We are currently being attacked again, and are working with our partners to deflect the attack. At the moment our email services are inaccessible.
We greatly appreciate your support and will do everything we can to resume normal operations.
If you can’t reach our regular websites, please see http://status.runbox.com and https://twitter.com/Runbox for updates.
Yesterday and today Runbox was subject to Distributed Denial of Service (DDoS) attacks. This was initiated by a group that have threatened that if Runbox does not pay them a large amount of money, further attacks will take place in the coming days.
We were able to successfully mitigate against the effects of both incidents. During the initial attack we were down for around 15 minutes before we could put a solution in place. Today our customers should not have noticed any effects of the attack.
We think the attacks might be scaled up in the coming days.
We had a DDoS (Distributed Denial of Service) attack on our email services today, preventing some users from accessing our servers for a short time.
Together with our server management and hosting partners we mitigated the attack. There might be more attacks in the coming days, so please check our blog, support page or Twitter page for updates if you can’t access our email services.
On Monday, October 12 at 0600 CEST we will replace an email storage unit, and our email services will unfortunately not be accessible while we switch servers.
The downtime will start at approximately 0600 CEST (0400 GMT, 0000 EDT) and last for 30-45 minutes.
Runbox will accept incoming email to your account during the downtime, and those messages will be delivered when the operation is complete. It will however not be possible to send email.
We apologize for any inconvenience caused, and recommend that you check your email before or after the scheduled maintenance window.
To find the local time where you are for this maintenance, please see the time conversion at timeanddate.com
After careful consideration we have decided to adopt a stricter policy with regards to SPF (Sender Policy Framework) records for our own Runbox domains.
Note: This does not affect domains owned by our customers.
SPF records are used as a way to determine if email addresses are being spoofed in sent mail. They allow domain administrators (Runbox in this case) to specify which servers are allowed to send email for the domains they control.
If you receive messages with the subject “ATTN: RUNBOX ACCOUNT USER” that appears to have been sent from “RUNBOX HELPDESK“, please delete them.
We are deleting all the instances of these messages we can find on the Runbox servers, but we might miss some.
These messages are not sent from Runbox staff and are an attempt to trick Runbox customers into entering their login information at malicious websites.
For more information about phishing, please see the Phishing section of this article.
After doing some tuning to our central database yesterday we have been able to increase the speed of all our email services significantly.
This is especially noticeable when using the Webmail, but email clients using IMAP and POP should also be faster.
This was made possible because Runbox is a database accelerated email system, where all basic message data is stored in a central database. This means that our various services don’t have to open any actual files on the storage units to display folder contents. Only when a message is opened do the services access the message files themselves.
We’d be interested in hearing if Runbox is running faster for you. Meanwhile we’ll continue working to improve the performance of our services!
We are pleased to announce the official launch of our new IMAP server software.
We’ve been extensively testing and improving the new Dovecot-based software in an open beta phase for several months. We are now very happy with how it’s performing, and it resolves several issues with our current IMAP software (see below).
We will therefore be moving to the new software and will retire our existing Courier-based IMAP servers. Since the new software uses a more standardized configuration, all IMAP users will need to change their settings by December 1, 2015.
Note: If you have already changed your email client’s settings as part of the open beta phase you don’t need to do anything.
Due to necessary reorganization of our email server infrastructure, all Runbox email services will be inaccessible for a short period on Monday 17.08 at around 06:00 CEST (04:00 GMT, 0:00 EDT).
The downtime should last less than 5 minutes.
We apologize for any inconvenience caused.
If you receive messages with the subject “Pending message” that appears to have been sent from “Runbox Admin” <cusdept@nullrunbox.com>
or
Subject “Account Update” that appears to come from “MEMBERSHIP SERVICE” <membership@nullrbox.com>, please delete them.
We are deleting all the instances of these messages we can find on the Runbox servers, but we might miss some.
These messages are not sent from Runbox staff and are an attempt to trick Runbox customers into entering their login information at malicious websites.
For more information about phishing, please see the Phishing section of this article.
