Updating our SSL certificates to SHA-256

This is a technical post. The important points to take away are that if, like most of our customers, you’re using FastMail’s web client with a modern, regularly updated browser like Chrome, Firefox, Internet Explorer or Safari, then everything will be fine. If you’re using an old browser or operating system (including long-unsupported mobile devices like old Nokia or WebOS devices), it may start failing to connect to FastMail during December, and you’ll need to make changes to the settings you use to access FastMail. Read on for details.

For many years the standard algorithm used to sign SSL certificates has been SHA-1. Recently, weaknesses have been exposed in that algorithm which make it unsuitable for encryption work. It’s not broken yet, but it’s reasonable to expect that it will be broken within the next year or two.

A replacement algorithm is available, called SHA-256 (sometimes called SHA-2), and its been the recommended algorithm for new certificates for the last couple of years.

Back in April, we updated our certificates with new ones that used SHA-256. This caused problems for certain older clients that didn’t have support for SHA-256. After some investigation, we reverted to SHA-1 certificates.

Recently Google announced that they would start deprecating SHA-1 support this year. Chrome 40 (currently in testing, due for release in January) will start showing the padlock icon on fastmail.com as “secure, with minor errors”. Crucially, it will no longer display the green “EV” badge.

As a result, we are intending to update our certificates to SHA-256 during December. Its something we wanted to do back in April anyway, as we’d much prefer to proactively support modern security best practice rather than scramble frantically to fix things when breaches are discovered.

Unfortunately, this will cause problems for customers using older browsers. Most desktop browsers should not have any problem, though Windows XP users will need to update to Service Pack 3. Many more obscure devices (notably Nokia and WebOS devices) do not support SHA-256 at all, and will not be able to connect to us securely.

We will be attempting to support a SHA-1 certificate on insecure.fastmail.com and insecure.messagingengine.com, but only if our certificate authority will agree to issue one to us. Once we have that information I’ll update this post.

If you have any questions about this change, please contact support.

Further reading:

Recent interviews on Rocketship.fm and DomainSherpa.com

I was recently interviewed by two separate sites. Since these interviews cover some of the history of FastMail, the purchase by Opera and re-sale back to the staff, and our recent acquisition of fastmail.com, I thought it might be interesting to some of our users.

Why You Should Charge from Day One

http://rocketship.fm/episodes/ep-79-rob-mueller/

After 15 Years, FastMail Finally Acquires Their .Com – With Rob Mueller

http://www.domainsherpa.com/rob-mueller-fastmail-interview/

FastMail app for iOS and Android now available

Today we’re proud to announce the release of the FastMail app for your iPhone, iPad, iPod and Android devices. You can get it right now from the App Store (iOS) or the Play Store (Android).

 Download on the App StoreGet it on Google Play

Our apps have been designed to combine our lightning-fast mobile web app with device features normally only available to native apps, most notably push notifications.

iOS notificationAndroid notification

On Android, you’ll even find support for your smartwatch!

Android Wear notificationPebble notification

More information about the FastMail app is available in our help.

Posted in News. Comments Off

About our first fastmail.com customer

Since we rolled out our new fastmail.com domain last week, we’ve had 10,000’s of users use the domain to rename, signup and create aliases.

We decided to have a quick look through our logs and find the first customer to use fastmail.com and ask them a few questions about themselves and FastMail. Thanks for taking some time out to answer questions for us Joe D!


What country & city do you live in?

Newcastle, Australia

What do you do for a living?

I’m a software developer at a services company for the mining and energy industries in Australia.

How long have you used FastMail?

I signed up to FastMail when I was in high school, back in 2002. I’ve been pretty happy since then. My home address changes more often than my email address.

How did you find out about FastMail?

It was so long ago, I honestly don’t remember!

Why do you use FastMail?

I love FastMail for the power-user features. I like being able to set up Personalities to send from different email addresses, and being able to control every aspect of my email filtering through Sieve scripts. Plus I seem to get way less spam than at addresses I’ve tried at other providers.

What domain was your previous FastMail address at?

I have a few addresses on the mailbolt.com domain, which I’ll continue to use for certain things like store memberships, news subscriptions, banking and bills. I also have a "junk" address on this domain, since every website and his dog requires you to sign up and provide an email address these days.

Why did you want a fastmail.com address?

It’s nice and simple. It looks great written, and I can tell it to someone over the phone without having to repeat bits of it.

Were you actively waiting for the opening up of fastmail.com on the day?

I’m a little embarrassed to admit I had some help on this one. I had a program monitoring the FastMail website for the exact moment fastmail.com became available, so that I could register my address straight away. Is this taking email too seriously?

Do you plan to use your new @fastmail.com address as your primary address? Have you told people about it yet?

It’ll be my new personal address to give out to people online and in person. I’ve only told a few people so far, but it will get more and more use over time.


We’ve sent Joe a T-Shirt from our RedBubble store for his time.

Of course there’s always going to be a rush for the most popular names, so we hope everyone managed to get the fastmail.com address they wanted. If not, remember you can also signup your own domain (personally, we use gandi.net) and use that for receiving email (Enhanced or higher personal accounts, or any Family/Business accounts required).

Thanks for reading

The FastMail Team

Posted in Marketing. Comments Off

FastMail has moved to fastmail.com, @fastmail.com email addresses now available

As discussed in a blog post earlier this week, we’ve now moved FastMail to fastmail.com. This means when you go to https://www.fastmail.fm, you’ll immediately be redirected to https://www.fastmail.com.

Does this affect my existing address or aliases?

Not at all, they will continue to function exactly as before. The only difference is the web address you’ll see in your browser when you log in to our website. This applies to all domains we host, not just @fastmail.fm.

How can I get an @fastmail.com email address?

With the exception of legacy guest and member accounts, you can add an alias (additional address) to your account, or you can rename your account to a new username @fastmail.com right now. Just go to https://www.fastmail.com, login to your account and go to Advanced -> Aliases to add an alias, or Advanced -> Rename account to rename your account.

All addresses are available on a first come, first served basis. We decided on this approach because we already offer many domains, so there might be joeblogs@fastmail.fm, joeblogs@fastmail.us, joeblogs@fastmail.net, joeblogs@myfastmail.com, joeblogs@eml.cc, etc. and we don’t think any particular user and any particular domain should get priority over another.

In the interests of fairness, we are only allowing each account to register one alias @fastmail.com. New users will be able to sign up an address @fastmail.com as well.

Email client users (e.g. Thunderbird, Apple Mail, Outlook, etc)

If you access your email through an email client, there’s no change. Everything will continue to work exactly as before.

Posted in News. Comments Off

beta.fastmail.fm now redirects to beta.fastmail.com

In preparation for our our move to fastmail.com, we’ll be doing some testing on beta.fastmail.fm. So if you use the beta server, expect some changes and potential issues over the next few days.

Currently that means if you go to beta.fastmail.fm, you’ll immediately be redirected to https://beta.fastmail.com. This is expected. Note that you can’t currently create @fastmail.com aliases or rename your account to @fastmail.com. This is expected. This will only be available from Thursday as described in the original blog post.

Posted in Technical. Comments Off

FastMail is moving to fastmail.com

On Thursday, 23rd October 2014, we are moving the main FastMail website from fastmail.fm to fastmail.com. We intend to make the transition as seamless as possible, but we wanted to give you advance warning. Below are some more details for users regarding this change:

Email client users (e.g. Thunderbird, Apple Mail, Outlook, etc)

If you access your email through an email client, there’s no change. Everything will continue to work exactly as before.

Web interface users

If you use our web interface, from Thursday when you go to fastmail.fm you will be redirected automatically to fastmail.com. Any existing sessions will be transferred across, so if you were logged in at fastmail.fm, you’ll be logged in at fastmail.com. The only difference you should see is in the address bar in your browser.

Password manager users

If your password is normally filled in automatically for you by your browser or password manager, you’ll need to make sure you know what it is. For security reasons most password managers will only fill in your password on the domain where it was first used, and since we’re moving domains from fastmail.fm to fastmail.com, they’ll fail to work automatically. If you don’t know what your password is, we’ve got instructions on how to find it in all major browsers. Your password manager should prompt to save it again the first time you log in at fastmail.com, so don’t worry, you still won’t have to memorise it!

Does this affect my @fastmail.fm email address?

Not at all, this will continue to function exactly as before. The only difference is the web address you’ll see in your browser when you log in to our website.

How can I get an @fastmail.com email address?

With the exception of legacy guest and member accounts, you will be able to add an alias (additional address) to your account, or you will be able to rename your account to a new username @fastmail.com.

In the interests of fairness, we are only allowing each account to register one alias @fastmail.com. New users will be able to sign up an address @fastmail.com as well. All addresses will be available on a first come, first served basis, starting as soon as the transition to fastmail.com occurs.

When exactly will @fastmail.com email addresses become available?

An exact time on Thursday hasn’t been decided yet. Please keep an eye on this blog for further details.

Posted in News. Comments Off
Follow

Get every new post delivered to your Inbox.

Join 5,752 other followers