Sub-addressing (plus addressing)

In the last blog post we outlined how you can use aliases to help organise you email, and also how they can help you deal with unsolicited or marketing email. Aliases offer alternative addresses for your account so that you don’t have to use the same address for everything. However, there is a quicker way to create new addresses on your account that doesn’t need you to log in to your account and set anything up. This is sub-addressing (sometimes called plus addressing or tagged addressing).

Sub-addressing has a big plus

The key to sub-addressing is including a + and some text after it (called the tag). This goes after the username and before the @ symbol.

When our mail servers see this for incoming mail it knows that everything before the + is the username and so it can still deliver to the correct account.

Even though the mail system delivers to your usual account, the message is still addressed to username+tag@nullrunbox.com and you can use this in various ways. Sub-addressing had a lot of uses and is easy to use.

  • just make up the addresses as you go along without the need to set them up in your Runbox account.
  • use a sub-address for anything where you might want to identify the place where you used your email address.
  • use a different tag for each online website you sign up for so that if one leaks your address you know which one.
  • create a filter to delete email to that particular sub-address if it starts receiving spam.
  • filter email to specific folders based on the sub-addressing.

Works with all usernames and aliases

Sub-addressing works with all the Runbox domains, with your own domain if you using one, and with aliases (e.g. alias+tag@nullrunbox.com).

Unlike aliases you can’t delete a email address in this format, because you never set it up in the first place. If you do get unwanted mail to an address in this sub-address format you can deal with it in two ways.

  • use a filter in your Runbox account to delete it or filter it to spam.
  • if it is set up on an alias delete the alias, but this means that any other sub-addresses using that alias will also stop working.

Something else you should know

Although sub-addressing is part of the official specification for email systems, not all email providers implement it. That might mean some websites will not accept an email address with a + in it, and some email services may not allow sending to addresses in that format. If you do come across problems, please let the website or email provider know that they could be supporting this useful address format. If you prefer, let us know and we will try to get in touch with them.

The good news is that most major email services (and those that like to do things properly) do use sub-addressing and this means you are not likely to come across problems very often.

If you need any help with sub-addressing please take a look at our help page about sub-addressing, or contact Runbox Support.

Using Runbox aliases

It’s been a while since we wrote about one of the most useful Runbox features — aliases!

Aliases are a great way to organise your email, and also a very useful tool in avoiding too many problems making changes if an email address starts to receive more unsolicited or spam email than it is easy to deal with.

Aliases

Aliases are alternative email addresses for your Runbox account that deliver mail to your existing Inbox, the same Inbox your main username delivers message to. You can send and receive mail using an alias and nobody other than you need know that it is an alias. You will see aliases listed in the Compose window if you are using our webmail, and if you are using an email program you can usually set them up in the account settings.

Using your aliases

Many people use aliases to separate mail to/from different groups of people, or to separate business and personal use. You can even use filters to automatically move incoming mail addressed to aliases to specific folders in your account.

When you sign up for online accounts of different kinds (e.g. online shopping, forums, finance etc.) you could use a different alias for each account. You can use more important aliases for organisations where you feel your information is more secure, and other aliases, that you might consider throwaway addresses, for less reputable websites.

Unsolicited/spam mail

You may not be able to tell if a website is reputable or not, but if you use aliases for different kinds of use and you start getting too much unsolicited email to one or more of them, the easier option might be to decide not to use a particular alias any longer and to replace it with another one.

Abandoning an address and deleting the alias is one way to make sure it can’t receive email, but if it is your only or main email address this could mean telling friends, family, work colleagues and a whole list of websites you new address. However, if the address is an alias and you only use it for a small number of websites then it is easier to justify deleting the alias as it is less effort to set up a new alias on those websites

Setting up aliases

Runbox provides all customers with 100 aliases for their account, regardless of their plan choice. Aliases can be set up and managed by going to Account >> Aliases.

Aliases are not forwarding addresses, and forwarding can be achieved using filters. However, to allow certain combinations of Runbox accounts to work together we have made it possible for aliases to deliver messages to another Runbox account other than the account they are created on.

When you delete an alias it is permanently reserved for your account, and you can always add it back to the account that it was originally set up on. That way, you can temporarily disable an alias by deleting it, and then reinstate it at a later time.

Aliases and sub-addressing

There is another way you can create additional addresses on your account, and we will be looking at that in our next blog post about sub-addressing.

If you have any questions about using aliases, please see our help page about Aliases and Profiles.

Improving Payments with Stripe

As part of an ongoing effort to modernize our payment processes, we have changed our primary card payment processor to Stripe. This will allow us to offer a more streamlined and modern payment experience for customers.

In addition to accepting cards issued via Visa and MasterCard, for the first time with Runbox you can now pay directly using American Express cards. We are also now able to to offer Apple Pay as a payment option.

Making this change will result in more reliable payments, and along with other changes in our payment system will give us greater flexibility in helping customers who need to change the products they have with us.

Being our main card processor will also make Stripe the primary route by which automatic renewals are processed, and other methods will gradually be phased out. We have other changes planned for the future that will simplify choosing the products you need.

If you have any questions about these changes, please contact Runbox Support.

Removing Customer IP Addresses

We are pleased to announce that we no longer include customer IP (Internet Protocol) addresses in outgoing mail headers when you are using our SMTP service. The SMTP service is what you use if you are using an email program like Outlook, Apple Mail, Thunderbird or other similar programs on a laptop, desktop or mobile device.

This brings our SMTP service in line with our webmail service where we haven’t included the customer IP address for a few years now.

Removing the IP address of your Internet connection can help improve your privacy as IP addresses can sometimes be used to identify your geographical location, and might be accurate to a particular town or city (though often they are much less accurate that this).

If you have any further questions about this please contact Runbox Support.

Vulnerabilities in PGP and S/MIME

We have been following a story that appeared recently about vulnerabilities in PGP and S/MIME that can cause a leak of the plaintext content of encrypted emails.

A technical description of the vulnerabilities can be found at https://efail.de/

There are a number of possible mitigations for the vulnerabilities, and they vary in how much they might impact your use of encryption. As we have help pages about how to use encryption with email, we felt we should let you know about these particular vulnerabilities.

Account Access Controls

It’s been a few months now since we launched the new authentication service that made Runbox Two-Factor Authentication possible.

Watching over your account

Behind the scenes the authentication service has been working to protect your account from unauthorised access. One of the ways it does this is by analysing the pattern of successful and failed logins for your account.

Using a set of rules it determines if a particular IP address should be allowed to access the service or whether it should be blocked from further attempts. It also determines which IP addresses should be treated with less caution as they are your legitimate IP address.

Obviously we can’t say too much about the rules used as this could compromise the effectiveness of this system, and we are always improving the rule set to take in to account new scenarios that we encounter

Giving you more information

The design of the authentication service allows us to share with you the IPs that try to access your account, and whether that access was successful or not. This can help you in troubleshooting problems you may encounter when setting up devices with your Runbox account, but it can also alert you to attempts at unauthorised access.

You can find this information on the “Access Control” tab at Account > Account Security.

Blocked IP addresses

We have also implemented new features on the “Access Control” page that show you the IPs that are blocked for your account. You can then decide if they should be permanently blocked or removed from the blocked list.

Giving you more control

In addition you can now also block IPs yourself or add allowed IPs that should always have access to your account when the correct username, password (and 2FA where applicable) credentials are supplied. This is done via the “Manage IPs” section.

 

A list of IP addresses you have allowed and denied yourself is visible at the bottom of the page in the Access Control List, and from there you can mange this IP addresses.

It’s also possible for Main account holders to set up rules for the Sub-account accounts they have control of.

We hope you find these new features useful, and if you need any help with them please see our help page about Access Control.

 

New Spam Filtering

Recently we have been testing a new component to our spam filtering system. This component is powered by Cloudmark, one of the most popular and powerful spam filter systems available. We would now like to make Cloudmark available to more customers.

How Cloudmark works

Cloudmark is designed to detect known spam better and works as a central authority based on reporting by millions of Cloudmark users. It would help us improve our implementation of Cloudmark to have more Runbox users testing it.

Customers who are testing Cloudmark don’t need to do anything different in the way they use their email. However, we ask testers to report spam (or genuine mail) that is not classified correctly to a special Runbox email address.

No data is shared with a third party when using Cloudmark, as it’s running on Runbox’ own servers. Any reporting done by our customers is currently only going to Runbox itself. When we implement a reporting facility back to Cloudmark in the future it will be implemented as a clearly marked option.

How to start using Cloudmark

If you are interested in having Cloudmark added to your account, or wish to ask questions about it, please let us know at Runbox Support (support@nullrunbox.com).

Launch of CalDAV calendar service

Today we officially launch our CalDAV calendar service. With CalDAV you can store your calendars on Runbox’ servers using calendar apps on your computer, smart phone or tablet.

CalDAV lets you store your calendar items online and synchronize them across multiple devices. You can create events, recurring events, alarms and also invite other people to add events to their own calendars. Additionally you can create reminders/to-do lists and use those in your favorite notes app.

How to set up CalDAV

To use CalDAV you will need these details:

  • Username: Enter your Runbox username. If you use your own domain name, the username format is you@nulldomainyouown.tld.
  • Password: Enter your Runbox password.
  • Server Address: Enter https://dav.runbox.com/

For details on how to set up your CalDAV program or app, please see the CalDAV help page. And if you have any questions about this service, please contact Runbox Support.

Runbox CalDAV is the first of a new collection of services that will also include CardDAV (contacts) and WebDAV (file storage), so look out for more news in the weeks and months ahead.

 

Support Requests & Account Security

At Runbox we are very pleased to be able to offer personalized support to our customers, and we do this 7 days/week, every week of the year.

If you need to contact Runbox Support, we would advise you to read our help page on Contacting Runbox Support. In particular we would like to draw your attention to the sections regarding how we will use information to identify you as the account holder.

It is very important that we protect your privacy and security of your account, and there are elements of that process that require you to keep account information up to date so that we can ensure we are talking to the correct person.

The most commonly used piece of information we use to identify you when you can’t contact us from your Runbox account is your alternative email address, and it is very important that you keep this up to date. Being unable to verify you as the account holder is very frustrating for customers and also for us as we can’t offer you the support you are expecting.

We realize there are some customers who prefer their Runbox account not be linked to other email accounts or methods of communication, but this does limit the support we can offer in those cases. We will always try to help as best we can, but ultimately we would rather deny access to an account than to provide that access to the wrong person.

If you have any questions about this, please contact Runbox Support  🙂

New IMAP Service Migration

There are two main ways that people access their Runbox email. The first is our webmail service available on our website, and the other is via some kind of email program that might be on a computer, laptop, smartphone or tablet. If you use an email program, you will be using either our IMAP or POP service to download your incoming mail. IMAP and POP are ways in which email programs communicate with our servers to collect your mail.

We officially launched our new Dovecot IMAP service on mail.runbox.com in August, and we have been pleased with the number of customers who are moving across to this better IMAP service.

However, feedback we’ve received shows that some customers would like more time to make the switch. Therefore we are going to keep the old Courier-based IMAP service running for the time being, and will decide upon on a new retirement date in the future.

Why should I switch to the new IMAP service?

The new IMAP service provides a faster and more reliable way of accessing your mail, and also fixes a number of issues that were reported with some email apps when using the old service.

Because we need to focus increasingly on the new service, starting in January 2016 we will recommend you switch to the new service instead of providing technical support for the old IMAP service. We will of course help you switch to the new service whenever you choose to do so.

NOTE: If you are using POP you don’t need to do anything. If you’re not sure whether you’re using IMAP or POP, please contact Runbox Support.

How do I make the switch?

Setting up your account as a fresh set up usually works best, but if you just wish to change your settings without setting up your account from the start, then we have instructions for our recommended email clients that show you how to do this.

The documentation for our recommended email programs was updated a while ago to show the new server details. If you are using IMAP and keep all of your mail on our servers, you can set up your account again from the start using the details in those instructions.

If you have any questions regarding switching to the new IMAP service, please contact Runbox Support.