New Web Servers Deployed

February 3rd, 2017  |  Published in News  |  12 Comments

Yesterday we deployed our new web servers, which are powering the Runbox web app at https://runbox.com. There are a few changes and improvements that were deployed at the same time, and that we would like to tell you about.

New login screen

Among other things you may have noticed that the login procedure has changed. This is related to the roll-out of our new Account Security features, which include Two-Factor Authentication. We will post more about this soon, but the important thing to note is that the new login regime is more secure than before. This also completes our transition to a new, global authentication system which we have described previously.

If you have problems logging in

If you are experiencing problems logging in, please make sure that your browser has the latest version of the login screen. You can do this by pressing Ctrl + F5 on Windows and Cmd + R on macOS. If this doesn’t help, please try to clear your browser’s cache and restart it. If this doesn’t help or if you are unsure how to accomplish this, please contact Runbox Support.

There are a few other wrinkles on the new web servers that we are currently ironing out, and besides a more powerful and reliable webmail service we have also deployed a new spam filter.

New spam filter in beta

The new spam filter is powered by Cloudmark, which is one of the strongest authorities on spam analysis in the world. You can try out the new spam filter by going to Manager > Filter and selecting “Cloudmark (beta)” under “Detect junk mail”. If you are already using Dspam (the trainable spam filter) you can select “Both” to activate Cloudmark and Dspam.

The Cloudmark spam filter will automatically catch more spam by comparing spam signatures (fingerprints) with the central Cloudmark database. If you click “Not spam” or “Report spam” to correct spam filter behavior in the webmail, a report will be sent encrypted to the central Cloudmark service. Select “Train using reduced email details” to only send a message signature instead of the full message when reporting misclassified messages.

The Runbox Aero webmail theme

And if you haven’t already done so, we recommend that you try out the Runbox Aero webmail theme, which you can find in Webmail > Preferences. This theme has a more modern design and includes larger and more legible fonts.

More new features to come!

Finally, with the new web servers we have also established a streamlined deployment system that makes the path from development to production much more efficient. We won’t bore you with details, but we can say that you can expect more exciting features from Runbox going forward.

Tags: , ,

Free services for environmental NPOs

December 24th, 2016  |  Published in News  |  3 Comments

When a year nears its end there’s a natural inclination to take stock, and 2016 has been a year like few others.

At Runbox, while working hard each day to improve our product and ensure that our services are reliable and secure, we have watched the world’s events unfold from our vantage point in the high north.

With customers in 172 countries we feel that we are connected with people in every corner of the world.

And as our planet completes another revolution, its fate seems more uncertain than ever. Just since Runbox was launched in 2000,

  • average global temperature has increased 0.4°C [1],
  • average sea level has risen almost 6cm (2 inches) [2],
  • human population has grown by more than 1 billion [3], and
  • around 30,000 species have gone extinct [4,5].

 

Source: https://en.wikipedia.org/wiki/Global_warming

Humanity’s ecological footprint is so large that we are literally about to eradicate the planet’s resources:

  • Humans annually absorb more than 42% of the Earth’s terrestrial net primary productivity, 30% of its marine net primary productivity, and 50% of its fresh water [6].
  • 40% of the planet’s land is devoted to human food production, up from 7% in 1700 [6].
  • 50% of the planet’s land mass has been transformed for human use [6].

Clearly this is not sustainable, and humanity is on a collision course with its environment.

This increasing urgency implores us to do more to help decrease human impact. We all depend on our environment — and when it deteriorates it affects us all.

So starting this Christmas, in line with our Company Values and our commitment to sustainability, Runbox will offer free services to environmental non-profit and non-governmental organizations.

This includes both our email hosting and web hosting services, up to 100 email accounts and 1 000 MB website storage per organization. If you are a registered environmental NPO/NGO, please contact us to apply.

We encourage other email and web hosting providers to do the same.

And we wish everyone the very best for the new year.

Sources

1. https://en.wikipedia.org/wiki/Global_warming

2. http://climate.nasa.gov/vital-signs/sea-level/

3. https://en.wikipedia.org/wiki/Population_growth

4. https://www.geol.umd.edu/~tholtz/G204/lectures/204conservation.html

5. https://en.wikipedia.org/wiki/Holocene_extinction

6. Vitousek, P. M., H. A. Mooney, J. Lubchenco, and J. M. Melillo. 1997. Human Domination of Earth’s Ecosystems. Science 277 (5325): 494–499; Pimm, S. L. 2001. The World According to Pimm: a Scientist Audits the Earth. McGraw-Hill, NY; The Guardian. 2005. Earth is All Out of New Farmland. December 7, 2005.

Tags: ,

How To Use Email Securely

November 1st, 2016  |  Published in Commentary, Security  |  7 Comments

Much has been said and written in the media recently regarding email, and here at Runbox we’d like to take the opportunity to help make it all a bit more understandable.

What is email, anyway?

Email, or electronic mail, is the most common method of exchanging digital messages.

It is easily the most flexible online messaging service available, because it lets users send and receive unlimited text, multimedia, and other files to anyone with an email address anywhere in the world.

Email was invented in the 1960s and is still one of the most popular services currently available via the Internet, with over 90% of US Internet users actively using email.

How does email work?

Email systems consist of computers and devices that are connected via the Internet. These computers and devices can be servers that process and store electronic mail, or clients such as laptops and smartphones that are used to send and receive email.

Email clients and server Email clients connected to a server

When someone sends an email, the message is transferred from his or her device to a server that processes the message.

Based on the recipient email address, the server finds out where to send the message next.

This is usually to another server associated with the recipient’s address, and often via a number of other servers that act as dispatchers.

There are many different types of email software that can send, receive, and store email. If you use a computer or a smartphone, you might be familiar with software such as Outlook, Apple Mail, or Thunderbird.

Where is my email actually stored?

Because the volume of email is so large, email clients typically let servers store all the email that is received and sent and only download messages when they are opened.

This is very convenient because the server can then do resource intensive things like filtering out spam and viruses, and other kinds of sorting and processing.

Another important reason for keeping emails stored on a server is that it lets more than one client access the same messages.

For instance, you can set up your laptop, your tablet, and your smartphone to access all the email that is stored in your account on the server. You can also use a webmail in your web browser, which essentially works as an email client.

This means that your email will be synchronized across all your devices, without you having to do anything manually.

You can read more about how this works in our Help article Using an Email Client with IMAP.

How can I be sure that no one else can access my email?

When you sign up for an email account, you select a username and a password that only you know. This ensures that only you can access the email that is stored in your account on the server.

As you can imagine, it is important that you choose a strong password to make sure that no one else can guess it. It’s also important to be aware of scams that may try to trick you into revealing information that could let someone gain access to your account.

End-To-End Encryption

End-To-End Encryption

However, to be certain no one can read your email even if they were to gain access to it, you can use encryption.

Email encryption can protect your messages all the way from your device to the recipient’s, by encoding them in such a way that it’s virtually impossible for someone unauthorized to unscramble them.

You can read more about this in our Blog post Email Encryption with Runbox and our Help article Encrypting Your Runbox Email.

We hope this article helped clarify what email is, how it works, and how to use it securely. For a more in-depth article, please see How Email Works.

Tags: , ,

New Spam Filtering

August 16th, 2016  |  Published in News  |  6 Comments

Recently we have been testing a new component to our spam filtering system. This component is powered by Cloudmark, one of the most popular and powerful spam filter systems available. We would now like to make Cloudmark available to more customers.

How Cloudmark works

Cloudmark is designed to detect known spam better and works as a central authority based on reporting by millions of Cloudmark users. It would help us improve our implementation of Cloudmark to have more Runbox users testing it.

Customers who are testing Cloudmark don’t need to do anything different in the way they use their email. However, we ask testers to report spam (or genuine mail) that is not classified correctly to a special Runbox email address.

No data is shared with a third party when using Cloudmark, as it’s running on Runbox’ own servers. Any reporting done by our customers is currently only going to Runbox itself. When we implement a reporting facility back to Cloudmark in the future it will be implemented as a clearly marked option.

How to start using Cloudmark

If you are interested in having Cloudmark added to your account, or wish to ask questions about it, please let us know at Runbox Support (support@nullrunbox.com).

Tags:

Launch of CalDAV calendar service

July 26th, 2016  |  Published in News  |  15 Comments

Today we officially launch our CalDAV calendar service. With CalDAV you can store your calendars on Runbox’ servers using calendar apps on your computer, smart phone or tablet.

CalDAV lets you store your calendar items online and synchronize them across multiple devices. You can create events, recurring events, alarms and also invite other people to add events to their own calendars. Additionally you can create reminders/to-do lists and use those in your favorite notes app.

How to set up CalDAV

To use CalDAV you will need these details:

  • Username: Enter your Runbox username. If you use your own domain name, the username format is you@nulldomainyouown.tld.
  • Password: Enter your Runbox password.
  • Server Address: Enter https://dav.runbox.com/

For details on how to set up your CalDAV program or app, please see the CalDAV help page. And if you have any questions about this service, please contact Runbox Support.

Runbox CalDAV is the first of a new collection of services that will also include CardDAV (contacts) and WebDAV (file storage), so look out for more news in the weeks and months ahead.

 

Tags:

Account security and password strength

July 3rd, 2016  |  Published in News  |  19 Comments

In the recent past, some high profile companies have had user account details stolen by criminals. In some cases these details have been made public. Many people use the same usernames and passwords across different services, which means that their other accounts may also be at risk.

Use a Strong Password

Runbox has not had a data breach. However, if you use one of the affected services and have used the same login with Runbox then your Runbox account could also be at risk.

We would suggest you update your Runbox password if you feel it might be necessary. What would have been a strong password a few years ago, might not be strong now. This is because criminals have an increasing ability to try large numbers of known passwords against accounts.

For useful tips about choosing strong passwords we recommend our Account Security help page. It is easier than you might think to create good passwords that are easy to remember.

Two-Factor Authentication

To improve account security further, Runbox will be launching two-factor authentication (2FA) in the near future.

With 2FA turned on you will need to provide both your username, password, and an additional piece of information to access Runbox and your account settings. And if you choose to use IMAP, POP, or SMTP, you will be given strong passwords to use.

In the meantime, if you have any questions about account security, please contact us at Runbox Support.

Tags:

CalDAV calendar in beta testing

June 8th, 2016  |  Published in News  |  20 Comments

We’re happy to announce that our new CalDAV service is now in open beta testing.

With CalDAV you can store your calendars on Runbox’ servers using calendar apps on your computer or smart phone. This is the first step towards a full-fledged Runbox Calendar service, as we are planning to develop an integrated web interface as well.

Please remember that this is a beta phase and that the service might be less consistent than our standard services. We therefore recommend that you back up your calendar data before and while testing it.

Setting up Runbox CalDAV

To try Runbox CalDAV in your Calendar client, just set up a new account with your Runbox username and password and https://dav.runbox.com/ as Server Address.

Note: If you are using your own domain with Runbox, the correct username format is you@nulldomainyouown.com.

  • Apple Calendar users: Setup should be straight forward after selecting Add Account… > Add CalDAV Account… from the menu.
  • Outlook users: To extend Outlook with CalDAV functionality you can try the Outlook CalDav Synchronizer plugin.
  • Thunderbird users: For Thunderbird Lightning setup instructions, please see this comment.

PS: In case you are wondering what CalDAV stands for it’s Calendar Distributed Authoring and Versioning, and it’s the established standard for storing and accessing calendar information on the Internet.

Tags:

Support Requests & Account Security

May 16th, 2016  |  Published in News

At Runbox we are very pleased to be able to offer personalized support to our customers, and we do this 7 days/week, every week of the year.

If you need to contact Runbox Support, we would advise you to read our help page on Contacting Runbox Support. In particular we would like to draw your attention to the sections regarding how we will use information to identify you as the account holder.

It is very important that we protect your privacy and security of your account, and there are elements of that process that require you to keep account information up to date so that we can ensure we are talking to the correct person.

The most commonly used piece of information we use to identify you when you can’t contact us from your Runbox account is your alternative email address, and it is very important that you keep this up to date. Being unable to verify you as the account holder is very frustrating for customers and also for us as we can’t offer you the support you are expecting.

We realize there are some customers who prefer their Runbox account not be linked to other email accounts or methods of communication, but this does limit the support we can offer in those cases. We will always try to help as best we can, but ultimately we would rather deny access to an account than to provide that access to the wrong person.

If you have any questions about this, please contact Runbox Support  🙂

Tags:

Hardened web server security

March 31st, 2016  |  Published in News, Security  |  5 Comments

We have recently hardened our web server security, giving Runbox an A+ rating on securityheaders.io — in addition to our existing A+ rating on ssllabs.com.

The policies we have implemented are the following:

X-Frame-Options: Tells the browser that we don’t allow the Runbox web site to be framed (included) by other web sites, which defends against attacks like click-jacking.

HTTP Strict Transport Security: Strengthens our implementation of Transport Layer Security (TLS) by making the browser enforce the use of encrypted communication (HTTPS).

Content Security Policy: Protects our web site from Cross-Site Scripting (XSS) attacks.

HTTP Public Key Pinning: Protects us from from Man-in-the-Middle attacks by making sure the TLS certificates used by the browsers are the ones implemented on our servers.

X-XSS-Protection: Sets the configuration for the cross-site scripting filters built into most browsers.

X-Content-Type-Options: Forces browsers to use the declared file content type instead of trying to be too clever, which helps to reduce the danger of drive-by downloads.

These changes will help ensure that your use of Runbox is as safe and secure as possible, and we will continue making security-related improvements in the future.

Tags: ,

TLS Upgraded for Incoming Email

February 12th, 2016  |  Published in News, Security  |  3 Comments

Today we have upgraded the TLS (Transport Layer Security) of our incoming email servers to support version 1.2, which is the most recent. This means that when email is sent to Runbox from other services, the highest level of encryption will be used if the other service supports it.

This also means that all communication between your email program and Runbox now uses TLS 1.2 (if supported by your email program).

 

Tags: ,