Runbox 7 Webmail beta test update

Runbox 7The Runbox 7 Webmail beta test is progressing quickly and the new webmail app has been updated with many new features since our previous blog post. If you are an existing beta tester and haven’t checked in for a while, we encourage you to do so now!

If you haven’t joined the beta test it’s still possible to participate — just send an email to support@nullrunbox.com with the subject “Runbox 7 Webmail beta test”.

Aside from many improvements to the speed and smoothness of the core functionality, the following features have been added or improved:

  • Drag and drop of messages
  • HTML message handling
  • Resizable folder pane
  • Resizable message preview pane
  • Both horizontal and vertical (3-pane) message preview pane
  • Mobile phone screen improvements
  • Automatic and manual adjustment of message list width
  • Support for sending inline images
  • Multi-message selection
  • Buttons for read/unread, flag/unflag, and report spam/not spam
  • Print version of messages
  • Show folder column in search results
  • Show read and flagged status in message list
  • Pre-load and cache messages in message list view for faster access
  • New font face and message layout

We are working hard to improve the Runbox 7 Webmail further, and appreciate your help in making it the fastest webmail app on the planet!

Check out the screenshots below to see some of the new features.

New look and new font face

The webmail has been updated with more colors and a new font face for improved legibility.

2- or 3-pane message preview

You can now preview messages either in a horizontal pane beneath the message list, or to the right of the message list as shown below.

Toggle horizontal/vertical message preview pane

Easily switch between horizontal (2-pane) and vertical (3-pane) message preview with these buttons in the message toolbar.

Message toolbar

There is now a fully featured message toolbar including Reply, Reply all, Forward, Move to folder, Mark  read, Mark flagged, Report as spam, and Move to Trash.

On the right hand side you will find message view buttons such as Print, Vertical/Horizontal preview, Full height, and Close.

Adjust message list columns

You can now easily adjust both the folder pane width and the message list column widths by using the sliders as shown.

Otherwise the webmail will automatically adjust the column widths to show as much content as possible.

Runbox 7 Webmail closed beta test

Runbox 7

We are excited to announce the closed beta test phase of Runbox 7 Webmail!

This release is not merely an upgrade to our existing services, it’s a bold step into a new world of Webmail apps that will provide unprecedented speed and usability.

Runbox 7 aims to be the fastest webmail on the planet with:

Screenshot sample of Runbox 7 Webmail
Screenshot sample of Runbox 7 Webmail
  • Instant folder views and search results.
  • Endless, smooth scrolling of folder contents.
  • Drag & drop message selection and moving to folders.
  • Incremental, instant search functionality.

The new webmail will be the cornerstone of Runbox 7, and is the first of several development stages that will culminate in a completely new user interface.

Please read on for details about Runbox 7 Webmail and how you can participate in the closed beta test.

Superior speed

Runbox 7 started with a crazy idea:

How can we create a webmail that’s not just faster, but responds instantly?

The solution we developed is a combination of database accelerated email storage, innovative message indexing, and cutting-edge web technology.

When you log into Runbox 7 Webmail, you enter a modern webmail environment built with Angular 5 and Material Design. Your email folders and messages will be shown instantly, giving you an immediate overview of your email.

The spacious layout, clean lines, and powerful engine lets you efficiently navigate the new features and get down to the business of effectively managing your email.

Incremental search

Incremental search
Incremental search

One of the core features of Runbox 7 Webmail is its search capabilities. We have built the search functionality in such a way that the browser doesn’t need to query the server at all.

Not only that, but this webmail will show you search results incrementally while you are typing in the Search field.

You have better things to do than waiting for search results, so we put a lot of effort into making the search function as fast as possible — and this is as fast as it’s possible to get.

Lots of cool functionality

Infinite listing: No more clicking back and forth to navigate your Inbox — just scroll down and the next messages will load automatically.

Threaded view: Want to see your messages in conversation view? Just tick the Threaded checkbox to the top right.

Unread messages: Only interested in the latest news? Tick the Unread checkbox.

Multi-select messages: Want to select many messages in a hurry? Just click the check box  of a message, and drag up or down while holding the mouse button down to select several messages in a row.

Runbox 7 preview pane
Runbox 7 preview pane

Preview pane: Who has time to actually open a message? Just select one in the list and a preview will be shown in the bottom half of the message list pane. To see more, click the ^ arrow in the preview menu.

Hide folders: Want more space for your messages? Just click the icon to the left of the Search area to hide the folder pane.

Draft Desk

Runbox 7 Draft Desk
Runbox 7 Draft Desk

Another key feature of Runbox 7 Webmail is the Draft Desk — a completely new way of  managing drafts.

In our world of non-stop online communication, we often find ourselves multitasking and working on several threads in parallel. With our new Draft Desk you get a full overview of the messages you are currently working on, previewed side by side in an efficient interface.

Simply click on a draft preview to expand it, write down your thoughts, and send, save, or close the message to return to it later.

Mobile ready

We believe that you shouldn’t have to switch between different apps or user interfaces just because you switch between a laptop, a tablet, or a smart phone.

Therefore we built Runbox 7 Webmail to be mobile-ready and responsive from the ground up. This means that it will automatically adapt to your device’s screen size and orientation while retaining the basic functionality you are used to from a regular browser.

Join the closed beta test

To join the closed beta test of Runbox 7 Webmail, contact support@nullrunbox.com with the subject “Runbox 7 Webmail beta test”. If you are selected to participate, we will then be in touch with further details.

Runbox Two-Factor Authentication

Runbox recently launched Two-Factor Authentication (2FA). 2FA is a log in procedure where an additional piece of information is required in addition to your username and account password.

This additional factor is a code that can only be used once, or for a limited period of time.

Two-Factor Authentication
Runbox Two-Factor Authentication

Runbox 2FA currently supports Timed One-Time Passwords (TOTP) and One-Time Passwords (OTP) as additional factors. We are planning to expand this with Yubikey or U2F support.
 

Runbox is the only 2FA-enabled email provider in Norway

NorwayRunbox is located in Norway, which has some of the strongest privacy regulations in the world.

By choosing Runbox as your email provider, your data will be protected by these regulations while ensuring your email is secure from unauthorized access.

Read on to find out how Runbox 2FA works and which options are available.

 

Timed One-Time Passwords (TOTP)

2FA Timed One-Time Passwords
2FA Timed One-Time Passwords

To use this option you will need a smartphone and some free software.

Timed one-time passwords works by giving you a login code which changes over time, in addition to your password.

To get started, download a TOTP app such as Authy, FreeOTP or Google Authenticator onto your mobile phone and follow their instructions.

Note: It is essential that your smartphone has the correct date/time set as this is used by the TOTP app to generate the correct codes that allow you to log in.

 

One-Time Passwords (OTP)

2FA One-Time Passwords
2FA One-Time Passwords

When you enable this option, the system will generate random passwords that you can use only once. Used passwords are discarded automatically and cannot be used again.

You can download the the list of passwords to a computer or mobile device, or you can print them out if necessary. However, you must keep the list secure as these passwords can be used to access your account along with your usual username and account password.

 

 

Trusted browsers

2FA Trusted Browsers
2FA Trusted Browsers

This option allows the server to trust your current web browser so that you don’t have to use a 2FA code. The option places a small piece of code in your browser (a cookie) that tells the server not to require the 2FA details and you can just log in with username and password.

You should only use this method of bypassing 2FA on a computer or device that you are confident nobody else can log in to. You can temporarily turn on/off individual browsers from the trusted list, or you can delete the browser entry entirely which will force that browser to require the 2FA details.

 

Unlock code

2FA Unlock Code
2FA Unlock Code

If for some reason you are unable to log in with 2FA after it has been enabled, this code can be used to disable 2FA.

The code can be used in conjunction with a secure question/answer for additional security.

 

 

New Account Security features launched

We are excited to announce the launch of a new Account Security interface with Two-Factor Authentication (2FA) for Runbox.

This completes more than a year of development, and we are quite proud of the result. The new features will significantly improve the security of your Runbox account when you activate them.

Account Security features

The new Account Security interface includes 4 main features: Two-Factor Authentication, Manage Services, App Passwords, and Last Logins.

Used separately or in combination, these features add extra layers of security to your Runbox account.

Two-Factor Authentication

Two-Factor Authentication (2FA) is a log in procedure where an additional piece of information is required in addition to your username and account password.

This additional factor is a code that can only be used once, or for a limited period of time.

Two-Factor Authentication
Runbox Two-Factor Authentication

Runbox 2FA currently supports Timed One-Time Passwords (TOTP) and One-Time Passwords (OTP) as additional factors. We are planning to expand this with Yubikey or U2F support.

Manage Services

The new Account Security interface lets you disable various services such as IMAP, POP, and SMTP. These are the services you use when using an email app/program to access your mail.

By disabling services you are not using, you prevent attempts at unauthorized access to your account via those services.

App Passwords

You can also set up unique passwords for each of your apps or devices, giving you complete control over the access to your account.

If you then happen to lose a device you can simply delete the corresponding app password, effectively disabling access from that device.

Last Logins

This section shows a list of the most recent login attempts to your account from each service such as web, IMAP, POP, and SMTP.

If you suspect that there have been unauthorized login attempts to your account, you can review this list and take appropriate action.

How to set up Account Security features

To get started, just go to the Account Security screen to set up 2FA and the other security features.

We encourage you to review our Account Security help page for details about the new functionality first. This will ensure that you understand how 2FA works and prevent you from getting locked out of your account.

We welcome any questions or feedback you might have, either as comments to this blog post or via our contact form or support system.

New Web Servers Deployed

Yesterday we deployed our new web servers, which are powering the Runbox web app at https://runbox.com. There are a few changes and improvements that were deployed at the same time, and that we would like to tell you about.

New login screen

Among other things you may have noticed that the login procedure has changed. This is related to the roll-out of our new Account Security features, which include Two-Factor Authentication. We will post more about this soon, but the important thing to note is that the new login regime is more secure than before. This also completes our transition to a new, global authentication system which we have described previously.

If you have problems logging in

If you are experiencing problems logging in, please make sure that your browser has the latest version of the login screen. You can do this by pressing Ctrl + F5 on Windows and Cmd + R on macOS. If this doesn’t help, please try to clear your browser’s cache and restart it. If this doesn’t help or if you are unsure how to accomplish this, please contact Runbox Support.

There are a few other wrinkles on the new web servers that we are currently ironing out, and besides a more powerful and reliable webmail service we have also deployed a new spam filter.

New spam filter in beta

The new spam filter is powered by Cloudmark, which is one of the strongest authorities on spam analysis in the world. You can try out the new spam filter by going to Manager > Filter and selecting “Cloudmark (beta)” under “Detect junk mail”. If you are already using Dspam (the trainable spam filter) you can select “Both” to activate Cloudmark and Dspam.

The Cloudmark spam filter will automatically catch more spam by comparing spam signatures (fingerprints) with the central Cloudmark database. If you click “Not spam” or “Report spam” to correct spam filter behavior in the webmail, a report will be sent encrypted to the central Cloudmark service. Select “Train using reduced email details” to only send a message signature instead of the full message when reporting misclassified messages.

The Runbox Aero webmail theme

And if you haven’t already done so, we recommend that you try out the Runbox Aero webmail theme, which you can find in Webmail > Preferences. This theme has a more modern design and includes larger and more legible fonts.

More new features to come!

Finally, with the new web servers we have also established a streamlined deployment system that makes the path from development to production much more efficient. We won’t bore you with details, but we can say that you can expect more exciting features from Runbox going forward.

Hardened web server security

We have recently hardened our web server security, giving Runbox an A+ rating on securityheaders.io — in addition to our existing A+ rating on ssllabs.com.

The policies we have implemented are the following:

X-Frame-Options: Tells the browser that we don’t allow the Runbox web site to be framed (included) by other web sites, which defends against attacks like click-jacking.

HTTP Strict Transport Security: Strengthens our implementation of Transport Layer Security (TLS) by making the browser enforce the use of encrypted communication (HTTPS).

Content Security Policy: Protects our web site from Cross-Site Scripting (XSS) attacks.

HTTP Public Key Pinning: Protects us from from Man-in-the-Middle attacks by making sure the TLS certificates used by the browsers are the ones implemented on our servers.

X-XSS-Protection: Sets the configuration for the cross-site scripting filters built into most browsers.

X-Content-Type-Options: Forces browsers to use the declared file content type instead of trying to be too clever, which helps to reduce the danger of drive-by downloads.

These changes will help ensure that your use of Runbox is as safe and secure as possible, and we will continue making security-related improvements in the future.

New front page design

As you may have noticed we have upgraded our front page to better convey Runbox’ offering and our values. We hope you like it!

If you would like a simpler login screen, just click the “Simple Login” link underneath the login area (which you can then bookmark in your browser).

New Webmail design: Runbox Aero

2014 has been an exciting year for Runbox and we’ve seen a substantial increase in popularity and growth. This has really boosted our progress — we now have several major upgrades in the pipeline, and we are very happy to be launching a new Webmail design!

Runbox Aero PreviewWe’ve called the new design Runbox Aero because it’s lighter, airier, and simpler — and it makes using email a breeze!

Runbox Aero is inspired by modern, state-of-the-art design, and we have listened carefully to feedback from you in order to make it both aesthetically pleasing and user-friendly.

You can try the new design now by going to
Webmail > Preferences and selecting Runbox Aero from the drop-down menu. Make sure you click Save Settings afterwards!

You will quickly notice some of the improvements, but the following changes are worth mentioning:

Modernized look

  • The font face has been replaced with a larger, lighter, and more modern font. A bolder font face is available in an alternative design.
  • The header has been shrunk to make more room for your email.
  • All the icons have been redesigned and optimized for retina (high resolution) displays.
  • All buttons have been enlarged and are now dark blue to make them easier to see.

Better menu navigation

  • The sub-menus have been enlarged to make them easier to navigate.
  • The Compose button has been moved to the far left and made more prominent.
  • The Folder Management button has been removed — just click Folders at the top of the folder list or the Folder Management link underneath it to access the Folders screen.
  • The Read, Unread, Flag, and Unflag buttons can now be accessed by hovering the cursor over the new Mark button.

Simplified Compose screen

  • The Compose screen has been simplified to only show the most important fields. To see the BCC, Attachments, Tags, and Nicknames fields, just click “Show all fields”.

We hope you like the new design, and please let us know if you have any comments or suggestions!

New feature: Tag management

Many of our customers use message tags as an alternative to folders in order to organize and categorize their email.

You can now manage your message tags by clicking Tags in the left pane in Webmail, or by going directly to https://runbox.com/mail/tags. The Tag management screen lets you add and delete tags, and get an overview of the messages that are already tagged.

To add a tag to a message, just open the message, select the tag name (or [New tag] to enter a new tag name) and click “Add tag”.

Runbox now supports Forward Secrecy

In recent weeks there has been some discussion in news outlets about SSL/TLS, which is used by many websites to encrypt the data being transferred between web servers and web browsers.

Since it’s theoretically possible for outsiders to break such encryption, an increasing number of people are requesting improved encryption methods.

What is SSL/TLS?

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic methods used to secure communication on the Internet. By using pairs of private and public keys, the web server and the client can securely encrypt and decrypt the data being transferred between two parties.

Gold-padlock.svgWhen a web browser connects to a website protected with SSL or TLS (indicated by a padlock icon in the browser) it receives the public key from the server, which is then used to encrypt the subsequent communication. The data can only be decrypted using the private key, which resides on the server.

The problem with keys

However, if someone was able to break in and copy the private key from a server, they would theoretically be able to decrypt any communication to/from that server — provided that they were also able to eavesdrop on the communication.

The solution: Unique keys

To counter this it’s recently become possible to configure web servers to issue a unique key pair for every single connection, and immediately destroy the keys once the session is complete.

This method is called Forward Secrecy because it prevents anyone from retroactively breaking the encryption.

Forward Secrecy on Runbox

Runbox has now implemented Forward Secrecy in order to further improve the security and privacy of our services. It’s now virtually impossible to eavesdrop on the data being transmitted between your web browser and Runbox’ web servers — and you don’t have to do anything in order to enjoy this new level of security.

For those who are interested in the technical details, here is an analysis of the security provided by https://runbox.com, which is now our main address:

https://www.ssllabs.com/ssltest/analyze.html?d=runbox.com