Increased password strength

January 31, 2013 5 Comments

To protect your Runbox account, and any other online account you may have, it’s crucial to choose a good password. Your password needs to be unique enough to prevent others from guessing it or computers from cracking it.

This is becoming increasingly important since attackers can use powerful password cracking software and attacks are happening more often.

We see that many users choose passwords that are too simple, perhaps thinking that no one will try to gain access to their account, or that they don’t have anything to hide anyway.

The importance of strong passwords

However, if someone did gain access to your account unauthorized they could potentially use the contents to break into other accounts you may have, since email often contains login information to other services.

An intruder could also hijack an account in order to send large amounts of spam, which would  hurt not only the recipients of the messages, but also the account owner (due to returned, undeliverable messages). Furthermore, it could negatively impact Runbox as a whole, since it could get our service blocked by other email services.

Creating a good password

In Runbox 6, you can create a longer and more complex password using many different special characters.

Your password must be between 6 and 64 characters long, and can contain the letters a-z and A-Z, the numbers 0-9, and the following special characters:

+?=()&,.:;-_/*@!#~`#$%^&[]{}|\'”<>

We know, creating and remembering a long and complex password sounds like a big hassle. But it’s actually very simple, and could even be fun!

Just see our Tips for choosing and protecting passwords for a quick how-to.

Continue Reading →

Runbox 6 launched

January 25, 2013 18 Comments

Over the past year and a half we have spent a great deal of time behind the scenes upgrading the Runbox Webmail code. We have also upgraded all the underlying software that powers Runbox, and much of the hardware it runs on.

The Runbox 6 platform

This is the 6th generation of Runbox, and while it may appear similar to Runbox 5 it provides a solid and updated platform for further development of new features. In addition, we have created a software building and deployment system that will enable us to develop new code faster and more securely.

We have already put some new features into Runbox 6 — some minor ones you will discover as you use it, and a few bigger ones:

New Features in Runbox 6

1. Tags: These let you label messages across folders, and will allow you to organize and find messages more easily. To add a tag, open an email, select [New Tag] from the Tags field near the top, enter a tag name, and click “Add tag”. You can now sort messages by your tags in the message list.

2. Improved Account overview: You can now get a full overview of your account’s Data Usage on the Account screen.

3. Sub-account management: You will now be able to manage any sub-accounts you might have in a similar way to the main account and also see detailed information about the usage of the account. Just click the sub-account address in the list after going to Sub-accounts. Note: Sub-account owners can now change the passwords of their sub-accounts and therefore potentially access them.

4. Color themes: You can now choose between 4 color themes by going to Webmail: Preferences and selecting an option from the “Theme” menu. We have also removed they gray background color from all pages to brighten things up a bit.

Try Runbox 6 now

You can start using Runbox 6 now by going to the following link: https://beta.runbox.com/mail?activate_rmm6=YES

This will take you to https://runbox.com, which is also where you will be redirected automatically next time you log in.

We hope you will enjoy the new Runbox! If you have any questions, please add a comment below or open a support ticket at https://support.runbox.com.

Continue Reading →

More details about last night’s DDoS attack

2 Comments

In the early hours of 25th January the Runbox network was subject to a Distributed Denial of Service attack. This sort of attack uses multiple computers around the world to flood our servers with requests and this makes it difficult, if not impossible, for legitimate access by our customers.

Response and consequences

We were quick to respond to this problem, but it can take some time to identify the multiple sources of the attack and then block the traffic to our servers. As a result of the attack many of you would not be able to access our services during the time it was taking place.

The attack was carried out by a group who had previously failed to get access to some of our customers accounts that do not belong to them. They had threatened to carry out the attack if we did not comply with their wishes.

No data was compromised

We would like to assure our customers that no customer data was compromised before, during or after the attack, and that we would never give way to such threats. If you have any concerns about this incident, please open a support ticket at https://support.runbox.com

Continue Reading →

Upgrade for Runbox 4 users

December 20, 2012 24 Comments

Although Runbox 5 was launched in 2009 we have continued supporting Runbox 4 despite having to maintain an extra set of servers and software.

At this point we are going to have to make some changes, though…

Runbox 4 and the recent database upgrades

We have been planning to retire Runbox 4 for a while now, but some of you who have been with us for a long time have grown to love the trusty but perhaps a bit clunky interface. So we postponed the decision and wanted to do it slowly and gently at some point in the future.

However, when completing the database server replacement today, we realized that some of the software powering Runbox 4 is no longer compatible with the new database servers. We have tried upgrading that old software, but it’s proving very difficult.

Runbox 5 and the even newer Runbox 6

Since we think it’s better to spend time improving the new Runbox 6 instead, and because Runbox 4 is so old it’s starting to be a security risk, we have decided to upgrade those still using Runbox 4 to Runbox 5 Basic.

Runbox 5 Basic works very similarly to Runbox 4, but it looks a lot nicer. Runbox 5 is the standard Webmail while we finish the new Runbox 6, which is still in testing.

You can find more information about how Runbox 5 works here: Runbox 5 Upgrade Guide

We hope you will like Runbox 5 while we keep working to finalize Runbox 6!

Drafts in Runbox 4 vs Runbox 5

In Runbox 5, drafts are stored in a different way that lets them be synchronized with an email client over IMAP. Unfortunately, this also means that drafts stored in Runbox 4 are not available in the Runbox 5 interface.

However, for those of you who have saved drafts in Runbox 4 we can most likely convert them to Runbox 5 if you contact us via https://support.runbox.com.

fast.runbox.com and light.runbox.com

The text-only Webmail at fast.runbox.com was also running Runbox 4 software. We have a new, similar webmail powered by Runbox 5 available at light.runbox.com for those who want that: http://light.runbox.com/mail

fast.runbox.com will therefore redirect to light.runbox.com from now on.

Continue Reading →

Server upgrades and scheduled downtime

June 18, 2012 Leave a comment

We will upgrade our application servers with more memory and our services will be unavailable while we replace the RAM.

The upgrade will be done Tuesday June 26 at approximately 7:30 AM CET (5:30 AM GMT, 1:30 AM EST) and it will take 30-60 minutes to complete.

We apologize for any inconvenience caused and thank you for your understanding.

Continue Reading →

Notice to customers paying via bank wire transfer (SWIFT)

April 25, 2012 Leave a comment

For those of our customers who pay for their Runbox subscriptions via bank wire transfer (SWIFT), please note that our bank account number has changed from 7023… to 1503…

To pay via bank wire transfer and to ensure that your payment is sent to Runbox Solutions AS, please select “Pay with other methods” after choosing which products to renew in the payment process. You will then be instructed to pay to the correct bank account number.

If you have any questions, please contact us via https://support.runbox.com.

Continue Reading →

Hardware and software upgrades

March 23, 2012 Leave a comment

We have been hard at work behind the scenes for a while on both hardware and software upgrades of the Runbox email services.

Here’s a summary of what we’re currently working on:

New backup system

Last week we added a new backup system with advanced ZFS storage which triples our backup capacity. Not only does this allow us to store backup for much longer than the current one month, but the backup server is powerful enough to act as production storage in the unlikely event that the main storage systems go down.

New MX servers

We have recently added a new MX (mail exchanger) server as the first step in replacing all of our 3 MX servers. The new server is the first of 3 or 4 virtualized servers and is part of a new configuration regime that lets us roll out new servers much easier than before.

New database servers

Additionally we’re planning to replace the main database server with two new and much more powerful ones. This will not only improve performance of nearly all parts of the Runbox email service but make it much more reliable. We hope to have this completed within 2-3 months.

Other planned server upgrades

We’re also going to start replacing several other units with new, virtualized servers which will make our services much more manageable, flexible, and efficient. We expect these upgrades to be completed with 5-6 months.

Runbox 6

Meanwhile, we’re working on the next generation of the Runbox Webmail. Initially this will mostly be a compatibility upgrade as the entire Runbox web application has been rewritten to work with Mod_Perl2Apache 2. Runbox 6 will have a couple of new features such as message tagging and improved sub-account management, but will more importantly lay the foundation for further enhancements in the time to come.

More information about all these upgrades will be posted in the near future!

Continue Reading →

Tips for choosing and protecting passwords

February 15, 2012 3 Comments

Most people feel that choosing a password is a hassle and consequently spend far too little time on it. However, establishing a good password regime can save you lots of time in the long run and lots of grief by preventing attacks by criminals — and it can even be fun!

How to easily create a great password

Just try to think of a password system that will help you create secure passwords that you can also remember easily. One simple example is to pick the first (or second, third, etc) letter in a sentence you invent. Then substitute some of them for symbols or add some numbers and special characters.

For instance, the sentence:

  • I really think that creating and remembering a complex password is a hassle!
  • …becomes Irttcaracpiah! when selecting the first letter of each word…
  • …which after replacing some of the letters with numbers or symbols ends up as the virtually unguessable Ir++c&racp1ah! (don’t use this password as your own!).

To make the password unique for each service you use, preventing a potential intruder from breaking into more than one account, add words or letters that are associated with each service.

Just think of a sentence and get creative — you can even use full sentences up to 64 characters if you want!

Password selection rules

In general, try to do the following when choosing a password:

  • Avoid using dictionary words and names.
  • Never use sequences of letters or numbers such as “qwerty” or “123456”.
  • Avoid familiar items that someone might guess (names, phone numbers, etc).
  • Use a combination of letters, numbers, and special characters.
  • Use 8 or more characters.

See also:

Protect your password

Once you have chosen a good password you need to protect it from possible attackers.

  • Avoid using one password for all your logins!
  • Try to choose a password you can memorize so you won’t have to write it down.
  • Never share your password with anyone.
  • Avoid logging in from public computers. If you do, then always use https://secure.runbox.com which provides encrypted transfer of all your data.
  • Check the Account page for any suspicious login attempts to your account.
  • Be careful opening email attachments from people you don’t know or trust — it might contain a computer virus, a key logger that will snatch your login information, or other malevolent programs.

Continue Reading →

Phishing messages alert

January 12, 2012 Leave a comment

During the recent days we have detected and neutralized a number of phishing attempts.

The most recent phishing attack is falsified to appear sent from soc@nullus-cert.gov and has a subject starting with Phishing incident report call number.

The message contains an attachment with a name similar to US-CERT Operations Center Report 6458549.zip.

If you receive such a message, please delete or disregard it.

In general, be careful when opening attachments or links in messages from senders you don’t trust.

Also, please remember that Runbox will never ask for your login details, especially not by email. See this page for more information about phishing:

What is spam, and how to avoid it

If you have any questions or concerns, please don’t hesitate to contact us.

Continue Reading →