Secure SSL/TLS access to LDAP and DAV now mandatory

Over the last few years we’ve been phasing in mandating SSL/TLS encryption on all connections between user machines and our servers, ensuring that no one can eaves drop on your username or password to steal your login credentials.

We’re continuing with that process today by disabling non-SSL/TLS access to all LDAP and DAV services. We emailed everyone we believe that was using these services a few weeks ago to inform them of the upcoming change.

This means if you use LDAP to access your address book, you must use port 636 with SSL/TLS enabled.

If you use DAV to access files in your file storage, you must use https://dav.messagingengine.com, not http://dav.messagingengine.com (note the additional “s” in https://).

Posted in News. Comments Off

Calendar now available on beta.fastmail.fm for testing

We’re very excited to have released the web UI for our new calendar on to our beta server for public testing at https://beta.fastmail.fm.

To access, simply log in to your FastMail account at https://beta.fastmail.fm and select "Calendar" from the menu in the top left.

Note: The calendar is only available when you log in to the new user interface (the default). If you use the “Classic” user interface (by explicitly selecting it at login time or because you have an older browser like IE6/7 which doesn’t support the new interface) the calendar will not be available. We currently have no plans to port the calendar to the classic user interface.

Tips and tricks

  • Open the settings and select the new Calendar panel to enable a few advanced features, create new calendars and make sure your time zone is set correctly
  • You can drag and drop events to move them (or hold down alt whilst dragging to copy).
  • There are keyboard shortcuts for navigating (try j/k, or hit g), and also for the buttons in the action bar at the top (hover over the button to get a tooltip with the shortcut).

Sync to mobile/calendar software (CalDAV)

You can also sync your calendar with your mobile device as long as your device supports the CalDAV protocol (iOS supports it natively, Android requires a separate program, CalDAV-Sync works well, it costs around US$2). The required details are:

Most clients should correctly auto-discover your calendars. If that fails, you might need to setup the full CalDAV path in your client which is:

Make sure you replace fullfastmailusername@domain with your full FastMail username and domain.

Access restrictions

Not all service levels have access to the Calendar features.

Web UI

Available to all levels except legacy Guest and Member accounts (at the moment, the link is shown but events will not save; we will improve the UI here to make it clear that the calendar is not available to these service levels)

CalDAV

Available to:

  • Enhanced and Premier level accounts (Personal/Family)
  • Standard, Professional and Enterprise level accounts (Business)

That is, these levels do not have CalDAV access: Guest, Member (legacy). Lite, Full (Personal/Family). Basic (Business)

Current known issues and missing features

We’re actively working on all these issues.

  • There are currently some layout issues in older browsers. Supported browsers for now are: Chrome 21+, Firefox 22+, Opera 12.1+, Safari 6.1+, IE9+.
  • Alerts do not work yet (you can set them in the event editor, but no alert will be shown when they are triggered).
  • Email reminders do not work yet (you will not be sent an email).
  • Emails are not yet sent out to people invited to an event.
  • An email is not currently sent when you respond to an invitation in the calendar view.
  • Integration with the mail part of our web UI (save attached event to calendar etc.)
  • Support for files attached to events.
  • Support for calendar sharing between users in a family/business
  • Support for subscribing to public iCal files and showing them in your calendar.
  • An easy way to import/export calendar data.

Please post bug reports, feature suggestions or other comments either in the forums or email us at betafeedback@fastmail.fm. We can’t respond to everything, but we do read it all.

Posted in News. Comments Off

Increased storage quotas and other service level changes

we’ve made some changes to our service levels. These changes simplify pricing, unify personal and family service levels, make it easier to migrate from other services to FastMail and give the vast majority of users an increase in storage at no extra cost.

All accounts

All prices have been rounded to the nearest dollar. The existing $x.95 pricing on all accounts made comparing prices more difficult for users, so we’ve changed to just using whole dollar pricing on all accounts to make comparisons simpler and clearer.

Personal accounts

  • Ad Free has been renamed to Lite. Now that we don’t have free Guest accounts, the name is an anachronism since no accounts have advertising.
  • All Lite (previously Ad Free) and Enhanced accounts have increased email and file storage quotas. Full accounts have increased file storage quotas.
  • The price of the Lite account is now $10/year. We will email all existing Ad Free users about this change shortly with information about how to lock in the existing pricing for some years.

The complete list of new quotas and names are:

    Old quota New quota
Lite
(was Ad free)
Email:
Files:
100 MB
2 MB
250 MB
100 MB
Full Email:
Files:
1 GB
100 MB
1 GB
1 GB
Enhanced Email:
Files:
10 GB
2 GB
15 GB
5 GB
Premier Email:
Files:
60 GB
30 GB
60 GB
30 GB

Family accounts

We’ve renamed all the family service levels to be the same as the personal service levels, and also have the same quotas as the corresponding personal service level.

This means that if you manage more than one account, it’s much easier to switch to a family account. There’s no concern about having slightly different quotas and having to deal with all the different service level names, it’s a straight forward conversion from a personal account to the corresponding family account.

So now the main differences with family accounts compared to personal accounts are:

  • A single billing cycle and credit card for all accounts in the family
  • Add/change/delete accounts in the family from your management accounts at any time
  • Ability to have account names in your own domain (e.g. john@yourdomain.com)
  • Ability to have your own login screen at http://mail.yourdomain.com
  • It’s an extra $5/year for the family "container"

The complete list of new quotas and names are:

    Old quota New quota
Lite Email:
Files:
200 MB
6 MB
250 MB
100 MB
Full
(was Everyday)
Email:
Files:
800 MB
600 MB
1 GB
1 GB
Enhanced
(was Superior)
Email:
Files:
8 GB
6 GB
15 GB
5 GB
Premier
(new)
Email:
Files:
N/A
N/A
60 GB
30 GB

Business accounts

All Basic, Standard and Professional accounts have increased email and file storage quotas. The complete list of new quotas are:

    Old quota New quota
Basic Email:
Files:
250 MB
2 MB
500 MB
100 MB
Standard Email:
Files:
1.5 GB
100 MB
2 GB
1 GB
Professional Email:
Files:
15 GB
6 GB
25 GB
10 GB
Enterprise Email:
Files:
150 GB
60 GB
150 GB
60 GB

We’ll be emailing these details to all users shortly.

Posted in News. Comments Off

Faster than native, introducing FastMail’s new mobile web interface

For the last few months we’ve been beta testing a new mobile user interface. We feel it’s now ready for general use and have just rolled it out to production.

To access the new interface, just go to https://www.fastmail.fm in a web browser on your phone/mobile device and log in to your FastMail account. If your phone supports it (iOS 6+, Android 4+, Windows Phone coming soon), you’ll automatically get the new interface.

This new interface is built on the same underlying technology as our current desktop interface, and thus includes all the advanced features of that interface including instant actions, conversations and fast cross-folder searching.

We’ve also worked hard to make the new interface feel perfectly natural as a finger driven mobile interface. We’ve placed tap targets near where fingers are likely to be and added swipe actions to allow quick archiving or deleting of emails. Simple transitions make it clear where you are in the interface at any time making it easy to navigate.

But most importantly, the new mobile interface is fast! We’ve gone to great lengths to reduce the number of round trip requests between your phone and our servers, making the interface load and feel fast even over the high latency connections of mobile networks. In many cases, it is faster than a dedicated email app.

We’re pushing the limits of what’s currently possible with a web based application and think the results speak for themselves. Below we’ve created a short video showing a few key features. Take a look, then try it out by logging in or signing up at https://www.fastmail.fm.

Posted in News. Comments Off

Updated privacy policy

After the recent sale of FastMail back to the developers, we decided it was a good time to review and update our privacy policy. We hope this makes it clear that we strongly value our users privacy and will continue to do so in the future.

The new policy is available at https://www.fastmail.fm/help/overview_privacy.html and is included below.

The FastMail Team


Privacy Policy

At FastMail, we take the privacy of our users very seriously. We want to make our policies on managing your data clear and understandable, so we’ve tried to write our privacy policy in plain English. If you have any further privacy concerns we haven’t addressed, please email privacy@fastmail.fm.

Jurisdiction

FastMail is an Australian company and as such is subject to Australian law. Australia has strong privacy laws in relation to email, specified in the Telecommunications (Interception and Access) Act 1979. The Electronic Frontiers Australia organisation has an excellent summary; this privacy policy tries to make it clear how it applies in practice to FastMail.

Surveillance and law enforcement

We do not participate in, or co-operate with, any kind of blanket surveillance or monitoring. (We also point out that Australia does not have any equivalent to the US National Security Letter, so we cannot be forced to do something without being allowed to disclose it.)

We also take technical measures where feasible to prevent surveillance of our users occurring without our co-operation, such as:

  • using encrypted SMTP for sending your mail when the receiving server supports it.
  • mandating encrypted access for webmail, IMAP and POP.
  • using Perfect Forward Secrecy where possible for all encrypted connections.
  • encrypting communications between our data centres.

Like any company, we can never guarantee our measures are 100% effective, as we don’t know the full capabilities of any attackers. However, these measures do act to increase the difficulty and expense of any surveillance.

As an Australian company, we are required to disclose information about specific individual accounts to properly authorised Australian law enforcement with the appropriate supporting documentation. This means we need to see a warrant signed by an Australian judge before we will hand over any email data. Such requests must always be for specific accounts; we do not participate in or co-operate with "fishing expeditions". As a guideline, in the last year we disclosed information on fewer than 50 accounts.

We do not directly disclose any information about our users to law enforcement from outside Australia, and indeed our understanding of Australian law is that it would be illegal for us to do so.

Overseas law enforcement may apply via an appropriate mutual assistance treaty to obtain information on our users. If the request is approved, then Australian documentation will be issued for disclosure of this information.

This distinction may seem academic, but in our experience the extra administrative overhead, and the additional layers of judicial oversight mean that we receive very few valid requests that originate from overseas and they must always be targeted at specific accounts.

We do not condone illegal activity. We deal with all law enforcement requests personally and we are satisfied that all we have seen are justified.

Data mining and profiling

We do not sell or give information about our users to any third parties. Payments are securely handled via Pin, Global Collect or PayPal; your credit card details are never transmitted to our servers. Pin and/or Global Collect store your credit card details and address for the purpose of future payments with FastMail, unless you have requested your payment details not to be stored. Pin’s privacy policy is available at https://pin.net.au/privacy. Global Collect’s privacy policy is available at http://www.globalcollect.com/Privacy-statement/. PayPal’s privacy policy varies depending on your country of residence; you can select your country to find the relevant privacy policy at https://www.paypal.com/webapps/mpp/ua/legalhub-full.

Incoming messages are scanned for the purpose of spam detection unless you disable spam protection for your account. We may also scan some outgoing messages with the same software to prevent people using our service to send spam. Emails you report as spam are automatically analysed to help train our spam filter. Also, if enabled, emails reported as spam are forwarded on to some external email reporting services. These services aim to help monitor and reduce overall spam on the Internet. Currently the services we report to are Return Path and LashBack. These may change in the future. If you don’t want this, you can disable the reporting in the FastMail advanced settings.

To make message searching fast, we build an index of your messages (this is a table, just like you would find at the back of a reference book, in which you can look up a word to quickly find the emails in which it appears).

No information from any of these activities is used for any other purpose, or to compile any kind of profile on our users.

Data retention

We retain backups of deleted messages for at least a week. This is for the purpose of restoring messages in case of accidental deletion. After this point, deleted messages will be purged from all our backups, although the time this takes to happen may vary due to automated load balancing.

We normally keep logs of email and server activity for up to 6 months. This is for the purposes of diagnosing and fixing problems, which are often reported to us weeks or months after they occur. Message subjects may be contained in these logs, but not message bodies. Aggregate or anonymous data, which cannot be linked to individual user accounts, may be kept for longer periods, for the purpose of improving the FastMail service.

Backups and logs may be kept longer than these limits in special circumstances. For example, if a problem is taking a long time to resolve, logs relevant to that investigation may be retained. Or if a server that contains backups or logs is temporarily offline because of a fault, then those backups or logs may not be deleted until the server is brought back up.

These situations are unusual, however, and when they do occur, they are temporary.

Account deletion

Should you close your account, all data will be permanently deleted 7 days after closing. It may take a further 2 weeks to purge from all our backups.

Posted in News. Comments Off

Exciting news: FastMail staff purchase the business from Opera

In 2010, FastMail was bought by Opera Software. The developers and staff of FastMail have now bought back the company. This means that FastMail is once again an independent company, dedicated to building the best possible email experience for our users. We have big plans for the future, and we will continue to roll out new features and enhancements over the coming months.

There are no configuration changes or any other changes you need to make. All existing accounts will continue to run as they do now with the same billing cycle, pricing, features, reliability, security, etc.

In case you have any questions, we’ve tried to address the main issues below.

  • Why has Opera sold you? Are you in trouble?

    Not at all. Opera has undergone an internal change of strategic direction and an email service no longer fits within their long term vision. With Opera’s investment in development and infrastructure over the last 3 years, FastMail has continued to increase its rate of growth and profitability. We came to the mutual conclusion that FastMail’s future would be better served as a separate company.

  • How will this affect future development work?

    FastMail is keeping all existing FastMail related staff. We believe we have all the resources and talent needed to keep developing and growing FastMail now and going forward into the future.

  • What sort of things do you have planned?

    A hugely improved mobile interface, CardDAV support to allow synchronisation of contacts between devices, a calendaring service including CalDAV support for synchronisation of events between devices, improved backend and searching performance. All these things are currently in active development and slated for release within the next year.

  • This all sounds great. Is there any way I can help?

    The best way to help us is continue to use FastMail. It’s the support we get from our users that allows us to keep running and developing the service.

    Tell your friends that there’s a real alternative to the big corporations. One that doesn’t show ads, respects your privacy, and is fully committed to keeping the service going forward.

    Tweet about us. Post about us on your blog. Make you and your boss happy by switching your work email to FastMail :)

  • How does this affect the privacy of my email and other data?

    We have always taken our users’ privacy very seriously and this will not change. We’re working on publishing an updated privacy policy next week that will explain in clear wording exactly how your data is treated. We’ll post to the blog with more information soon.

Thanks for using FastMail. We’ve put a lot of thought and effort into building the fastest, easiest and most powerful way to access your email. We look forward to providing you with the best service we can.
 
The FastMail Team

Posted in News. Comments Off

Fastmail uses perfect forward secrecy with https/TLS connections

There’s been a number of articles recently about perfect forward secrecy (PFS). The main aim of PFS is to ensure that even if the private SSL/TLS key for www.fastmail.fm was ever compromised, it would still be impossible to decrypt any existing captured traffic between users and our server. If you’re looking for more information, the linked articles above are worth reading to get a better overview. For PFS to work, both the server (us) and the client (your web browser) must support it.

Fastmail has supported PFS via ECDHE for some time now (since July 2012). Unfortunately a few browsers don’t support ECDHE.

Today we’ve updated our ciphers to the best practice recommended by SSL Labs. Using the SSL Labs site tester on www.fastmail.fm shows that we now support PFS on all major browsers except for IE 8 on Windows XP, which has no support for PFS and so can never support it.

We’re pretty sure that this change won’t have any compatibility issues with old clients (which should fall back to older ciphers), but we’ll keep an eye out in case there’s any reported problems.

Posted in News, Technical. Comments Off
Follow

Get every new post delivered to your Inbox.

Join 5,813 other followers