Hardened web server security

March 31, 2016 5 Comments

We have recently hardened our web server security, giving Runbox an A+ rating on securityheaders.io — in addition to our existing A+ rating on ssllabs.com.

The policies we have implemented are the following:

X-Frame-Options: Tells the browser that we don’t allow the Runbox web site to be framed (included) by other web sites, which defends against attacks like click-jacking.

HTTP Strict Transport Security: Strengthens our implementation of Transport Layer Security (TLS) by making the browser enforce the use of encrypted communication (HTTPS).

Content Security Policy: Protects our web site from Cross-Site Scripting (XSS) attacks.

HTTP Public Key Pinning: Protects us from from Man-in-the-Middle attacks by making sure the TLS certificates used by the browsers are the ones implemented on our servers.

X-XSS-Protection: Sets the configuration for the cross-site scripting filters built into most browsers.

X-Content-Type-Options: Forces browsers to use the declared file content type instead of trying to be too clever, which helps to reduce the danger of drive-by downloads.

These changes will help ensure that your use of Runbox is as safe and secure as possible, and we will continue making security-related improvements in the future.

Continue Reading →

New Webmail design: Runbox Aero

December 23, 2014 19 Comments

2014 has been an exciting year for Runbox and we’ve seen a substantial increase in popularity and growth. This has really boosted our progress — we now have several major upgrades in the pipeline, and we are very happy to be launching a new Webmail design!

Runbox Aero PreviewWe’ve called the new design Runbox Aero because it’s lighter, airier, and simpler — and it makes using email a breeze!

Runbox Aero is inspired by modern, state-of-the-art design, and we have listened carefully to feedback from you in order to make it both aesthetically pleasing and user-friendly.

You can try the new design now by going to
Webmail > Preferences and selecting Runbox Aero from the drop-down menu. Make sure you click Save Settings afterwards!

You will quickly notice some of the improvements, but the following changes are worth mentioning:

Modernized look

  • The font face has been replaced with a larger, lighter, and more modern font. A bolder font face is available in an alternative design.
  • The header has been shrunk to make more room for your email.
  • All the icons have been redesigned and optimized for retina (high resolution) displays.
  • All buttons have been enlarged and are now dark blue to make them easier to see.

Better menu navigation

  • The sub-menus have been enlarged to make them easier to navigate.
  • The Compose button has been moved to the far left and made more prominent.
  • The Folder Management button has been removed — just click Folders at the top of the folder list or the Folder Management link underneath it to access the Folders screen.
  • The Read, Unread, Flag, and Unflag buttons can now be accessed by hovering the cursor over the new Mark button.

Simplified Compose screen

  • The Compose screen has been simplified to only show the most important fields. To see the BCC, Attachments, Tags, and Nicknames fields, just click “Show all fields”.

We hope you like the new design, and please let us know if you have any comments or suggestions!

Continue Reading →

New feature: Tag management

January 26, 2014 4 Comments

Many of our customers use message tags as an alternative to folders in order to organize and categorize their email.

You can now manage your message tags by clicking Tags in the left pane in Webmail, or by going directly to https://runbox.com/mail/tags. The Tag management screen lets you add and delete tags, and get an overview of the messages that are already tagged.

To add a tag to a message, just open the message, select the tag name (or [New tag] to enter a new tag name) and click “Add tag”.

Continue Reading →

Runbox now supports Forward Secrecy

October 1, 2013 4 Comments

In recent weeks there has been some discussion in news outlets about SSL/TLS, which is used by many websites to encrypt the data being transferred between web servers and web browsers.

Since it’s theoretically possible for outsiders to break such encryption, an increasing number of people are requesting improved encryption methods.

What is SSL/TLS?

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic methods used to secure communication on the Internet. By using pairs of private and public keys, the web server and the client can securely encrypt and decrypt the data being transferred between two parties.

Gold-padlock.svgWhen a web browser connects to a website protected with SSL or TLS (indicated by a padlock icon in the browser) it receives the public key from the server, which is then used to encrypt the subsequent communication. The data can only be decrypted using the private key, which resides on the server.

The problem with keys

However, if someone was able to break in and copy the private key from a server, they would theoretically be able to decrypt any communication to/from that server — provided that they were also able to eavesdrop on the communication.

The solution: Unique keys

To counter this it’s recently become possible to configure web servers to issue a unique key pair for every single connection, and immediately destroy the keys once the session is complete.

This method is called Forward Secrecy because it prevents anyone from retroactively breaking the encryption.

Forward Secrecy on Runbox

Runbox has now implemented Forward Secrecy in order to further improve the security and privacy of our services. It’s now virtually impossible to eavesdrop on the data being transmitted between your web browser and Runbox’ web servers — and you don’t have to do anything in order to enjoy this new level of security.

For those who are interested in the technical details, here is an analysis of the security provided by https://runbox.com, which is now our main address:

https://www.ssllabs.com/ssltest/analyze.html?d=runbox.com

Continue Reading →

Moving to Runbox 6

September 30, 2013 3 Comments

In order to improve the security of our email services have moved our front page to a new and upgraded server running Runbox 6 at https://runbox.com.

In preparation for this we have modified Runbox 6 to redirect Runbox 5 users to the corresponding server, if your account settings indicate that you have not yet upgraded to Runbox 6.

In other words, if you have been logging in at https://rmm6.runbox.com and have never clicked the “Switch to Runbox 6” button in Runbox 5, you will be redirected to Runbox 5.

To continue using Runbox 6, please click “Switch to Runbox 6” at the bottom of the folder list in Webmail.

Continue Reading →

New function: Save recipients in Contacts

June 16, 2013 7 Comments

In Webmail > Compose (Runbox 6 only) you now have the option to save the recipients of a message in Contacts.

This option is found next to the Send button, and if checked, it will add any recipients to Contacts that aren’t already listed there. The new contacts will be saved in a separate Group called “Auto-saved” to make it easier to find them in Contacts.

The next time you compose a message, the saved recipients will show up in the Groups and Contacts list to the right. They will also appear as suggested matches when you start typing in the recipient fields.

Continue Reading →

How To Use Email Like a Pro 1: Use Webmail (and IMAP)

February 23, 2013 4 Comments

Use Webmail

With Runbox, all your email is stored securely on our servers and is accessible to you wherever you might be located, regardless of the computer or device you happen to be using.

The easiest and most direct access method is the Runbox Webmail, which immediately provides a complete overview of the folders and messages in your account.

Webmail is easily the fastest method too, because Runbox is a database accelerated system. On the servers, all the key information about each message (sender, subject, date/time, etc) is stored in a database. The Runbox Webmail just has to poll the database instead of checking the content of each message to display the message overview in a folder, which is what IMAP and POP would have to do.

Use IMAP instead of POP

If you want to download email to your computer, mobile phone, or tablet, consider using IMAP (Internet Message Access Protocol) instead of POP. IMAP allows your email client to stay completely synchronized with all your folders on the server while also downloading messages locally.

IMAP not only synchronizes the messages themselves, but also the read/unread status and flags of each message. It will even copy messages you send from your device to the server’s Sent folder.

POP (Post Office Protocol), on the other hand, can only download from one folder (usually the Inbox) at a time, and can be set to delete the messages from the server so that they can’t be accessed from another device.

Stay synchronized with Webmail + IMAP

The combination of Webmail and IMAP is ideal if you use more than one computer or device, if you’re traveling, and if you’d like to stay connected wherever you may be.

You’ll never have to be without your email again!

Continue Reading →

Runbox 6 launched

January 25, 2013 18 Comments

Over the past year and a half we have spent a great deal of time behind the scenes upgrading the Runbox Webmail code. We have also upgraded all the underlying software that powers Runbox, and much of the hardware it runs on.

The Runbox 6 platform

This is the 6th generation of Runbox, and while it may appear similar to Runbox 5 it provides a solid and updated platform for further development of new features. In addition, we have created a software building and deployment system that will enable us to develop new code faster and more securely.

We have already put some new features into Runbox 6 — some minor ones you will discover as you use it, and a few bigger ones:

New Features in Runbox 6

1. Tags: These let you label messages across folders, and will allow you to organize and find messages more easily. To add a tag, open an email, select [New Tag] from the Tags field near the top, enter a tag name, and click “Add tag”. You can now sort messages by your tags in the message list.

2. Improved Account overview: You can now get a full overview of your account’s Data Usage on the Account screen.

3. Sub-account management: You will now be able to manage any sub-accounts you might have in a similar way to the main account and also see detailed information about the usage of the account. Just click the sub-account address in the list after going to Sub-accounts. Note: Sub-account owners can now change the passwords of their sub-accounts and therefore potentially access them.

4. Color themes: You can now choose between 4 color themes by going to Webmail: Preferences and selecting an option from the “Theme” menu. We have also removed they gray background color from all pages to brighten things up a bit.

Try Runbox 6 now

You can start using Runbox 6 now by going to the following link: https://beta.runbox.com/mail?activate_rmm6=YES

This will take you to https://runbox.com, which is also where you will be redirected automatically next time you log in.

We hope you will enjoy the new Runbox! If you have any questions, please add a comment below or open a support ticket at https://support.runbox.com.

Continue Reading →

Font size in Compose screen

May 5, 2012 Leave a comment

There are font size increase/decrease buttons in the lower left corner of Webmail, and these also control the font size in the Compose window in Runbox 5 Basic mode.

Now we have fixed a bug so it also works in Runbox 5 Enhanced mode where the Compose screen opens in a new window.

It doesn’t yet work when writing HTML messages since the HTML editor (TinyMCE) is a separate program and isn’t entirely integrated with Runbox.

For more information about the different versions of Runbox, please see the Webmail Help page.

 

Continue Reading →