in-depth

Conbool as the first line, Microsoft Defender as the second line. Audit trail across both layers.

Legacy sunset

Existing SEG or filter solution runs in parallel and is replaced step by step.

Frequently asked questions

How does Conbool fit MaRisk AT 9 outsourcing?
Conbool is an outsourcing service provider in the sense of MaRisk AT 9 Tz. 7 and ships the required contract elements: DPA, sub-processor list, information and access rights, control rights and termination rules.
How does Conbool fit BAIT?
BAIT 8 requires technical and organisational measures for information security. Conbool delivers measures at the email and data layer and documents them auditably.
What about DORA?
DORA applies to financial entities since 17 January 2025. Conbool reflects the required contract clauses in the DPA. ICT third-party risk, contract termination and subcontractor lists are part of the DPA.
Can we run Conbool and Microsoft Defender in parallel?
Yes, that is the recommended defence-in-depth architecture. Conbool as the independent first line via MX switch, Defender as the M365-internal second line. Audit trail across both layers.
What about DMARC?
Conbool DMARC ships reports, a stepwise rollout to a reject policy and BIMI preparation. Brand integrity is its own discipline next to inbound protection.
What does Conbool cost for banks?
Modular per function and per mailbox. Volume discounts for groups. Concrete pricing on request, depending on headcount and modules.
Can we run multi-tenant for our group?
Yes. Conbool supports multi-tenant setups or one central tenant for the banking group, with separate policies per mandate.

Verwandte Lösungen

Hornetsecurity-Alternative

Deutsche MailGuard-Alternative nach der Proofpoint-Übernahme.

Phishing-Schutz

BEC, Spear-Phishing und QR-Code-Phishing erkennen und entfernen.

Ransomware-Schutz E-Mail

Mehrstufige Anhang-Filter und URL-Reputation gegen Ransomware-Kampagnen.

Spam-Filter Unternehmen

Spam und unerwünschte Massenmail mit DACH-Heuristiken filtern.

CEO-Fraud-Schutz

BEC und CEO-Fraud-Attacken über Authentifizierungs-Layer abwehren.

Verwandte Branchen

Conbool ist in benachbarten Branchen mit ähnlichem Compliance-Profil im Einsatz.

Versicherungen

Schwester-Aufsicht BaFin mit VAIT und DORA-Pflichten — gleicher Pflichtenkatalog.

Steuerberater

Eingehende Bonitätsunterlagen, JAB-Übergaben und KMU-Mandantenmappen aus der Kanzlei.

Öffentliche Verwaltung

Sparkassen, Landesbanken und öffentlich-rechtlicher Bankensektor mit Kommunaltrag.

A MaRisk-fit stack for the bank.

Demo in 30 minutes. Pilot in one branch region. Modular by function.

Request a demoMailGuard in detail

Sources and date

Statements about MaRisk are based on the BaFin Minimum Requirements for Risk Management in their respective version. Statements about BAIT are based on the BaFin Banking Supervisory Requirements for IT. Statements about DORA are based on Regulation (EU) 2022/2554. Statements about § 25a KWG are based on the German Banking Act. As of 2026.

BaFin is a designation of the Federal Financial Supervisory Authority. Microsoft, Microsoft 365 and Defender are trademarks of Microsoft Corporation. Conbool is a trademark of Conbool GmbH.