Changes to TLS encryption security

At Runbox we are pleased to be able to provide you with secure email services. In order to maintain the security of email communications it is necessary to continually review how email systems connect and communicate with each other, and this includes how you connect to our service to send and receive email.

Encryption is important

When you connect to our service using an email program (such as Outlook, Thunderbird, Apple Mail etc.) the connection between the email program and our mail servers is encrypted so that nobody can intercept your username, password or email message content.

It’s important to use updated software that supports modern encryption methods to prevent that encryption from being broken and compromised as hackers increasingly use more and more powerful computers and techniques to decrypt data.

As such we will end support for outdated encryption methods to ensure that we provide the latest and most secure encryption between your email program and our service. This also helps us prevent unauthorised access to our servers and helps keep the Runbox service safe for all customers.

On 1 July 2019 we will retire some very old encryption protocols
and this might affect some older email programs.

The technical details

We will be retiring support for TLS 1.0 and 1.1 and will only support TLS 1.2 or later. TLS 1.2 has been around for 10 years so there has been a long time for email programs to adopt the use of this type of encryption. TLS is Transport Layer Security and is the encryption that protects your data. However, you don’t need to understand much about this to make any necessary changes.

Your email program

Most email programs that were released in the last 5 years will be compatible with the latest encryption. It is important to use the latest versions of email programs as the developers of those programs will have corrected bugs that could be a security issue. Where possible it is also advisable that you use the latest version of your computer’s operating system.

We have tested the email programs below and they all work with the most modern encryption that we use with our servers.

  • Outlook 2013 and later (Windows and macOS)
  • Thunderbird (Windows and macOS)
  • Apple Mail (macOS)
  • Windows Mail (Windows)
  • eM Client (Windows and macOS)
  • Gmail app (Android)
  • Mail app (iOS)
  • Maildroid (Android)

Many other email programs will also work with our service and those listed above are just commonly used ones that we have tested.

Further details and help

If you need any help on this issue, or would like us to offer advice on the email program you are using please get in touch with us.

Continue Reading →

Using your own domain name with Runbox

When you read this blog post, you will see https://blog.runbox.com in your web browser’s address bar. Our domain name is runbox.com and domains are used in this way to make the Internet easier to use. The Internet uses IP (Internet Protocol) addresses to route information from one place to another. Without domains you would need to know the IP address of the server that this page is delivered from (http://91.220.196.127).

The same is true with email addresses. If you send a message to support@nullrunbox.com, the sending mail service can work out from @runbox.com that our mail server (mx.runbox.com) has IP address 91.220.196.211.

Domains also mean that if we change our network in a way that means our IP addresses change we don’t need to tell you to remember different IP addresses as we can just point our domain at the new addresses.

Changing email provider

When choosing an email provider once of the biggest concerns expressed to us by new customers is the fact they might need to change their existing email address and tell all the people they use that address with. There are some ways that Runbox can help smooth any transition such as this, and some things you might be able to do at your current email provider:

  • Forward email from your old email provider to your new Runbox account, but reply from your Runbox address to give people time to add your new address to their address book.
  • Use the Runbox POP retrieve feature to download new messages from your old account in to your Runbox account.
  • Use the Runbox IMAP Import feature to move all your existing messages from your old email provider to Runbox.

Never change your email address again

However, as you move to Runbox, why not make changing your email address the last time you ever do this?

We would be very happy for you to stay with Runbox for as long as you like and never need to change your @runbox.com email address. However, sometimes there are good reasons why you might need to use a different email provider, or you may want to use another email provider in addition to Runbox (e.g. for business reasons). This might mean you can’t use your @runbox.com address as you don’t own the domain and can’t configure it to work as you need.

The one sure way to avoid that problem and to have maximum control and flexibility over your email services is to register your own domain.

Registering a domain – an address for life

Domains are not expensive to register and the Runbox services can work with any domain you choose to own. We offer personal support to register your domain and to help you get it up and running. You can use a domain for both email and a website, and Runbox has web hosting packages if you decide you also need a website.

Once you have your own domain, you can have an email address for life.

To find out which domains might be available for you to register, you can go to Account >> Domain Hosting in your Runbox account and use the search feature to find out if a domain you are interested in is available.

Domains cost as little as USD 14.95 per year for a .com domain, and once you have your own domain it is yours to use for as long as you like and with any email provider you like whether you are a Runbox customer or not.

Help and support

If you have any questions about registering domains, please contact us at support@nullrunbox.com or via our support website at https://support.runbox.com

Continue Reading →

Know where your email is, wherever you are!

When you access web pages and other services such as email a whole range of things go on in the background to ensure that your request for a web page or accessing your email is achieved no matter where you are in the World, or which Internet Service Provider (ISP) you are using at the time. As part of that process, the companies that provide these services can do some useful things to ensure that your access is as fast and as reliable as possible.

Edge services

One thing service providers can do is make use of edge services that move data and processing closer to the location of the device you are using. This will mean that when you access the service the route that the data takes is shorter geographically, and that a central data centre is not having to handle all the network traffic and processing. This reduces the time it takes from when you perform some action on your device to when you get the response from the service. This is often referred to as latency.

As more and more devices become connected to the Internet, and 5G mobile services are rolled out fast responsiveness will become increasingly important for providing a good experience.

Runbox and edge services

Despite all the benefits of edge services and why they are used, we are pleased to say that Runbox doesn’t use any of them – and for good reason.

We understand that privacy and knowing who looks after you data is important to you as a Runbox customer, and to that end we are happy to say that we can offer you the confidence of knowing where your email is stored no matter where you access it from.

We only store your email on servers that are located in a data centre in Oslo, Norway. In addition to our own security features, it is protected by the highly regarded legislation of Norway which is very focused on the privacy of communications and data more generally.

All networks point to Norway

When you access your email with an email program or via our web interface data to and from your phone is routed between your location and Oslo, and the only place your data can be accessed from is the servers in Oslo.

Between you and our data centre the data can travel across many networks with your current ISP at one end and ours at the Oslo end. However, all our services encrypt your data between your device and our servers and this means the email content isn’t readable as it passes through the ISPs that provide your connection to us.

We believe that rather than distributing your data to data centres around the World, it is important for it to be treated as a valuable commodity and give it location specific protection. This means all access to your data is in accordance with Norwegian law.

Internet routing

Runbox doesn’t control the entire route of your data to our servers, and the further from Oslo you are the less influence our choice of ISPs has on the route your data takes.

The geographical distance between you and our servers can make a difference to how responsive our servers appear to be. This is because of the number of ISPs and routers involved in the network between you and us, as well as the quality and speed of the service those ISPs provide.

Usually this doesn’t cause any significant issues and we have happy customers in 170 countries including Australia and New Zealand, which is about a far as you can get from Oslo. However, sometimes it can cause an issue and we can help customers try to deal with this if they contact us.

Speeding up your email access

While we are pleased to offer the certainty of knowing where you data is stored, we are also keen to make sure that you have a good experience using Runbox.

Using an email program like Thunderbird, Outlook or Apple Mail and therefore having your mail stored on your device can improve access to your messages. Doing this means that instead of having to download details for all of your messages each time you access your account, mail that has already been downloaded to your device is already there and only new messages need to be fetched from the server.

Using an email program is a great idea for many reasons and not just because it helps solve potential network issues, but also because of the ability to manage more than one email account in the same interface, use the local search capabilities of the email program and access previous messages when you don’t have an Internet connection.

And now we can speed up your web access too

Recently we’ve introduced local storage to the Runbox webmail in the form of the Runbox 7 web app. When you log in to the new interface you will be given the choice to download an index of all your messages that will be stored in your web browser. This index will remain there and be updated as new mail arrives until you decide to delete it. We also pre-load the content of the messages that are shown in your message list so that when you open the message the content is already on your device ready to be shown to you. This makes Runbox 7 a very fast webmail client with excellent search capabilities.

Know where your email is, wherever you are

So not only do you have the peace of mind knowing where your email is stored when it arrives in your account, but you also have the option to store it securely on your own personal devices for even greater performance.

This means you don’t need to worry about what edge services are doing with your data, because with Runbox you know where your email is, wherever you are!

Continue Reading →

Profiles, Identities, Privacy or just a different look!

Whether you need to run personal and business emails from the same account, or just want to have a different identity for some purposes, Runbox has always provided customisation tools that let you adapt the name and email address on your outgoing message to suit any occasion. We call these Profiles and they are based on folders.

Profiles in Runbox 6

In the original design of Runbox it was intended that where necessary you could move or automatically filter incoming message to folders for different purposes, or to help you organize your email better. Along with folders there are a set of preferences for each folder. By default new folders that are created are set to have the same preferences as your Inbox, but you can change this setting so that you can customise these preferences on a per folder basis.

By far the most commonly customised settings are the Name, From, Reply to and Signature settings. These in particular allow you to create new “Profiles” so that you can send mail as it you have more than one email account. When you are reading email in a particular folder and you reply or create a new message while that folder is selected, your preferences for that folder are automatically applied to the message you are creating.

As mentioned in a previous blog post aliases are an excellent way to keep mail separate for different purposes, and potentially help you manage any unsolicited mail. Profiles let you take this further and create a whole new identity, including a different name to go along with the alias address. Whenever you are using the Compose windows your aliases and profiles are listed in the drop-down box at the top of the window so you can easily select the one you need.

Identities in Runbox 7

One of the drawbacks of the flexibility the existing interface offers is that it can be quite time consuming setting up a alias, and then having to create a folder for a profile just so you can set up a different “from” name or signature. You might not even want to move or filter messages to a folder, but you would still need to create one if you want a different profile.

In Runbox 7 we are going to simplify and streamline this process and all aliases will automatically become part of an “Identity”. When you create an alias you will at the same time have the option to update other details attached to that alias to create a different identity, or accept the default values that will automatically be pre-filled for you.

We are also planning to eventually allow you to create a folder from the identities interface and at the same time a filter so that when you create an alias and decide to use that as an identity you can complete all the necessary steps at the same time.

In Runbox 7 these identities will replace profiles and will improve on a feature we have offered for a long time, and one that is a key feature of what Runbox offers in its email service.

For more information about Runbox 7, see some of our previous blog posts below:

We still have some open spots in the beta testing, so if you would like to participate send an email as soon as possible to support@nullrunbox.com with the subject “Runbox 7 Webmail beta test”.

Continue Reading →

Sub-addressing (plus addressing)

In the last blog post we outlined how you can use aliases to help organise you email, and also how they can help you deal with unsolicited or marketing email. Aliases offer alternative addresses for your account so that you don’t have to use the same address for everything. However, there is a quicker way to create new addresses on your account that doesn’t need you to log in to your account and set anything up. This is sub-addressing (sometimes called plus addressing or tagged addressing).

Sub-addressing has a big plus

The key to sub-addressing is including a + and some text after it (called the tag). This goes after the username and before the @ symbol.

When our mail servers see this for incoming mail it knows that everything before the + is the username and so it can still deliver to the correct account.

Even though the mail system delivers to your usual account, the message is still addressed to username+tag@nullrunbox.com and you can use this in various ways. Sub-addressing had a lot of uses and is easy to use.

  • just make up the addresses as you go along without the need to set them up in your Runbox account.
  • use a sub-address for anything where you might want to identify the place where you used your email address.
  • use a different tag for each online website you sign up for so that if one leaks your address you know which one.
  • create a filter to delete email to that particular sub-address if it starts receiving spam.
  • filter email to specific folders based on the sub-addressing.

Works with all usernames and aliases

Sub-addressing works with all the Runbox domains, with your own domain if you using one, and with aliases (e.g. alias+tag@nullrunbox.com).

Unlike aliases you can’t delete a email address in this format, because you never set it up in the first place. If you do get unwanted mail to an address in this sub-address format you can deal with it in two ways.

  • use a filter in your Runbox account to delete it or filter it to spam.
  • if it is set up on an alias delete the alias, but this means that any other sub-addresses using that alias will also stop working.

Something else you should know

Although sub-addressing is part of the official specification for email systems, not all email providers implement it. That might mean some websites will not accept an email address with a + in it, and some email services may not allow sending to addresses in that format. If you do come across problems, please let the website or email provider know that they could be supporting this useful address format. If you prefer, let us know and we will try to get in touch with them.

The good news is that most major email services (and those that like to do things properly) do use sub-addressing and this means you are not likely to come across problems very often.

If you need any help with sub-addressing please take a look at our help page about sub-addressing, or contact Runbox Support.

Continue Reading →

Using Runbox aliases

It’s been a while since we wrote about one of the most useful Runbox features — aliases!

Aliases are a great way to organise your email, and also a very useful tool in avoiding too many problems making changes if an email address starts to receive more unsolicited or spam email than it is easy to deal with.

Aliases

Aliases are alternative email addresses for your Runbox account that deliver mail to your existing Inbox, the same Inbox your main username delivers message to. You can send and receive mail using an alias and nobody other than you need know that it is an alias. You will see aliases listed in the Compose window if you are using our webmail, and if you are using an email program you can usually set them up in the account settings.

Using your aliases

Many people use aliases to separate mail to/from different groups of people, or to separate business and personal use. You can even use filters to automatically move incoming mail addressed to aliases to specific folders in your account.

When you sign up for online accounts of different kinds (e.g. online shopping, forums, finance etc.) you could use a different alias for each account. You can use more important aliases for organisations where you feel your information is more secure, and other aliases, that you might consider throwaway addresses, for less reputable websites.

Unsolicited/spam mail

You may not be able to tell if a website is reputable or not, but if you use aliases for different kinds of use and you start getting too much unsolicited email to one or more of them, the easier option might be to decide not to use a particular alias any longer and to replace it with another one.

Abandoning an address and deleting the alias is one way to make sure it can’t receive email, but if it is your only or main email address this could mean telling friends, family, work colleagues and a whole list of websites you new address. However, if the address is an alias and you only use it for a small number of websites then it is easier to justify deleting the alias as it is less effort to set up a new alias on those websites

Setting up aliases

Runbox provides all customers with 100 aliases for their account, regardless of their plan choice. Aliases can be set up and managed by going to Account >> Aliases.

Aliases are not forwarding addresses, and forwarding can be achieved using filters. However, to allow certain combinations of Runbox accounts to work together we have made it possible for aliases to deliver messages to another Runbox account other than the account they are created on.

When you delete an alias it is permanently reserved for your account, and you can always add it back to the account that it was originally set up on. That way, you can temporarily disable an alias by deleting it, and then reinstate it at a later time.

Aliases and sub-addressing

There is another way you can create additional addresses on your account, and we will be looking at that in our next blog post about sub-addressing.

If you have any questions about using aliases, please see our help page about Aliases and Profiles.

Continue Reading →

Improving Payments with Stripe

As part of an ongoing effort to modernize our payment processes, we have changed our primary card payment processor to Stripe. This will allow us to offer a more streamlined and modern payment experience for customers.

In addition to accepting cards issued via Visa and MasterCard, for the first time with Runbox you can now pay directly using American Express cards. We are also now able to to offer Apple Pay, Google Pay and Microsoft Pay as payment options.

Making this change will result in more reliable payments, and along with other changes in our payment system will give us greater flexibility in helping customers who need to change the products they have with us.

Being our main card processor will also make Stripe the primary route by which automatic renewals are processed, and other methods will gradually be phased out. We have other changes planned for the future that will simplify choosing the products you need.

If you have any questions about these changes, please contact Runbox Support.

Continue Reading →

Removing Customer IP Addresses

We are pleased to announce that we no longer include customer IP (Internet Protocol) addresses in outgoing mail headers when you are using our SMTP service. The SMTP service is what you use if you are using an email program like Outlook, Apple Mail, Thunderbird or other similar programs on a laptop, desktop or mobile device.

This brings our SMTP service in line with our webmail service where we haven’t included the customer IP address for a few years now.

Removing the IP address of your Internet connection can help improve your privacy as IP addresses can sometimes be used to identify your geographical location, and might be accurate to a particular town or city (though often they are much less accurate that this).

If you have any further questions about this please contact Runbox Support.

Continue Reading →

Vulnerabilities in PGP and S/MIME

We have been following a story that appeared recently about vulnerabilities in PGP and S/MIME that can cause a leak of the plaintext content of encrypted emails.

A technical description of the vulnerabilities can be found at https://efail.de/

There are a number of possible mitigations for the vulnerabilities, and they vary in how much they might impact your use of encryption. As we have help pages about how to use encryption with email, we felt we should let you know about these particular vulnerabilities.

Continue Reading →

Account Access Controls

It’s been a few months now since we launched the new authentication service that made Runbox Two-Factor Authentication possible.

Watching over your account

Behind the scenes the authentication service has been working to protect your account from unauthorised access. One of the ways it does this is by analysing the pattern of successful and failed logins for your account.

Using a set of rules it determines if a particular IP address should be allowed to access the service or whether it should be blocked from further attempts. It also determines which IP addresses should be treated with less caution as they are your legitimate IP address.

Obviously we can’t say too much about the rules used as this could compromise the effectiveness of this system, and we are always improving the rule set to take in to account new scenarios that we encounter

Giving you more information

The design of the authentication service allows us to share with you the IPs that try to access your account, and whether that access was successful or not. This can help you in troubleshooting problems you may encounter when setting up devices with your Runbox account, but it can also alert you to attempts at unauthorised access.

You can find this information on the “Access Control” tab at Account > Account Security.

Blocked IP addresses

We have also implemented new features on the “Access Control” page that show you the IPs that are blocked for your account. You can then decide if they should be permanently blocked or removed from the blocked list.

Giving you more control

In addition you can now also block IPs yourself or add allowed IPs that should always have access to your account when the correct username, password (and 2FA where applicable) credentials are supplied. This is done via the “Manage IPs” section.

 

A list of IP addresses you have allowed and denied yourself is visible at the bottom of the page in the Access Control List, and from there you can mange this IP addresses.

It’s also possible for Main account holders to set up rules for the Sub-account accounts they have control of.

We hope you find these new features useful, and if you need any help with them please see our help page about Access Control.

 

Continue Reading →