Topic: RuggedInbox.com - Free offshore email (Read 45068 times)
Any alternatives?
There are several service like ruggedinbox was.
https://www.reddit.com/r/emailprivacy/comments/3gf2ta/email_providers_with_onion_tor_hidden_service/
https://www.reddit.com/r/emailprivacy/comments/3gf2ta/email_providers_with_onion_tor_hidden_service/
Hi everyone,
First, don't get over-excited about the title of my post -- that's pure conjecture at the moment, and even if it could come true, it would come with a load of caveats.
I'm the main developer of SquirrelMail and have quite a number of years of mail server experience (I make my living as a consultant for people running such systems). I'm also a big security and privacy advocate, and am no stranger to pretty much any topic around these parts. In fact, I helped the RuggedInbox admins when they were considering adding GPG to their webmail interface, and I've run mail over Tor since the early days of Tormail.
I have recently started working on a privacy-oriented email system that we had planned to take public later this year, but I randomly came upon the fact that RuggedInbox seems to have shut down for good and thought maybe we could help...
It is conceivable that if the RuggedInbox admins wanted to hand over the password hashes for their users, we could resurrect all accounts. In fact, I suppose if they want to hand over the domain, or just redirect their MX, we could keep your mail flowing. I suppose we could take all the email data, too, but that could be a bit much.
Mind you, I've not spoken with the admins, and moreover, I'm VERY MUCH NOT looking to get into the same boat that they've been in (props to them for sticking it out so long). I've seen systems attacked by DDOS, I've seen CAPTCHAs demolished, and I've watched spammers send out their filth, triggering widespread blacklistings and it's no fun.
I am a strong believer that people should be able to find a free email account that they can use without their home IP address being exposed to recipients. I don't think you should have to give your mobile number to get a simple email account. Yet, even just these two things are VERY hard to come by, at least in one place. However, the reason for this is as much practical as it is tin-foil-hat: spammers & scammers ruin it for the rest of us. It's one thing to make a strong stance as a privacy advocate, but when people abuse your service to the point that no one else will accept your email, it becomes pointless. So, sadly, you end up with these choices that coincide with anti-privacy interests: take something from your users that links them to their real world identity.
Our planned approach to this has been something of a hybrid: we'd be offering free accounts, but they'd come with fairly restrictive policies. You'd have to pay to get more features and less restrictions. Best part is that Bitcoin payments would be welcome, allowing for users to retain their privacy during signup.
Yet, there's still the DDOS problems and the consistent stream of anonymous attacks coming via Tor, but I digress.
Our service is currently operational, but it's far from feature-complete. There are some key differences, both positive (offers automatic encryption of all incoming email, other important privacy-oriented features) and negative (I'm not coming at this as an anonymous party). There's lots more to be said, but let me not digress any further.
I'm putting this out to both the community and the admins of RuggedInbox to see what interest there is... and again, mind you, our launch was not intended to come nearly this soon, so there would probably be plenty of migration headaches if we were to attempt such.
Let me know what you think,
Paul
Thank you very much for your answer Paul. I think it is a first message after Ruggedinbox said that they want to give up.First, don't get over-excited about the title of my post -- that's pure conjecture at the moment, and even if it could come true, it would come with a load of caveats.
I'm the main developer of SquirrelMail and have quite a number of years of mail server experience (I make my living as a consultant for people running such systems). I'm also a big security and privacy advocate, and am no stranger to pretty much any topic around these parts. In fact, I helped the RuggedInbox admins when they were considering adding GPG to their webmail interface, and I've run mail over Tor since the early days of Tormail.
I have recently started working on a privacy-oriented email system that we had planned to take public later this year, but I randomly came upon the fact that RuggedInbox seems to have shut down for good and thought maybe we could help...
It is conceivable that if the RuggedInbox admins wanted to hand over the password hashes for their users, we could resurrect all accounts. In fact, I suppose if they want to hand over the domain, or just redirect their MX, we could keep your mail flowing. I suppose we could take all the email data, too, but that could be a bit much.
Mind you, I've not spoken with the admins, and moreover, I'm VERY MUCH NOT looking to get into the same boat that they've been in (props to them for sticking it out so long). I've seen systems attacked by DDOS, I've seen CAPTCHAs demolished, and I've watched spammers send out their filth, triggering widespread blacklistings and it's no fun.
I am a strong believer that people should be able to find a free email account that they can use without their home IP address being exposed to recipients. I don't think you should have to give your mobile number to get a simple email account. Yet, even just these two things are VERY hard to come by, at least in one place. However, the reason for this is as much practical as it is tin-foil-hat: spammers & scammers ruin it for the rest of us. It's one thing to make a strong stance as a privacy advocate, but when people abuse your service to the point that no one else will accept your email, it becomes pointless. So, sadly, you end up with these choices that coincide with anti-privacy interests: take something from your users that links them to their real world identity.
Our planned approach to this has been something of a hybrid: we'd be offering free accounts, but they'd come with fairly restrictive policies. You'd have to pay to get more features and less restrictions. Best part is that Bitcoin payments would be welcome, allowing for users to retain their privacy during signup.
Yet, there's still the DDOS problems and the consistent stream of anonymous attacks coming via Tor, but I digress.
Our service is currently operational, but it's far from feature-complete. There are some key differences, both positive (offers automatic encryption of all incoming email, other important privacy-oriented features) and negative (I'm not coming at this as an anonymous party). There's lots more to be said, but let me not digress any further.
I'm putting this out to both the community and the admins of RuggedInbox to see what interest there is... and again, mind you, our launch was not intended to come nearly this soon, so there would probably be plenty of migration headaches if we were to attempt such.
Let me know what you think,
Paul
Anyway if there is a chance at least save the domain name and all mailboxes that would be great. Ruggedinbox have been unique service exactly what many people were looking for:
very simple, full of privacy, with a little space and not commercial. So I am ready to pay for the service like that because I have been sure that it is something that guys full of enthusiasm and brave enough to make real privacy service for real people...
Hope that ruggedinbox gonna get back soon. And again I am ready to pay for the service like that.
Hi everyone,
First, don't get over-excited about the title of my post -- that's pure conjecture at the moment, and even if it could come true, it would come with a load of caveats.
I'm the main developer of SquirrelMail and have quite a number of years of mail server experience (I make my living as a consultant for people running such systems). I'm also a big security and privacy advocate, and am no stranger to pretty much any topic around these parts. In fact, I helped the RuggedInbox admins when they were considering adding GPG to their webmail interface, and I've run mail over Tor since the early days of Tormail.
I have recently started working on a privacy-oriented email system that we had planned to take public later this year, but I randomly came upon the fact that RuggedInbox seems to have shut down for good and thought maybe we could help...
It is conceivable that if the RuggedInbox admins wanted to hand over the password hashes for their users, we could resurrect all accounts. In fact, I suppose if they want to hand over the domain, or just redirect their MX, we could keep your mail flowing. I suppose we could take all the email data, too, but that could be a bit much.
Mind you, I've not spoken with the admins, and moreover, I'm VERY MUCH NOT looking to get into the same boat that they've been in (props to them for sticking it out so long). I've seen systems attacked by DDOS, I've seen CAPTCHAs demolished, and I've watched spammers send out their filth, triggering widespread blacklistings and it's no fun.
I am a strong believer that people should be able to find a free email account that they can use without their home IP address being exposed to recipients. I don't think you should have to give your mobile number to get a simple email account. Yet, even just these two things are VERY hard to come by, at least in one place. However, the reason for this is as much practical as it is tin-foil-hat: spammers & scammers ruin it for the rest of us. It's one thing to make a strong stance as a privacy advocate, but when people abuse your service to the point that no one else will accept your email, it becomes pointless. So, sadly, you end up with these choices that coincide with anti-privacy interests: take something from your users that links them to their real world identity.
Our planned approach to this has been something of a hybrid: we'd be offering free accounts, but they'd come with fairly restrictive policies. You'd have to pay to get more features and less restrictions. Best part is that Bitcoin payments would be welcome, allowing for users to retain their privacy during signup.
Yet, there's still the DDOS problems and the consistent stream of anonymous attacks coming via Tor, but I digress.
Our service is currently operational, but it's far from feature-complete. There are some key differences, both positive (offers automatic encryption of all incoming email, other important privacy-oriented features) and negative (I'm not coming at this as an anonymous party). There's lots more to be said, but let me not digress any further.
I'm putting this out to both the community and the admins of RuggedInbox to see what interest there is... and again, mind you, our launch was not intended to come nearly this soon, so there would probably be plenty of migration headaches if we were to attempt such.
Let me know what you think,
Paul
First, don't get over-excited about the title of my post -- that's pure conjecture at the moment, and even if it could come true, it would come with a load of caveats.
I'm the main developer of SquirrelMail and have quite a number of years of mail server experience (I make my living as a consultant for people running such systems). I'm also a big security and privacy advocate, and am no stranger to pretty much any topic around these parts. In fact, I helped the RuggedInbox admins when they were considering adding GPG to their webmail interface, and I've run mail over Tor since the early days of Tormail.
I have recently started working on a privacy-oriented email system that we had planned to take public later this year, but I randomly came upon the fact that RuggedInbox seems to have shut down for good and thought maybe we could help...
It is conceivable that if the RuggedInbox admins wanted to hand over the password hashes for their users, we could resurrect all accounts. In fact, I suppose if they want to hand over the domain, or just redirect their MX, we could keep your mail flowing. I suppose we could take all the email data, too, but that could be a bit much.
Mind you, I've not spoken with the admins, and moreover, I'm VERY MUCH NOT looking to get into the same boat that they've been in (props to them for sticking it out so long). I've seen systems attacked by DDOS, I've seen CAPTCHAs demolished, and I've watched spammers send out their filth, triggering widespread blacklistings and it's no fun.
I am a strong believer that people should be able to find a free email account that they can use without their home IP address being exposed to recipients. I don't think you should have to give your mobile number to get a simple email account. Yet, even just these two things are VERY hard to come by, at least in one place. However, the reason for this is as much practical as it is tin-foil-hat: spammers & scammers ruin it for the rest of us. It's one thing to make a strong stance as a privacy advocate, but when people abuse your service to the point that no one else will accept your email, it becomes pointless. So, sadly, you end up with these choices that coincide with anti-privacy interests: take something from your users that links them to their real world identity.
Our planned approach to this has been something of a hybrid: we'd be offering free accounts, but they'd come with fairly restrictive policies. You'd have to pay to get more features and less restrictions. Best part is that Bitcoin payments would be welcome, allowing for users to retain their privacy during signup.
Yet, there's still the DDOS problems and the consistent stream of anonymous attacks coming via Tor, but I digress.
Our service is currently operational, but it's far from feature-complete. There are some key differences, both positive (offers automatic encryption of all incoming email, other important privacy-oriented features) and negative (I'm not coming at this as an anonymous party). There's lots more to be said, but let me not digress any further.
I'm putting this out to both the community and the admins of RuggedInbox to see what interest there is... and again, mind you, our launch was not intended to come nearly this soon, so there would probably be plenty of migration headaches if we were to attempt such.
Let me know what you think,
Paul
Theyr last message doesn't sound like they would come back.
But thanks for the nice service you offered!
But thanks for the nice service you offered!
Hi guys, sorry to inform you that we are unable to continue to run the service, mainly because of too much work on our daily jobs.
Please backup your emails asap, the VPS will be wiped within 2 days.
The web service is currently under DDOS, but imap works ok (you can use icedove/thunderbird + torbirdy).
For refunds of donations refer to [email protected]
Thanks for all your feedback and support,
RuggedInbox team
I just notice today that you are not available anymore. 2 days is a very short time to backup everything eventhough to get to know that you are permanently down. Is that a chance to get my emails or you already wiped everything down?..Please backup your emails asap, the VPS will be wiped within 2 days.
The web service is currently under DDOS, but imap works ok (you can use icedove/thunderbird + torbirdy).
For refunds of donations refer to [email protected]
Thanks for all your feedback and support,
RuggedInbox team
Is that a chance that you will change your mind and ruggedbox.org gonna be recovered soon?..
So many services there I jused accounts from you guys and for now it is very big pain in the a** to change everything for new addresses. Crossing my fingers for you guys hope that you will be back soon. You did amazing job and actually I am ready if you make your service payable...
Is anyone else thinking, "They got to him..."? 
Hi guys, sorry to inform you that we are unable to continue to run the service, mainly because of too much work on our daily jobs.
Please backup your emails asap, the VPS will be wiped within 2 days.
The web service is currently under DDOS, but imap works ok (you can use icedove/thunderbird + torbirdy).
For refunds of donations refer to [email protected]
Thanks for all your feedback and support,
RuggedInbox team
Please backup your emails asap, the VPS will be wiped within 2 days.
The web service is currently under DDOS, but imap works ok (you can use icedove/thunderbird + torbirdy).
For refunds of donations refer to [email protected]
Thanks for all your feedback and support,
RuggedInbox team
Oh, I'm sorry about that, i liked your service.
I'll try to backup using thunderbird.
So long.
Hi guys, sorry to inform you that we are unable to continue to run the service, mainly because of too much work on our daily jobs.
Please backup your emails asap, the VPS will be wiped within 2 days.
The web service is currently under DDOS, but imap works ok (you can use icedove/thunderbird + torbirdy).
For refunds of donations refer to [email protected]
Thanks for all your feedback and support,
RuggedInbox team
Please backup your emails asap, the VPS will be wiped within 2 days.
The web service is currently under DDOS, but imap works ok (you can use icedove/thunderbird + torbirdy).
For refunds of donations refer to [email protected]
Thanks for all your feedback and support,
RuggedInbox team
It currently takes roughly a minute to bring up any page on the site, so perhaps what I assumed was a downed service may not have been. That a Tor-friendly "mom and pop" e-mail service is probably under attack really shouldn't surprise me -- government has the motive and the resources, and doesn't play fair -- but I still find it disheartening. I wish that I were in a position to contribute to Rugged Inbox; but for the time being, all I can do is offer my moral support. Just know that we're rootin' for ya!
Great project.
Side is working very slow again. Seems to be a returning problem. 
Using it a long time
Great Work! Keep it up guys!
Great Work! Keep it up guys!
I like this email service. But it is down again.
I cannot connect to RI website.
On the 3/4/2016 I received a cert issue popup. It said it had expired on 3/3/2016. I cannot send using pop.
Any idea how long before this is resolved. This is my only email service.
It is not the end of the world for me. So, I am not jumping up and down in a frantic. (...yet) But, I sure would like to send and receive email.
About 6 or 7 years ago, I worked as an IT Tech in a university. The exchange server was low on disk space, and we had seen this coming in advance. So, we were just about to migrate all of the mailboxes to the new virtual drive. But, something happened and all the diskspace was used up before we could do it and the exchange server crashed. All of the instructors and department heads who loved us, all of a sudden turned on us. And we were threatened with being fired. I worked 20 hour days for almost a week. It was in the midst of the summer heat, and the A/C went out in the tech office. I was sweating my *** off. And when it went back up, everyone apologized and everything was good again. But I never forgot how my friends turned into enemies so fast.
I hope everyone keeps that in mind as this issue gets resolved. Peace.
Thanks.
I cannot connect to RI website.
On the 3/4/2016 I received a cert issue popup. It said it had expired on 3/3/2016. I cannot send using pop.
Any idea how long before this is resolved. This is my only email service.
It is not the end of the world for me. So, I am not jumping up and down in a frantic. (...yet)
But, I sure would like to send and receive email. About 6 or 7 years ago, I worked as an IT Tech in a university. The exchange server was low on disk space, and we had seen this coming in advance. So, we were just about to migrate all of the mailboxes to the new virtual drive. But, something happened and all the diskspace was used up before we could do it and the exchange server crashed. All of the instructors and department heads who loved us, all of a sudden turned on us. And we were threatened with being fired. I worked 20 hour days for almost a week. It was in the midst of the summer heat, and the A/C went out in the tech office. I was sweating my *** off. And when it went back up, everyone apologized and everything was good again. But I never forgot how my friends turned into enemies so fast.
I hope everyone keeps that in mind as this issue gets resolved. Peace.
Thanks.
Ruggedinbox is back up and running 
Yet, even though the webmail works, I'm still getting the "us2.pop.mailhostbox.com" certificate confusion/scam/MitM/whatever issue when using Thunderbird's account wizard. Has no one else encountered this problem?Confirmed, HTTP SSL cert is valid but POP/IMAP/SMTP SSL cert is expired, fixing asap, thank you
Ruggedinbox is back up and running
Yet, even though the webmail works, I'm still getting the "us2.pop.mailhostbox.com" certificate confusion/scam/MitM/whatever issue when using Thunderbird's account wizard. Has no one else encountered this problem?
Ruggedinbox is back up and running
I'm still getting a warning when using the Thunderbird account setup wizard and selecting the POP3 option. Yesterday, the certificate details listed some non-ruggedinbox URL, and now it lists "mail.ruggedinbox.com" but still claims it's invalid.
I've manually typed everything I saw, so there may be mistakes...
Thunderbird 38.5.1 over non-Tor connection...
Selected "Add Mail Account...".
Entered name, e-mail address ([email protected]), and password; kept "Remember password" checked; pressed "Continue" button.
Observed messages of "Looking up configuration: Trying common server names", etc.
Switched radio button from "IMAP" to "POP3"; pressed "Done".
Observed "Checking password" message, then window stating the following:
You are about to override how Thunderbird identifies this site.
Legitimate banks, stores, and other public sites will not as you to do this.
Server: Location: pop.ruggedinbox.com:110 [Get Certificate]
Certificate Status: This site attempts to identify itself with invalid information. [View]
Wrong Site: The certificate belongs to a different site, which could mean that someone is trying to impersonate this site.
[ x ] Permanently store this exception
[Confirm Security Exception] [Cancel]
Here's where I'm getting really confused. When I click "View", it brings up a window with "General" and "Details" tabs -- sometimes showing one set of credential, sometimes another.
Result #1:
This certificate has been verified for the following uses:
SSL Client Certificate
SSL Server Certificate
Issued To
Common Name (CN): mail.ruggedinbox.com
Organization (O): (I inadvertently overlooked this entry.)
Organizational Unit (OU): Domain Control Validated
Serial Number: 0B:A6:AB:22:5D:CD:AF:C4:6C:9F:92:19:85:16:57:53
Issued By
Common Name (CN): COMODO RSA Domain Validation Secure Server CA
Organization (O): COMODO CA Limited
Organizational Unit (OU):
Period of Validity
Begins On: 03/04/2015
Expires On: 03/04/2016
Fingerprints
SHA-256 Fingerprint: A0:59:AF:7B:A5:69:23:C2:93:23:7D:86:CC:30:E6:14:4B:9B:77:41:92:5E:E1:10:9A:0F:C7:B8:49:B9:EE:2D
SHA1 Fingerprint: FD:18:DE:8F:55:A1:01:4E:E8:A9:DF:8E:95:4E:92:BB:2F:75:FC:67
Result #2:
This certificate has been verified for the following uses:
SSL Client Certificate
SSL Server Certificate
Issued To
Common Name (CN): us2.pop.mailhostbox.com
Organization (O):
Organizational Unit (OU): Domain Control Validated
Serial Number: 1C:30:0E:C7:E6:FC:1D:49:D8:86:01:A3:24:1E:A7:75
Issued By
Common Name (CN): COMODO RSA Domain Validation Secure Server CA
Organization (O): COMODO CA Limited
Organizational Unit (OU):
Period of Validity
Begins On: 09/15/2015
Expires On: 05/15/2016
Fingerprints
SHA-256 Fingerprint: CD:DA:B0:66:00:1F:4E:E7:67:EC:39:AE:FB:FF:9C:FB:FC:D3:7B:F3:DC:5C:BE:82:10:01:87:12:9F:82:C1:7B
SHA1 Fingerprint: 17:C3:65:17:2F:F7:D9:1E:C2:BA:F2:7D:C1:6E:C7:C6:92:5C:38:E0
I've manually typed everything I saw, so there may be mistakes...
Thunderbird 38.5.1 over non-Tor connection...
Selected "Add Mail Account...".
Entered name, e-mail address ([email protected]), and password; kept "Remember password" checked; pressed "Continue" button.
Observed messages of "Looking up configuration: Trying common server names", etc.
Switched radio button from "IMAP" to "POP3"; pressed "Done".
Observed "Checking password" message, then window stating the following:
You are about to override how Thunderbird identifies this site.
Legitimate banks, stores, and other public sites will not as you to do this.
Server: Location: pop.ruggedinbox.com:110 [Get Certificate]
Certificate Status: This site attempts to identify itself with invalid information. [View]
Wrong Site: The certificate belongs to a different site, which could mean that someone is trying to impersonate this site.
[ x ] Permanently store this exception
[Confirm Security Exception] [Cancel]
Here's where I'm getting really confused. When I click "View", it brings up a window with "General" and "Details" tabs -- sometimes showing one set of credential, sometimes another.
Result #1:
This certificate has been verified for the following uses:
SSL Client Certificate
SSL Server Certificate
Issued To
Common Name (CN): mail.ruggedinbox.com
Organization (O): (I inadvertently overlooked this entry.)
Organizational Unit (OU): Domain Control Validated
Serial Number: 0B:A6:AB:22:5D:CD:AF:C4:6C:9F:92:19:85:16:57:53
Issued By
Common Name (CN): COMODO RSA Domain Validation Secure Server CA
Organization (O): COMODO CA Limited
Organizational Unit (OU):
Period of Validity
Begins On: 03/04/2015
Expires On: 03/04/2016
Fingerprints
SHA-256 Fingerprint: A0:59:AF:7B:A5:69:23:C2:93:23:7D:86:CC:30:E6:14:4B:9B:77:41:92:5E:E1:10:9A:0F:C7:B8:49:B9:EE:2D
SHA1 Fingerprint: FD:18:DE:8F:55:A1:01:4E:E8:A9:DF:8E:95:4E:92:BB:2F:75:FC:67
Result #2:
This certificate has been verified for the following uses:
SSL Client Certificate
SSL Server Certificate
Issued To
Common Name (CN): us2.pop.mailhostbox.com
Organization (O):
Organizational Unit (OU): Domain Control Validated
Serial Number: 1C:30:0E:C7:E6:FC:1D:49:D8:86:01:A3:24:1E:A7:75
Issued By
Common Name (CN): COMODO RSA Domain Validation Secure Server CA
Organization (O): COMODO CA Limited
Organizational Unit (OU):
Period of Validity
Begins On: 09/15/2015
Expires On: 05/15/2016
Fingerprints
SHA-256 Fingerprint: CD:DA:B0:66:00:1F:4E:E7:67:EC:39:AE:FB:FF:9C:FB:FC:D3:7B:F3:DC:5C:BE:82:10:01:87:12:9F:82:C1:7B
SHA1 Fingerprint: 17:C3:65:17:2F:F7:D9:1E:C2:BA:F2:7D:C1:6E:C7:C6:92:5C:38:E0
Great service! Do you guys have an API that I can utilize to maybe make a newsletter program, or something?
So it was down for a week. Then, when it came back up, things seemed to work fine -- until I tried to reconfigure my Thunderbird POP settings, and suddenly got a warning about the security certificate pointing to a site that wasn't "ruggedinbox".
Not seeing the certificate issue mentioned here in the days since, I've begun to wonder whether it's something flying under the radar, maybe slipping past those who continued "business as usual" under their previous settings. So, in the interim, I opted to use the webmail interface.
Unfortunately, since yesterday, the website appears to be down again, at least for me.
Not seeing the certificate issue mentioned here in the days since, I've begun to wonder whether it's something flying under the radar, maybe slipping past those who continued "business as usual" under their previous settings. So, in the interim, I opted to use the webmail interface.
Unfortunately, since yesterday, the website appears to be down again, at least for me.
Hi no we didn't touch anything on the configuration except usual OS updates, our mail clients are working ok (no ssl alerts)
and there is no other feedback about this (until now).
But yes the http service was down/slow because once restored the service we also restored the Tor HS onions
and it looks like the DDOS attack resumed.
At least this time we found a number of hits on the access.log file like this:
"GET /?PAY-2BTC-TO-1Efc4djSCfqobjXXXXXXXXXXXXXX-FOR-THE-PATCH HTTP/1.1" 200
but can't say if its directly related to the long going problems on TOR HS :|
So HS services stopped again and this sucks.
About your certs problem, were you using Tor ? Could it be the 'usual' bad exit node (MITM) SSL hijacking problem ?
Jump to: