Looking for Best Practices for Email Security with Runbox ??

Hi everyone,

I have recently started using Runbox as my main email provider…, and I must say I really appreciate the privacy-focused approach and clean interface. That said…, I want to make sure I am following the best practices when it comes to email security — especially as someone who handles both personal and freelance business communication through Runbox.

I have already enabled two-factor authentication…, but I am curious if there are any additional steps or settings you all recommend: ?? For example, is it better to use the webmail interface or a desktop client with encryption (like Thunderbird with OpenPGP): ?? Are there particular IMAP/SMTP configurations that enhance security: ??

Also, how do you handle suspicious emails or phishing attempts within Runbox: ?? Does the spam filter catch most of them effectively: ??

Would love to hear from more experienced users on how you optimize your email setup for both security and ease of use. Any advice or recommended tools that work especially well with Runbox would be greatly appreciated. I have read these resources Email Privacy, Security and Runbox - Runbox Blog, sap fico course in delhi but still need some more help on this.

Thanks in advance !!

Derek Theler

The most important thing is to clearly determine what you are talking about. Clearly determine what threats you are trying to protect against. Basically, email is not secure, won’t be secure, and shouldn’t be used for anything that needs to be kept private and secure. 2FA will assist in keeping someone else from logging into and taking control of your email account. So will a 32 character random password. That is one threat.

Are you trying to protect against a corrupt Runbox employee? Too bad. What you can do is recognize that the corrupt employee threat seems to be much less likely with Runbox, than Gmail.

I am unable to make use of PGP because my clients won’t use it. The only way to send critically secure information is to encrypt it yourself with a method that allows the end user, who is probably not computer savvy and just wants the information, to decrypt it. Then destroy any unencrypted copy on your computer. I use Bitwarden as a password manager, and send passwords and so forth with their system where I can send a link which will self-destruct in a couple of days. I remind them to remove the information to a secure location and destroy the email. If I have a password they use, for example to their password manager, I also encrypt the text or file with their password.

Information on my computer which must be private and secure is in a Veracrypt vault.

As for spam, I pre-filter with Mailwasher Pro, so much of my spam gets wiped before downloading to my computer. To further reduce spam, I have an Incogni account which continuously removes my data from about 250 data brokers. This has reduced my spam by more than half.

As far as using the web interface or using a program on your computer, nothing is more insecure than your browser. Each tab connects to many content provider sites, and even though you attempt to secure your browser, it is inherently less secure than your computer.