March 31st, 2016 |
News, Security | 5 Comments
We have recently hardened our web server security, giving Runbox an A+ rating on securityheaders.io — in addition to our existing A+ rating on ssllabs.com.
The policies we have implemented are the following:
X-Frame-Options: Tells the browser that we don’t allow the Runbox web site to be framed (included) by other web sites, which defends against attacks like click-jacking.
HTTP Strict Transport Security: Strengthens our implementation of Transport Layer Security (TLS) by making the browser enforce the use of encrypted communication (HTTPS).
Content Security Policy: Protects our web site from Cross-Site Scripting (XSS) attacks.
HTTP Public Key Pinning: Protects us from from Man-in-the-Middle attacks by making sure the TLS certificates used by the browsers are the ones implemented on our servers.
X-XSS-Protection: Sets the configuration for the cross-site scripting filters built into most browsers.
X-Content-Type-Options: Forces browsers to use the declared file content type instead of trying to be too clever, which helps to reduce the danger of drive-by downloads.
These changes will help ensure that your use of Runbox is as safe and secure as possible, and we will continue making security-related improvements in the future.
February 12th, 2016 |
News, Security | 3 Comments
Today we have upgraded the TLS (Transport Layer Security) of our incoming email servers to support version 1.2, which is the most recent. This means that when email is sent to Runbox from other services, the highest level of encryption will be used if the other service supports it.
This also means that all communication between your email program and Runbox now uses TLS 1.2 (if supported by your email program).
January 24th, 2016 |
New Spam Filter Servers
As part of our ongoing fight against spam, Runbox has recently deployed a new cluster of spam filter servers and made a few changes to how we deal with spam.
We now block a lot more spam by rejecting connections from servers that are known to send spam. Most of these connections are from virus infected computers, and it is relatively easy to identify these machines via their IP addresses.
Another change we’ve made is to upgrade SpamAssassin so that it performs more extensive checks of incoming mail.
This is the first among several steps we are taking to clear your Inbox of spam, and we will post more news about this in the near future.
Changes to Bulk Mailing Policy
We’ve also decided to tighten our policies on bulk mailing using Runbox’ outgoing email servers to prevent Runbox from ending up on blacklists used by other email services.
As email use continues to grow and more people around the world are online, so does the amount of email sent for marketing and promotional reasons. Often mailing lists are badly managed and people receive email they no longer want, so they mark them as spam instead of unsubscribing from them.
Meanwhile spam systems are getting smarter, and email providers create statistics from the actions of their customers. If a customer marks a message as spam (whether it is spam or not), this is recorded in a database, and it can result in those domains and server IP addresses being blocked.
Only a very small number of Runbox customers use our services for marketing and promotional messages, but this can still have an adverse affect on all Runbox customers. Therefore we have decided that Runbox can no longer be used for bulk mailing, and we are now changing our Terms of Service to reflect this.
If you are using, or are planning to use, Runbox for bulk mailings, please see our page about Bulk Mailing and contact Runbox Support.
December 31st, 2015 |
News | 9 Comments
We’re about to start a new year and we’d like to take the opportunity to thank you for your business in 2015 and provide a quick status update.
We’ve spent much of the year steadily growing and improving our email services, mainly focusing on our new IMAP services and improving our server infrastructure.
Additionally, we have been developing 2FA support, working on a new spam filter, and implementing calendar services. These projects are now close to completion, and we expect them to be ready for beta testing early in the new year.
We have also had some other events worth mentioning, such as a new front page that sets Runbox apart from the crowd, a DDoS (Distributed Denial of Service) attack from a group that tried to extort USD 5000 from us but who later gave up and apologized, and being mentioned in The New York Times, Forbes, and The Washington Post as a service focusing on security and privacy.
And, if you haven’t tried the Aero webmail theme yet, you are definitely missing out!
We plan to make next year even better than this one, so stay tuned…
November 27th, 2015 |
News | 1 Comment
There are two main ways that people access their Runbox email. The first is our webmail service available on our website, and the other is via some kind of email program that might be on a computer, laptop, smartphone or tablet. If you use an email program, you will be using either our IMAP or POP service to download your incoming mail. IMAP and POP are ways in which email programs communicate with our servers to collect your mail.
We officially launched our new Dovecot IMAP service on mail.runbox.com in August, and we have been pleased with the number of customers who are moving across to this better IMAP service.
However, feedback we’ve received shows that some customers would like more time to make the switch. Therefore we are going to keep the old Courier-based IMAP service running for the time being, and will decide upon on a new retirement date in the future.
Why should I switch to the new IMAP service?
The new IMAP service provides a faster and more reliable way of accessing your mail, and also fixes a number of issues that were reported with some email apps when using the old service.
Because we need to focus increasingly on the new service, starting in January 2016 we will recommend you switch to the new service instead of providing technical support for the old IMAP service. We will of course help you switch to the new service whenever you choose to do so.
NOTE: If you are using POP you don’t need to do anything. If you’re not sure whether you’re using IMAP or POP, please contact Runbox Support.
How do I make the switch?
Setting up your account as a fresh set up usually works best, but if you just wish to change your settings without setting up your account from the start, then we have instructions for our recommended email clients that show you how to do this.
The documentation for our recommended email programs was updated a while ago to show the new server details. If you are using IMAP and keep all of your mail on our servers, you can set up your account again from the start using the details in those instructions.
If you have any questions regarding switching to the new IMAP service, please contact Runbox Support.
November 10th, 2015 |
News | 15 Comments
Between November 4-6, Runbox experienced powerful DDoS attacks by a group calling themselves “Armada Collective”. Other security oriented email services such as ProtonMail, Hushmail, and Neomailbox were also attacked, as recently reported by Forbes.
The initial threats and attacks that attempted to extort money were withdrawn by the attackers on Saturday morning, when they offered an apology.
During the attacks we were focused on coordinating with our partners, putting in place countermeasures, and providing our customers with necessary information. Since the situation was unclear and evolved quickly, we decided to not publish any details that could inform the attackers in any way.
The situation is now under control and we are publishing this summary of the events as it may help shed light on what transpired against both Runbox and the other services that were attacked.
Read the rest of this entry »
November 6th, 2015 |
News | 32 Comments
We are currently being attacked again, and are working with our partners to deflect the attack. At the moment our email services are inaccessible.
We greatly appreciate your support and will do everything we can to resume normal operations.
If you can’t reach our regular websites, please see http://status.runbox.com and https://twitter.com/Runbox for updates.
Read the rest of this entry »
November 5th, 2015 |
News | 10 Comments
Yesterday and today Runbox was subject to Distributed Denial of Service (DDoS) attacks. This was initiated by a group that have threatened that if Runbox does not pay them a large amount of money, further attacks will take place in the coming days.
We were able to successfully mitigate against the effects of both incidents. During the initial attack we were down for around 15 minutes before we could put a solution in place. Today our customers should not have noticed any effects of the attack.
We think the attacks might be scaled up in the coming days.
Read the rest of this entry »
November 4th, 2015 |
News | 7 Comments
We had a DDoS (Distributed Denial of Service) attack on our email services today, preventing some users from accessing our servers for a short time.
Together with our server management and hosting partners we mitigated the attack. There might be more attacks in the coming days, so please check our blog, support page or Twitter page for updates if you can’t access our email services.
October 8th, 2015 |
Status | 1 Comment
On Monday, October 12 at 0600 CEST we will replace an email storage unit, and our email services will unfortunately not be accessible while we switch servers.
The downtime will start at approximately 0600 CEST (0400 GMT, 0000 EDT) and last for 30-45 minutes.
Runbox will accept incoming email to your account during the downtime, and those messages will be delivered when the operation is complete. It will however not be possible to send email.
We apologize for any inconvenience caused, and recommend that you check your email before or after the scheduled maintenance window.
To find the local time where you are for this maintenance, please see the time conversion at timeanddate.com