Runbox Blog

Runbox has been focusing on privacy and information security from day one, and have paid attention to the strict Norwegian legislation concerning the processing of personal data ever since.

Norway is a member of European Economic Area (EEA) and as such has to implement certain EU regulations, even if Norway is not a member of the European Union (EU). When the European Parliament and the Council decided new legislation for the protection of personal data, that legislation also applied in Norway and has to be implemented by May 25, 2018.

The legislation, titled General Data Protection Regulation (GDPR), contains rules for how personal data should be processed. Using the terms of GDPR, this includes how, when, and under which conditions, personal data

• can be collected, processed and stored, which demands explicit consent, and explicit stated purpose;
• shall be rectified;
• shall be deleted (right to be forgotten);
• shall be released to the person that owns the data (right to portability);
• could be transferred to third parties for processing, where a Data Processing Agreement (DPA) is mandatory;
• could be transferred to processors outside EEA.

At Runbox we have followed the development of this new EU legislation from the very beginning, and as early as 2014 we initiated a project in order to become GDPR compliant.

As a first step we started developing a planning document which includes detailed plans for making our information security management complete and consistent. The document laid out a number of activities which are now outlined in 15 sub-projects, of which some are completed, and others are in process of being completed.

However, information security is a continuous effort and the sub-projects will give rise to additional activities far beyond the GDPR framework.

We will keep you updated.

#DeleteFacebook

We have carefully implemented these policies in order to protect our users’ privacy as outlined in our Privacy Commitment, and we are currently working hard to obtain compliancy with the forthcoming General Data Protection Regulation introduced by the EU.

This also means that we are conscious about how Runbox interacts with other Internet services such as social media networks. Therefore we have been disappointed by the recent revelations about the privacy intrusions and unethical practices by Facebook.

As a consequence we have decided to remove the Runbox page from the Facebook platform.

Due to necessary reorganization of our email server infrastructure, all Runbox email services will be inaccessible on Sunday 01.04.2018 between approximately 10:00 CEST (08:00 GMT, 4:00 AM EDT) to 14:00 CEST (12 GMT, 8 AM EDT).

The reorganization involves consolidating our servers to simplify management and maintenance, and modernizes and improves server power management.

Any updates during the downtime will be posted on https://status.runbox.com.

We apologize for any inconvenience caused.

The response to the Runbox 7 Webmail closed beta test has been overwhelming, and to ensure sufficient capacity and performance we are giving access to beta testers gradually over the next few weeks.

We still have some open spots, so if you would like to participate send an email as soon as possible to support@nullrunbox.com with the subject “Runbox 7 Webmail beta test”.

We are excited to announce the closed beta test phase of Runbox 7 Webmail!

This release is not merely an upgrade to our existing services, it’s a bold step into a new world of Webmail apps that will provide unprecedented speed and usability.

Runbox 7 aims to be the fastest webmail on the planet with:

Screenshot sample of Runbox 7 Webmail

• Instant folder views and search results.
• Endless, smooth scrolling of folder contents.
• Drag & drop message selection and moving to folders.
• Incremental, instant search functionality.

The new webmail will be the cornerstone of Runbox 7, and is the first of several development stages that will culminate in a completely new user interface.

Please read on for details about Runbox 7 Webmail and how you can participate in the closed beta test.

Superior speed

Runbox 7 started with a crazy idea:

How can we create a webmail that’s not just faster, but responds instantly?

The solution we developed is a combination of database accelerated email storage, innovative message indexing, and cutting-edge web technology.

When you log into Runbox 7 Webmail, you enter a modern webmail environment built with Angular 5 and Material Design. Your email folders and messages will be shown instantly, giving you an immediate overview of your email.

The spacious layout, clean lines, and powerful engine lets you efficiently navigate the new features and get down to the business of effectively managing your email.

Incremental search

Incremental search

One of the core features of Runbox 7 Webmail is its search capabilities. We have built the search functionality in such a way that the browser doesn’t need to query the server at all.

Not only that, but this webmail will show you search results incrementally while you are typing in the Search field.

You have better things to do than waiting for search results, so we put a lot of effort into making the search function as fast as possible — and this is as fast as it’s possible to get.

Lots of cool functionality

Infinite listing: No more clicking back and forth to navigate your Inbox — just scroll down and the next messages will load automatically.

Threaded view: Want to see your messages in conversation view? Just tick the Threaded checkbox to the top right.

Unread messages: Only interested in the latest news? Tick the Unread checkbox.

Multi-select messages: Want to select many messages in a hurry? Just click the radio button of a message, and drag up or down while holding the mouse button down to select several messages in a row.

Runbox 7 preview pane

Preview pane: Who has time to actually open a message? Just select one in the list and a preview will be shown in the bottom half of the message list pane. To see more, click the ^ arrow in the preview menu.

Hide folders: Want more space for your messages? Just click the icon to the left of the Search area to hide the folder pane.

Draft Desk

Runbox 7 Draft Desk

Another key feature of Runbox 7 Webmail is the Draft Desk — a completely new way of  managing drafts.

In our world of non-stop online communication, we often find ourselves multitasking and working on several threads in parallel. With our new Draft Desk you get a full overview of the messages you are currently working on, previewed side by side in an efficient interface.

Simply click on a draft preview to expand it, write down your thoughts, and send, save, or close the message to return to it later.

Mobile ready

We believe that you shouldn’t have to switch between different apps or user interfaces just because you switch between a laptop, a tablet, or a smart phone.

Therefore we built Runbox 7 Webmail to be mobile-ready and responsive from the ground up. This means that it will automatically adapt to your device’s screen size and orientation while retaining the basic functionality you are used to from a regular browser.

Join the closed beta test

To join the closed beta test of Runbox 7 Webmail, contact support@nullrunbox.com with the subject “Runbox 7 Webmail beta test”. If you are selected to participate, we will then be in touch with further details.

It’s been a few months now since we launched the new authentication service that made Runbox Two-Factor Authentication possible.

Watching over your account

Behind the scenes the authentication service has been working to protect your account from unauthorised access. One of the ways it does this is by analysing the pattern of successful and failed logins for your account.

Using a set of rules it determines if a particular IP address should be allowed to access the service or whether it should be blocked from further attempts. It also determines which IP addresses should be treated with less caution as they are your legitimate IP address.

Obviously we can’t say too much about the rules used as this could compromise the effectiveness of this system, and we are always improving the rule set to take in to account new scenarios that we encounter

Giving you more information

The design of the authentication service allows us to share with you the IPs that try to access your account, and whether that access was successful or not. This can help you in troubleshooting problems you may encounter when setting up devices with your Runbox account, but it can also alert you to attempts at unauthorised access.

You can find this information on the “Access Control” tab at Account > Account Security.

Blocked IP addresses

We have also implemented new features on the “Access Control” page that show you the IPs that are blocked for your account. You can then decide if they should be permanently blocked or removed from the blocked list.

Giving you more control

In addition you can now also block IPs yourself or add allowed IPs that should always have access to your account when the correct username, password (and 2FA where applicable) credentials are supplied. This is done via the “Manage IPs” section.

A list of IP addresses you have allowed and denied yourself is visible at the bottom of the page in the Access Control List, and from there you can mange this IP addresses.

It’s also possible for Main account holders to set up rules for the Sub-account accounts they have control of.

We hope you find these new features useful, and if you need any help with them please see our help page about Access Control.

Runbox recently launched Two-Factor Authentication (2FA). 2FA is a log in procedure where an additional piece of information is required in addition to your username and account password.

This additional factor is a code that can only be used once, or for a limited period of time.

Runbox Two-Factor Authentication

Runbox 2FA currently supports Timed One-Time Passwords (TOTP) and One-Time Passwords (OTP) as additional factors. We are planning to expand this with Yubikey or U2F support.
 

Runbox is the only 2FA-enabled email provider in Norway

Runbox is located in Norway, which has some of the strongest privacy regulations in the world.

By choosing Runbox as your email provider, your data will be protected by these regulations while ensuring your email is secure from unauthorized access.

Read on to find out how Runbox 2FA works and which options are available.

Timed One-Time Passwords (TOTP)

2FA Timed One-Time Passwords

To use this option you will need a smartphone and some free software.

Timed one-time passwords works by giving you a login code which changes over time, in addition to your password.

To get started, download a TOTP app such as Authy, FreeOTP or Google Authenticator onto your mobile phone and follow their instructions.

Note: It is essential that your smartphone has the correct date/time set as this is used by the TOTP app to generate the correct codes that allow you to log in.

One-Time Passwords (OTP)

2FA One-Time Passwords

When you enable this option, the system will generate random passwords that you can use only once. Used passwords are discarded automatically and cannot be used again.

You can download the the list of passwords to a computer or mobile device, or you can print them out if necessary. However, you must keep the list secure as these passwords can be used to access your account along with your usual username and account password.

Trusted browsers

2FA Trusted Browsers

This option allows the server to trust your current web browser so that you don’t have to use a 2FA code. The option places a small piece of code in your browser (a cookie) that tells the server not to require the 2FA details and you can just log in with username and password.

You should only use this method of bypassing 2FA on a computer or device that you are confident nobody else can log in to. You can temporarily turn on/off individual browsers from the trusted list, or you can delete the browser entry entirely which will force that browser to require the 2FA details.

Unlock code

2FA Unlock Code

If for some reason you are unable to log in with 2FA after it has been enabled, this code can be used to disable 2FA.

The code can be used in conjunction with a secure question/answer for additional security.

You can now train your Runbox spam filter using IMAP. Simply use your email program/app to move messages to your Spam folder to report them as spam, and move them from Spam to any other folder to report them as not spam.

IMAP training works for both the Dspam and the Cloudmark filters, the latter of which is in an open beta test. To join the beta test, just go to Manager > Filter and turn it on.

We are excited to announce the launch of a new Account Security interface with Two-Factor Authentication (2FA) for Runbox.

This completes more than a year of development, and we are quite proud of the result. The new features will significantly improve the security of your Runbox account when you activate them.

Account Security features

The new Account Security interface includes 4 main features: Two-Factor Authentication, Manage Services, App Passwords, and Last Logins.

Used separately or in combination, these features add extra layers of security to your Runbox account.

Two-Factor Authentication

Two-Factor Authentication (2FA) is a log in procedure where an additional piece of information is required in addition to your username and account password.

This additional factor is a code that can only be used once, or for a limited period of time.

Runbox Two-Factor Authentication

Runbox 2FA currently supports Timed One-Time Passwords (TOTP) and One-Time Passwords (OTP) as additional factors. We are planning to expand this with Yubikey or U2F support.

Manage Services

The new Account Security interface lets you disable various services such as IMAP, POP, and SMTP. These are the services you use when using an email app/program to access your mail.

By disabling services you are not using, you prevent attempts at unauthorized access to your account via those services.

App Passwords

You can also set up unique passwords for each of your apps or devices, giving you complete control over the access to your account.

If you then happen to lose a device you can simply delete the corresponding app password, effectively disabling access from that device.

Last Logins

This section shows a list of the most recent login attempts to your account from each service such as web, IMAP, POP, and SMTP.

If you suspect that there have been unauthorized login attempts to your account, you can review this list and take appropriate action.

How to set up Account Security features

To get started, just go to the Account Security screen to set up 2FA and the other security features.

We encourage you to review our Account Security help page for details about the new functionality first. This will ensure that you understand how 2FA works and prevent you from getting locked out of your account.

We welcome any questions or feedback you might have, either as comments to this blog post or via our contact form or support system.