The security and privacy of your email is a very high priority for Runbox, and we know it is for our members too. As such, it is worth reviewing some of the aspects of security that affect your email as it is transferred between you and Runbox and between Runbox and other email services.
There are 3 main areas that are significant:
- The security of the connection between you and the Runbox email service.
- The security of the connection used between the Runbox email service and other email services.
- Securing the content of your email in addition to 1 and 2 above.
If you are using the Runbox Webmail, any email that you send or receive between your computer and the Runbox servers will be encrypted whilst it is transferred. This is the case for email you send and receive.
Similarly, if you are using an email client such as Windows Live Mail, Outlook, Thunderbird or Apple Mail with our mail.runbox.com server, then your email will be encrypted whilst it is transferred between your computer and our servers.
Your email is not currently encrypted while stored on our servers, but the servers are located in a high security facility in Oslo, Norway. You can read more about this on our main website page Secure, Reliable and Sustainable Services.
Whenever our servers send and receive email for you, they will try to use a secure encrypted connection with the email service used by the other person. Our server “asks” the server at the other email service if it can accept a secure connection. If it “replies” saying it can, then the transfer of your email will be done over a secure encrypted connection. This prevents your email being read even if it is intercepted during transmission.
If the receiving server is unable to support a secure connection then email will be transferred using the usual protocols that all email services can use. Unless you have encrypted the content of your email (see part 3 below), it is possible that if it was intercepted during transmission that it could be read.
Runbox has no control at all over whether other email services use secure connections, so whilst this is a very useful facility provided by Runbox (and some other email companies) it is not something you can rely entirely on to keep your email private. In addition, Runbox has no control over how the people you correspond with connect to their email service.
The only way to ensure that your messages are completely private is to encrypt the content of each message before you even send or receive it through Runbox. This means you are not relying on any technologies Runbox or other services employ, and your message will remain private and secure between you and the people you correspond with.
To do this you will need to use some kind of encryption system such as PGP (Pretty Good Privacy). When using this you and your recipient will both need to generate encryption keys that you use to send email to each other. Keys are used to encrypt messages before emails are sent from your computer, and then used to decrypt the messages once they have arrived at their destination computer.
PGP is very secure and as far as the industry knows has not been compromised. However, the need for senders and recipients to both use encryption keys means it is not very convenient and therefore most people do not bother to use PGP or other similar methods.
Runbox is planning to integrate PGP in to our services to facilitate the use of this kind of security.