Harden Runbox

According to https://www.hardenize.com/report/runbox.com/1582956109, runbox does not support many things, such as DNSSEC and DANE etc. Is there an effort on improving those? Due to these things, you were not considered for privacytools.io.

Hi @samons and thanks for your message.

Yes, we have initiated work on DNSSEC, and DANE and CAA are on our todo list. DMARC and TLS-RPT do not yet seem mature enough to implement, but we are looking at ways to support at least the former in a reliable way.

– Geir

I was wondering what had happened to runbox and some other email providers at that privacytools list, and here it is the answer… well, looking forward to future developments, but I’ll still be sticking with runbox as my email provider of choice. Cheers and keep up the good work!

  1. Ciphers
    At least one of your mail servers supports one or more ciphers that have a phase out status, because they are known to be fragile and are at risk of becoming insufficiently secure.
    Mail server MX First found affected cipher
    aibo.runbox.com. AES256-GCM-SHA384 phase out!

  2. Key exchange parameters (https://en.internet.nl/mail/runbox.com/328990/#control-panel-17)
    At least one of your mail servers supports insufficiently secure parameters for Diffie-Hellman key exchange.
    Mail server (MX)|Affected parameters
    aibo.runbox.com. DH-2048 insufficient!

  3. DMARC policy is not sufficiently strict.
    DMARC record
    v=DMARC1; p=none; pct=100; rua=mailto:dmarc@runbox.com

  4. DANE

  5. IPv6 - OK, missing IPv6 is not a problem, just a missing feature.