Bitcoin Forum

Hello everyone, fresh new service: https://ruggedinbox.com
Still in BETA, currently completely free and ad-free, Tor friendly, offshore (Europe, Bulgaria), no personal details needed, no question asked, session expiration friendly (10 hours), limited number of accounts available.

If you prefer a self-signed ssl certificate, here you are: https://ruggedinbox.com:444

Also available as a Tor hidden service: s4bysmmsnraf7eut.onion

Feedback is welcome!

this would be nice :)

Pretty nice, since Tor is full of feds  :)

Hi Ufonautas, we live in a post-Snowden era
which proved that we, tin foil hat ppl
were not crazy but very much on the right track.

More than that, the reality got past the imagination: the NSA has built unbelievable systems .. "PRISM", "Turbine", "XKeyscore", "Turmoil", ... (1)
it is like an evil twin of google+facebook on steroids ;D

Anyway, Snowden leaked that the NSA is trying hard to break Tor (2) (cit. There is no evidence that the NSA is capable of unmasking Tor traffic routinely on a global scale," the report said. "But for almost seven years, it has been trying.)
but to date, they are only able to trace a given target (cit. We will never be able to de-anonymize all Tor users all the time.)
and it is an expensive and time consuming 'feature'.

Snowden himself were using Tor (the 'Tails' linux distro) and Lavabit for emails
and the NSA wasn't able to violate them (3 and 4).

Back to the feds, take the Silkroad example: there were no real hacking / big brother involved in finding the Dread Pirate Roberts (5) (cit. it didn't take technical back doors to find him; it just took a lot of solid detective work, some subpoenas, and a search engine.)

You may also notice that the number of Tor relays and exit-nodes didn't unexpectedly increase over the last 18 months:
https://metrics.torproject.org/network.html?graph=networksize&start=2013-01-01&end=2014-06-22#networksize

In short, it all depends on how dangerous you are and how big you want your enemies to be.

1. http://arstechnica.com/information-technology/2013/08/building-a-panopticon-the-evolution-of-the-nsas-xkeyscore/
2. http://arstechnica.com/security/2013/10/nsa-repeatedly-tries-to-unpeel-tor-anonymity-and-spy-on-users-memos-show/
3. http://www.engadget.com/2014/05/01/tails-linux-os-version1-0/
4. http://gizmodo.com/try-the-super-secure-usb-drive-os-that-edward-snowden-i-1563320487
5. http://arstechnica.com/tech-policy/2013/10/how-the-feds-took-down-the-dread-pirate-roberts/

and some other links to cheer up this nice sunday :)
http://arstechnica.com/information-technology/2014/03/nsas-automated-hacking-engine-offers-hands-free-pwning-of-the-world/
http://arstechnica.com/tech-policy/2013/08/nsas-internet-taps-can-find-systems-to-hack-track-vpns-and-word-docs/
http://arstechnica.com/security/2014/03/nsa-hacker-in-residence-dishes-on-how-to-hunt-system-admins/
http://arstechnica.com/tech-policy/2013/06/use-of-tor-and-e-mail-crypto-could-increase-chances-that-nsa-keeps-your-data/
http://arstechnica.com/security/2013/09/majority-of-tor-crypto-keys-could-be-broken-by-nsa-researcher-says/
and in general: www.arstechnica.com/series/nsa-leaks/

Hi all again and thanks for your interest!

We just introduced a brand new feature:
when sending an email using an smtp client, the following headers are now anonymized: 'Received', 'X-Originating-IP', 'User-Agent', 'X-Mailer', 'X-Enigmail' and 'Mime-Version'.
In short, your IP address will not be revealed.

(Sending with the webmail always had this feature)

Let us know if you have any questions or need support!

https://ruggedinbox.com

registered 2 acc's today (1st registered & failed to login later, same with the second one)

can you help?

Hi SloRunner thanks for your interest and feedback.

That's strange, I've tried now to create an account and I can login properly.
Did you try using the webmail ( https://ruggedinbox.com/rc ) or an email client ?

still login failed, with mail i made yesterday...

Hi SloRunner please provide your ruggedinbox email address in PM
and I'll reset your password.
(You should then be able to login and change your password again).

Thank you.

Ok so, problem solved and platform updated.
"Closing the ticket" :)
Thanks to all for your interest and happy emailing!

I'm having a frustrating problem. Today I've created three accounts. Two via Tor Bundle, and one straight through my ISP. I received a confirmation on all three,

Your new email address is: xxxxxxxx@ruggedinbox.com
Host: ruggedinbox.com
IMAP (TLS) port: 993
POP (TLS) port: 995
SMTP (TLS) port: 465
Webmail url: https://ruggedinbox.com/rsm
Webmail with self-signed ssl url: https://ruggedinbox.com:444/rc

However, when I attempt to login via Claws Mail it errors out and the log shows:

[15:15:42] POP3< +OK Welcome to ruggedinbox.com
[15:15:42] POP3> USER xxxxxxxx
[15:15:42] POP3< +OK
[15:15:42] POP3> PASS ********
[15:15:45] POP3< -ERR Authentication failed.
*** error occurred on authentication
*** Authentication failed.

When I attempt via webmail using SquirrelMail of Roundcube I receive: Unknown user or password incorrect.

I'm using a 25 character 164 bit password, this is the only thing I can think of that may cause an issue on all three.

Help.

Hi thanks for reporting. Sent PM

Ok so the current maximum allowed password length is 22 characters. Sent PM

NEW FEATURES ANNOUNCEMENT:

hi all!

Recentily we got precious feedback from a number of (rightly) paranoid fellows, follows the improvements:

* availability as a Tor hidden service (over http, https with valid certificate and https with a self-signed certificate)
* installed an alternative webmail (SquirrelMail) for browsers with javascript disabled

The Tor hidden service address is: s4bysmmsnraf7eut.onion

For a more detailed description please have a look at the features page: https://ruggedinbox.com/features.php
( or as an hidden service: http://s4bysmmsnraf7eut.onion/features.php )


Thanks for your interest and let us know if you have any problem!

NEW FEATURES ANNOUNCEMENT:

you can now create disposable / temporary accounts.

If you click on top on 'Register', you will be asked if you want to create a normal or a disposable / temporary inbox.

By clicking on the latter ( direct url: https://ruggedinbox.com/createTempAccount.php OR http://s4bysmmsnraf7eut.onion/createTempAccount.php ) you will go to a specific registration page, where a random username is suggested
and where you can choose an expiration date between 1 hour and 1 year.

When the expired date is reached, the account will be removed from the database and all its files and folders are deleted.


ALSO .. we changed the log rotation policy.
Before it was the Debian default: 1 month.
1 month is too much, we don't need it and privacy-wise, the less the better.
The new policy is 1 week: system logs and web access logs are kept for 1 week.
(this can still be improved, in the near future it will be 48 hours)

Thanks to all for your interest and feedback!

Hi, https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com report is not good enough, your should specify more strict cipher policy, to have full Forward Secrecy. Roundcude is insecure (many private exploits available), but I like it better then squirrel. 
And finally after registration, I can't login. (maybe you not support some special symbols in passwords, used 21 long). With normal Forward Secrecy  self-signed certificates is just piece of useless crap. Don't forget not only select long dh param/key, but to change default curve for at least longer one(don't know is it possible or not with lighttpd).

Hi thanks for the suggestions, we'll do the homework, fix and report back :) Give us a couple of days.

Hi cryptofutureis, thanks for your detailed suggestions about ssl!

By following this howto (forward secrecy on lighttpd): https://raymii.org/s/tutorials/Strong_SSL_Security_On_lighttpd.html
score raises to A

with this parameters: https://cipherli.st
the overall rating is A+

https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com

easy and very useful!

(also, today those debian packages: libssl-dev libssl-doc libssl1.0.0 libssl1.0.0:i386 openssl were updated)


About the password, we made some (manual) tests and the invalid characters are " (quote) and \ (back-slash aka 'reverse solidus')
so you can have passwords like `~!@#$%^&*()-=_+}{[];'
and ,./<>?
we didn't test symbols, anyway the only character that we really strip is " (quote)


About Roundcube, now that you say that (0-day exploits available around), you gave us the additional motivation to configure spawn-fcgi to isolate the virtual hosts (so hacking roundcube would not result in having access to the whole document root of the web server) .. we'll do that as the next thing.


Thanks for your feedback and happy emailing! :)

Hi we are happy to announce that recently we did the following security and privacy oriented improvements:

* enabled perfect secrecy on all ssl services, current score on ssllabs.com is A+ ( https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com )

* enabled Tor peering with SIGAINT ( http://sigaintevyh2rzvw.onion ), now you can send and receive emails with SIGAINT using the hidden service address, the emails will never touch the clearnet

* roundcube now shows the emails in text-mode (before it was rendering the html version)

* roundcube now defaults to use the text-mode editor (instead of the html editor)

* ability to delete an email account (removing / destroying all the emails), you can find the link on the home page or use the direct link: http://s4bysmmsnraf7eut.onion/destroyAccount.php

Peering with other tor-friendly email providers will come soon, we'll keep you updated.


Thanks for the feedback!

Thanks, all is correct now. Tested same password without " (quote) and it works. But anyway try to choose one main and supported web interface. Also look in curve option to select better one curve:

Diffie-Hellman and Elliptic-Curve Diffie-Hellman key agreement protocols will be supported in lighttpd 1.4.29. By default, Diffie-Hellman and Elliptic-Curve Diffie-Hellman key agreement protocols use, respectively, the 1024-bit MODP Group with 160-bit prime order subgroup from RFC 5114 and "prime256v1" (also known as "secp256r1") elliptic curve from RFC 4492. The Elliptic-Curve Diffie-Hellman key agreement protocol is supported in OpenSSL from 0.9.8f version onwards. For maximum interoperability, OpenSSL only supports the "named curves" from RFC 4492.

Using the ssl.dh-file and ssl.ec-curve configuration variables, you can define your own set of Diffie-Hellman domain parameters. For example:

ssl.dh-file = "/etc/lighttpd/ssl/dh2048.pem"
ssl.ec-curve = "secp384r1"
Default is secp256r1 but we always can select curve with bigger prime.
Mozilla has a nice doc available: https://wiki.mozilla.org/Security/Server_Side_TLS

Hi cryptofutureis thanks again for helping us with your ssl expertize!!
We studied and did some tests, generated the dh2048.pem certificate and configured lighttpd to use the secp384r1 curve.

Now ssllabs.com rating ( https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com ) improved the "Key Exchange" score, from 80 to 90.
We enabled this on both port 443 (which uses a normal ssl certificate) and port 444 (which uses a self-signed certificate).

Thanks for your feedback and happy holidays!

Thanks. got it !! Retried it with abbreviated password and worked !!

Nice! I hadn't heard of this one yet. Signing up now  :)

Another issue has reared its ugly head. I'm having issues using my e-mail client, Claws Mail. I'm using SSL connection and am receiving this time out error.

* Account 'jusura@ruggedinbox.com': Connecting to POP3 server: ruggedinbox.com:995...
[08:48:10] POP3< +OK Welcome to ruggedinbox.com
[08:48:10] POP3> USER xxxxxx@ruggedinbox.com
[08:48:11] POP3< +OK
[08:48:11] POP3> PASS ********
[08:48:11] POP3< +OK Logged in.
[08:48:11] POP3> STAT
[08:48:11] POP3< +OK 0 0
[08:48:11] POP3> QUIT
** Session timed out. You may be able to recover by increasing the timeout value in Preferences/Other/Miscellaneous.

Sometimes it completes correctly:

* Account 'xxxxxx@pop.ruggedinbox.com': Connecting to POP3 server: ruggedinbox.com:995...
[08:48:06] POP3< +OK Welcome to ruggedinbox.com
[08:48:06] POP3> USER xxxxxx@ruggedinbox.com
[08:48:06] POP3< +OK
[08:48:06] POP3> PASS ********
[08:48:06] POP3< +OK Logged in.
[08:48:06] POP3> STAT
[08:48:07] POP3< +OK 2 6960
[08:48:07] POP3> UIDL
[08:48:07] POP3< +OK
[08:48:07] POP3> LIST
[08:48:07] POP3< +OK 2 messages:
[08:48:07] POP3> QUIT
[08:48:07] POP3< +OK Logging out.

It appears that there are two messages, however, they do not download. I can connect via Tor or webmail via sm or rc with no issues.

Hi chromedome thanks for reporting!
This happens often to us, while using claws-mail and torsocks .. it looks like a lot of exit nodes don't like connections to email ports (smtp / pop / imap).
Usually restarting Tor helps (or forcing it to build a new circuit).

Please let us know if you were not using torsocks with claws-mail!

Thank you for  the response. It's occurring on two separate RIB accounts, both configured the same. I'm using Claws Mail via my ISP using SSL on port 995 and 465.  SMTP authentication is enabled. The only plugin enabled is GPG. What else can I provide to assist you?
The other account checked via Claws Mail (BM) functions correctly.

TKS

Hi chromedome thanks for the follow up.
In claws-mail, please go to the account preferences -> SSL
and check 'Use SSL for POP3 connection' under POP3

then check 'Use STARTTLS command to start SSL session' under 'Send (SMTP)'

and then at the bottom, check 'Use non-blocking SSL'.

Then go to Advanced and uncheck everything (SMTP port, POP3 port, Domain name, ...) (thus leaving everything as default).


Please let us know if the problems still happens, if so, we'll do a serious debugging,
because honestly, we never did even a single access to RIB directly (without using Tor or torsocks) :)

Thanks for the assistance. I've made the suggested changes and got the same issue.

* Account 'xxxxxx@ruggedinbox.com': Connecting to POP3 server: ruggedinbox.com:995...
[11:20:32] POP3< +OK Welcome to ruggedinbox.com
[11:20:32] POP3> USER xxxxxx@ruggedinbox.com
[11:20:32] POP3< +OK
[11:20:32] POP3> PASS ********
[11:20:32] POP3< +OK Logged in.
[11:20:32] POP3> STAT
[11:20:32] POP3< +OK 1 1963
[11:20:32] POP3> UIDL
[11:20:32] POP3< +OK
[11:20:32] POP3> LIST
[11:20:33] POP3< +OK 1 messages:
[11:20:33] POP3> QUIT
** Session timed out. You may be able to recover by increasing the timeout value in Preferences/Other/Miscellaneous.

I've increased timeout out to 180 to no avail. This does not happen every time, however, it does occur about every second attempt. Typically the first time I check the accounts they function correctly and download any messages. If I attempt again it will fail on at least one of the two accounts.
SMTP appears to function within the spec'd 3 minute window with no problem on both accounts.

TKS for all the help.

Hi chromedome, issue confirmed (we are able to replicate the problem).
Thanks for spotting that out!
Debug in progress .. :)

Ok so .. problem partially fixed.
It was an iptables issue: to allow sending emails to the onionland, some iptables magic is needed.
One rule was causing some connections to be dropped.

Now you should be able to hammer your POP mailboxes with claws-mail and see no timeouts or interruptions.

We'll seek some wisdom on the Tor mailing list to check iptables .. :)

Thanks again for the patience and feedback!!

It's been working like a charm !!!

Thanks for your assistance.

Hi, we have raised the amount of space on all the mailboxes, present and future, from 50MB to 200 MB.
As usual, feedback is welcome.

Thanks for creating such a great service!

But unfortunately it seems that the mail servers are currently down. No matter if I try to connect via Squirrelmail or RoundCube or POP3, there's always a timeout when fetching the mail contents.

Any idea?

Any alternative to ruggedinbox.com?

Thanks

awsome service :)

Looks good i'm gona try it now. Cheers.

Hi andyamiles, from the 13th of August we use a third-party monitoring service to monitor our server availability (ping)
and https service (the webmail).

It reports that our uptime is 99.98% for ping
and 99.8% for https

The last downtime was on the 11-09-2014 (11th of September) at 14:49:03
and the duration was 8 minutes (probably some network interruption or routing problem between our data center and the monitoring service one).

Anyway thanks for your interest and the feedback!

Hi!

server s4bysmmsnraf7eut.onion  Stopped Working?

Hi kubussz, http://s4bysmmsnraf7eut.onion is proudly up
however we noticed that from yesterday, sometimes we need to click "New Identity" on our favorite green onion button
to rebuild a Tor circuit, because of timeouts.

On our server, services are up, traffic is coming thru the hidden service and we are not getting DDOSed
so perhaps it is a temporary issue with the Tor network in general.

On the tor-talk mailing list, everything looks ok: https://lists.torproject.org/pipermail/tor-talk/2014-October/thread.html


Thanks for the feedback!
RuggedInbox team

Thank you for your response.

I have a question!

"This service does not and don't need to comply with such regulation: we don't have such logs."

AND...

"ALSO .. we changed the log rotation policy.
Before it was the Debian default: 1 month.
1 month is too much, we don't need it and privacy-wise, the less the better.
The new policy is 1 week: system logs and web access logs are kept for 1 week.
(this can still be improved, in the near future it will be 48 hours)"

which statement is true?

Hi,
The policy is 1 week: system logs and web access logs are kept for 1 week.
This is the current configuration.

Feedback is welcome also on this topic.

Hi!
But you keep logs, that this sentence is a lie:"This service does not and don't need to comply with such regulation: we don't have such logs."  It's put away this sentence from the main page

Hi kubussz, the confusion is given by the fact that we are talking about two different logs:

1. system logs: those are linux logs, for example syslog and dmesg, the web server and the other services logs. In short, the system logs.
We have those logs and the rotation policy is 1 week.

2. data retention: the statement that you quote from ruggedinbox's features page ( http://s4bysmmsnraf7eut.onion/features.php ) is from the paragraph "NO Data Retention".
"Data Retention" are special logs: https://en.wikipedia.org/wiki/Telecommunications_data_retention
which save metadata: sender, recipient, sender ip address, timestamp
and we don't have such logs.

Let us know if you need more information.


Thanks for your interest,
RuggedInbox team

Is it possible to enable DANE for ruggedinbox?

You guys gotta fix your typography on main page.  The Bold has made lettering blurry.  On my res anyways.

Hi, we are not DANE experts but it looks like a good suggestion.
Give us some time to study it
and see how it fits in the current (Tor-fiendly) setup.

Thanks for the feedback!
RuggedInbox team

We are unable to replicate the issue, also trying with www.browsershots.org and other services.

Which OS (and version) and browser (and version) are you using ?


Thank you!
RuggedInbox team

Same problem. I use Win 7 with Firefox 33

http://abload.de/img/rugged76ug7.png (http://abload.de/image.php?img=rugged76ug7.png)

Hi thanks for the feedback! Please check again, not super pretty but now fixed.

Yep looks better now on my end.

Ive been unable to connect for approx 16 hours now, I get error 500. Any word on when service will be back up?

Website seems to be up again, bit I can‘t login.

Hi it looks like the current ruggedinbox VPS is not able to handle the current load. RAM is not enough.
We are talking about 1GB for few thousand users :)
We already tweaked all we could (database, antivirus, smtp/pop/imap stack), it was interesting to find the limit but now we must upgrade.
So we are planning to move the services to a bigger VPS.
A number of users told us that they would like to contribute, so we are accepting donations in bitcoins.
Every penny will be spent for the VPS, which price is 18 euros per month.
The bitcoin address for donations will never change, so it will be easy to calculate for how many months we are ok.
The BTC address is: 1PHnN2SjiLbQsL9eohC1DDyYV8CPfaPu47

Thank you!

Thank you for the update and the service. I will send some BTC your way when I am able.

Hi everyone,

just had a concern about email we should receive during this "off time", when all will be back should we have these emails ?
i mean does the server is still in measure to keep up to date user's boxes.
thanks so much for your clarification.

Regards @ll
Alx

Hi the service is currently up.
We found the web server answering error 500, as reported by Blis (thank you)
but the other services (smtp/pop/imap) were working ok
so the emails were correctly received and sent.

We did a reboot and decreased the number of php processes, saving around 50MB of RAM.
The current situation is that there are around 200MB of free RAM
but during the days, probably during load spikes, the server swaps and bad things happens.

Thank you,
RuggedInbox team

thanks for your answer.

i dot not have error 500 anymore, however i can't login onto the webmail.....and this is the only way for me to watch my messages...
hope it should be operational very soon.
thx @ll

Hi, strange we didn't touch the system and we are able to login as usual.
Is this still happening to you ?

Thanks for your feedback!

Hi, we just received this message:

You are going under DDoS attack unless you pay me 1 BTC in next 30 minutes to 1MRFFgSexGzyWgbLEhX1Bi3YXR6FaaebV8

Do not ignore me, as it will just increase the price. :)

 

Once you pay me you are free from me for lifetime of your site.

If you think that I'm bluffing, Google my name. :)


Thank you.


(sender: dd4bc@unseen.is)

Our answer:
this is a volunteer based project, which provides an anonymous, Tor friendly email service, 100% free and ad free.
You may want to direct your energies somewhere else, since you'll not see a penny from us.

Bulgaria is not offshore  ;D

Hi HeroCat, we don't know who decides if a country is offshore or not
but read here: https://blackvps.net/

Follow up:

we contacted our server farm and after short time they enabled their anti-DDOS filter.

Now our services are up and running!

I have the same error (sm and rc) and this is still happening for me too.

Argh! Found the issue: when updating roundcube, from version 1.0.2 to 1.0.3, you use a tool that does the job.
But ... the tool failed to keep some setting, including the one that appends the domain (@ruggedinbox.com) to the username.

So .. logging with with just 'username' was resulting in a 'login failed' error,
while trying with 'username@ruggedinbox.com' was working ok.

Now this is fixed, we'll pay more attention in future when we update roundcube
and we'll asap open a discussion on the roundcube mailing list about that.

Thanks to all for your feedback!

I have another problem with squirrel mail. Login works, but I only get a blank screen with a border left side and nothing more happens

Thanks a lot for the fast support.

Hi, tried now with both username@ruggedinbox.com and just 'username',
login, mail sending and receiving works ok.
GUI looks in shape.

Are you still having the issue ?

still..

http://abload.de/thumb/squirrelmail8rplh.png (http://abload.de/image.php?img=squirrelmail8rplh.png)

With Win7 + Firefox 33 and also Debian sid + Chromium.

Roundcube works, but not perfect. I can open a specific mail and delete it, but the preview (bottom window) won't load nor mass selection and delete of mails. Roundcube tries to load the mail in the preview window but didn't finish. Open the mail with doubleclick works like a charm.

Edit: Option menu in roundcube also won't load. Same effect.

Mmm what if you use Tor browser bundle to access the onion address ?
http://s4bysmmsnraf7eut.onion/rc
http://s4bysmmsnraf7eut.onion/sm

perhaps we are still under the DDOS of that poor soul :)

Maybe the 'clearnet traffic' is breaking, while the onion tunnel goes smooth under the attack and the data center filters ..

Thank you very much for your feedback!

works smooth within tor.

seems odd, but is okay  :)

Good :)
Is unfortunate but we are not able to tell if the DDOS attack is still going on.
Maybe not, or maybe the server farm is filtering the traffic.
The server traffic is in the norm, logs are ok, number of sockets in the norm, cpu ok, ram low as usual.
Hey DD4BC Team, are you still attacking us ?

"ALSO .. we changed the log rotation policy.
Before it was the Debian default: 1 month.
1 month is too much, we don't need it and privacy-wise, the less the better.
The new policy is 1 week: system logs and web access logs are kept for 1 week.
(this can still be improved, in the near future it will be 48 hours)"

O.K. Guys you keep talking about anonymity, privacy and all those cool thing.

1. When you keep logs there is no anonymity.

2.
"ALSO .. we changed the log rotation policy.
Before it was the Debian default: 1 month.
1 month is too much, we don't need it and privacy-wise, the less the better.
The new policy is 1 week: system logs and web access logs are kept for 1 week.
(this can still be improved, in the near future it will be 48 hours)"

- "this can still be improved..."  Your statement looks like you were sitting at the round table with the system negotiating for how long it should keep the logs if any. You keep logs or you don't! The user is unknown or he isn't.

Hi maiste, sorry we'll be very direct about your comments and (lack of) concrete suggestion / solution:
you have no idea what you are talking about :)
No offense but in short, disabling all logs wouldn't improve users privacy of an inch
and (just as a first example) fail2ban wouldn't work at all.
Fail2ban protects the service against floods and brute force cracking attempts of ssh, smtp, pop, imap, http, ...

Anyway thanks for your interest!

I'm far from getting upset if you beat me with a reasonable reply (which you did).
I'm going to give your service a try.

Salute!

Hi welcome abroad!
Yes sorry for the short and cheap answer, the topic (privacy) is so large that you don't know where to start.
About the logs, consider that if an attacker gains access to the server (by exploit, physical access or vps supervisor), even with no logs,
he would be able to read/copy the emails, get the list of the accounts
and perhaps install a sniffer, which gives much more info than the logs.

The key for your privacy is yourself, use Tor browser bundle and use end-to-end encryption (PGP), use Tails, claws-mail + torsocks if you prefer a mail agent (you can find it in Tails), use https://temp.pm, don't trust us!

Feedback is welcome :)

Receiving error 500 today and cannot connect. Just a FYI to notify you of the problem.

Thank you for the service.

down? why??

Hi thanks for the feedback. Strange problem, not sure about the reason, contacting the datacenter ..

Hi, it looks like a DDOS attack (from Tor) to squirrelmail was preventing the other web services to work (web site and roundcube webmail).
We have currently disabled squirrelmail.
We are working on this.
Services are now up.

Thanks for the feedback!

Hi ok we restored squirrelmail ( https://ruggedinbox.com/sm or http://s4bysmmsnraf7eut.onion/sm )

tnx, have been waiting deem 24 hours :D

It seems to be slow and unresponsive again at this time. DDOS attack back?

If so you would think people would have enough dignity and respect not to screw with peoples communication with their families on Christmas eve. /rant

Yup, seems to be getting low ddos attacks -_- but its almost like this 24\7 :/
OP: If you're running this on vps, why you don't buy ddos protection?
I'm sure you don't get higher ddos attacks than 10-15 gbps :c

Hi yes we had to disable squirrelmail again
and currently there are a lot of junk requests to roundcube, draining most of the Tor Hidden Service traffic.
Since the attack is targeting RIB's Hidden Services, all we can see is traffic coming from 127.0.0.1 (that's how Tor HS works)
hence is impossible to discriminate and filter the offensive clients.
Also, the datacenter DDOS filter is useless in this scenario: we already have DDOS protection but it doesn't protect Tor Hidden Services,
it protects only from usual clearnet attacks.
For reference, we got some confirms here: https://lists.torproject.org/pipermail/tor-talk/2014-August/034341.html

We have now disabled our Tor Hidden Services and restored squirrelmail, thus we are currently accepting traffic only from and to clearnet.
You can reach the clearnet service here: https://ruggedinbox.com

Hi little update, all services are up.

Let us know if you have any problem!
RuggedInbox team

I read about ruggedinbox in \r\privacy subreddit of reddit.com. Thank you for providing such a private email client.  

I have an android 2.3.4 phone and android 4.4.2 tablet. Opera Classic browser and Firefox 34.0.1 browser can render ruggedinbox.com website. However, orweb browser and lighting browser cannot.  Lighting browser error message: "Website not available."  Orweb's error message: "Website not available."  Are other users getting these error messages?

Tnx finally i can use it :P

The emails I am sending from my ruggedinbox.com account were rejected by a company because they didn't come from my registered email account. The emails I sent came from vmail@ruggedinbox.com. Is my account hacked? Do I need to close it?

I am so happy to have run across Ruggedinbox!
This is just what my family was looking for. 
So tired of data mining.  :(
So, thanks to the team who has created this!!!!

So, I was wondering if there was a "Claws For Dummies" book or something.
I am trying to configure Claws and just do not understand what goes where
in the configuration settings.  My family has always used Yahoo and Gmail,
using the web interface.  But now, in order to be private, we would like to use
Claws to pull the email from the server to our personal drives using POP3.  Even though
our email server is offshore, if nothing is ever stored there, the better.

Is there a place that describes how to configure Claws?

Thanks again for the great system. 

Hi, your account was not hacked and we are aware of this problem.
The emails sent from RIB have an additional header, that 'vmail' sender, which is added by the script that limits daily emails.
Some systems, like ebay, have problems with this.
The fix isn't straightforward but we'll dig into this again and let users know if positive.

Thanks for your interest!

Hi and welcome!
Currently we don't have any step-by-step howto,
anyway be sure to use the following parameters:

Host: ruggedinbox.com
IMAP (TLS) port: 993
POP (TLS) port: 995
SMTP (TLS) port: 465

and be sure to always use the complete address of your account: username@ruggedinbox.com

also, in SSL, check 'Use SSL for POP3 connection'
and check 'Use non blocking SSL'.


Thanks for your interest and wish you a great 2015!
RuggedInbox team

Thanks for explaining vmail. Ebay was the only company to reject my emails, so I wont use with Ebay.

Thanks offering squirrelmail to give option to disable javascript to make us safer. Squirrelmail website works very well using opera or firefox for android. Roundcube does not. I cannot open emails.

I have several android devices. Everytime I set up my email account, K-9 reports : "Unrecognized Certificate. The server presented an invalid certificate." Should K-9accept the key anyway?

Hi! Our smtp, pop and imap services are still using the self-signed certificate.
Only the web server (https) is using the valid SSL certificate.
Some time ago we discussed internally about this and decided that since we don't trust CAs
and since no user is complaining, we'll continue to use the self-signed certificate.

That said, ideally the mail client (K-9) should be able to import the certificate
in order to stop prompting that question.

Thanks for the SSL explanation. After accepting the SSL key, K-9 does not prompt any more.  I recommend including explanation on websites so users will not worry about K-9 warning. thanks.

I have failed.   :(
I'm not worthy.

Trying desperately to make claws work but, have had no success.
May I try this?...

Look at the settings below, and see what is wrong them:

Basic
Personal information

• Name of account: myusername
  Full name: myusername
  Mail address: myusername@ruggedinbox.com

Server information

• Protocol: Pop3
  Server for receiving: ruggedinbox.com
  SMTP server (send): ruggedinbox.com
  User ID:  myusername                                         Password: myPassword

SSL

• POP3
  Use SSL for POP3 connection: selected
  Send
  Use STARTTLS command to start SSL session: selected
  Client certificates
  Use non-blocking SSL:  de-selected
  

Advantage

• Everything deselected

Sign key

• Use default GnuPC key: selected

If you see what I have done wrong, let me know and I will make the adjustments.
I sure do appreciate the help.

Hi, here:

SMTP server (send): ruggedinbox.com
User ID:  myusername                                         Password: myPassword[/li][/list]

are you using the full format of your account: myusername@ruggedinbox.com

?

I changed my settings to:

Server information

    Protocol: Pop3
    Server for receiving: ruggedinbox.com
    SMTP server (send): ruggedinbox.com
   User ID:  myusername@ruggedinbox.com                   Password: myPassword

Thius is my error:

* Account 'xxxxxx': Connecting to POP3 server: ruggedinbox.com...
*** SSL handshake failed
*** Connection failed.

Am I supposed to have the setting set at:

 Protocol: Pop3
    Server for receiving: ruggedinbox.com:995
    SMTP server (send): ruggedinbox.com:465
    User ID:  myusername@ruggedinbox.com                   Password: myPassword


Thanks for the help!!!!

Hi, in your home directory you should have a file named .claws-mail/accountrc
compare it with the following working example:

[Account: X]
account_name=xxx@ruggedinbox.com
is_default=0
name=xxx@ruggedinbox.com
address=xxx@ruggedinbox.com
organization=
protocol=0
receive_server=ruggedinbox.com
smtp_server=ruggedinbox.com
nntp_server=
local_mbox=/var/mail
use_mail_command=0
mail_command=/usr/sbin/sendmail -t -i
use_nntp_auth=0
use_nntp_auth_onconnect=0
user_id=xxx@ruggedinbox.com
password=XXXX
use_apop_auth=0
remove_mail=1
message_leave_time=0
message_leave_hour=0
enable_size_limit=0
size_limit=1024
filter_on_receive=1
filterhook_on_receive=1
imap_auth_method=0
receive_at_get_all=1
max_news_articles=300
inbox=#mh/Mailz/inbox
local_inbox=#mh/Mailz/inbox
imap_directory=
imap_subsonly=1
low_bandwidth=0
generate_msgid=1
generate_xmailer=0
add_custom_header=0
msgid_with_addr=0
use_smtp_auth=1
smtp_auth_method=0
smtp_user_id=
smtp_password=!
pop_before_smtp=0
pop_before_smtp_timeout=5
signature_type=0
signature_path=/home/xxx/.signature
auto_signature=1
signature_separator=--
set_autocc=0
auto_cc=
set_autobcc=0
auto_bcc=
set_autoreplyto=0
auto_replyto=
enable_default_dictionary=0
default_dictionary=en
enable_default_alt_dictionary=0
default_alt_dictionary=en
compose_with_format=0
compose_subject_format=
compose_body_format=
reply_with_format=0
reply_quotemark=
reply_body_format=
forward_with_format=0
forward_quotemark=
forward_body_format=
default_privacy_system=
default_encrypt=0
default_encrypt_reply=1
default_sign=0
default_sign_reply=1
save_clear_text=0
encrypt_to_self=0
privacy_prefs=gpg=XXX==
ssl_pop=1
ssl_imap=0
ssl_nntp=0
ssl_smtp=2
use_nonblocking_ssl=1
in_ssl_client_cert_file=
in_ssl_client_cert_pass=!
out_ssl_client_cert_file=
out_ssl_client_cert_pass=!
set_smtpport=0
smtp_port=25
set_popport=0
pop_port=995
set_imapport=0
imap_port=143
set_nntpport=0
nntp_port=119
set_domain=0
domain=
set_tunnelcmd=0
tunnelcmd=
mark_crosspost_read=0
crosspost_color=0
set_sent_folder=0
sent_folder=
set_queue_folder=0
queue_folder=
set_draft_folder=0
draft_folder=
set_trash_folder=0
trash_folder=
imap_use_trash=1

don't forget to close claws-mail while editing the file!

Let us know how it goes .. send us a PM if you prefer.

You have given me hope!  :)

I now have this message:

* Account 'xxxxxxr@ruggedinbox.com': Connecting to POP3 server: ruggedinbox.com...
*** SSL handshake failed
*** Connection failed.

I made sure the Use non-blocking SSL is unchecked.
Tried again and had the same issue.
I can login to this account via webmail, but not in claws.

What should I check next?

Thanks.

Hi! Ok we'll provide a step-by-step guide on claws-mail configuration asap :)

 ;D ;D ;D ;D ;D

I think this is a very good idea!

There is a youtube video about Claws, and it is pretty good.  But, there is no way to include each provider's custom account information in the video.

Some of us are using Tails.  If there are any special considerations for this, please add it in your instructions too.   :)

Thanks again!

Hi, we found the source of the problem, it wasn't your fault!
When hardening the imap/pop service (dovecot) against the recent POODLE vulnerability, we followed the advise to disable SSL2 and SSL3
but that is giving problems with some email clients.

we'll fix this asap, sorry about that.

Hi ok please try again, POP3 should now work with both 'Use SSL for POP3 connection'
and 'Use STARTTLS command to start SSL session'.

I have managed to get  POP3 working, but I cannot send email.

It always times out when trying to connect to SMTP server.

* Account '*******': Connecting to SMTP server: ruggedinbox.com:465...
*** Session timed out. You may be able to recover by increasing the timeout value in Preferences/Other/Miscellaneous.

I have checked the various configuration point in SSL & Sent

Use STARTTLS

OK.... great to hear that it was not me.   :)
I was getting a complex.
Just what am I to do with all this adrenelin now?

I am able to receive.  Big hurray!!!
But I am not able to send!!!!  

Here is my error:

[17:00:42] ESMTP> EHLO localhost
[17:00:42] ESMTP< 250-ruggedinbox.com
[17:00:42] ESMTP< 250-PIPELINING
[17:00:42] ESMTP< 250-SIZE 104857600
[17:00:42] ESMTP< 250-ETRN
[17:00:42] ESMTP< 250-AUTH PLAIN LOGIN
[17:00:42] ESMTP< 250-AUTH=PLAIN LOGIN
[17:00:42] ESMTP< 250-ENHANCEDSTATUSCODES
[17:00:42] ESMTP< 250-8BITMIME
[17:00:42] ESMTP< 250 DSN
[17:00:42] ESMTP> MAIL FROM:<xxxxxx@ruggedinbox.com> SIZE=402
[17:00:42] SMTP< 250 2.1.0 Ok
[17:00:42] SMTP> RCPT TO:<xxxxxx@ruggedinbox.com>
[17:00:42] SMTP< 553 5.7.1 <xxxxxx@ruggedinbox.com>: Sender address rejected: not logged in
** error occurred on SMTP session
*** Error occurred while sending the message:
553 5.7.1 <xxxxxx@ruggedinbox.com>: Sender address rejected: not logged in

Also, I get this warning:

One of your applications (probably an email client) appears to be making a potentially unencrypted and unsafe connection to port 110
Anything sent over this connection could be monitored. Please check your application's configuration and use only encrypted protocols, such as SSL, if possible

So that you know, I understand how big an issue this is, not some little thing.  And it requires much research, making this a big deal.
I appreciate all your efforts.
I really need this email system.  You have no idea how much peace of mind I will have when this issue is resolved.  Not just me but,
a whole bunch of people will be using this in the future.  It is the best system anywhere.  So, be encouraged on the efforts you have put in.
This is a worthwile effort!

Thanks from me!

nice work
A+
https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com

I've got a problem with receiving mails in thunderbird. It asks every time to confirm an exception for ruggedinbox. I import the certificate and get the warning again. This warning shouldn't show up from importing the correct certificate and even after accepting the exceoptin it pop-up again and again. So I can't receive any mails within thunderbird.
Are there any suggestion?

(In a few hours I could send screenshots with preferences.)

Hi! Ok so, follows the complete GUI configuration of claws-mail:

basic:
name of account: xxx@ruggedinbox.com
full name: xxx@ruggedinbox.com
mail address: xxx@ruggedinbox.com
organization: empty

protocol: pop3
server for receiving: ruggedinbox.com
SMTP server (send): ruggedinbox.com
user ID: xxx@ruggedinbox.com
password: xxxxxxx

receive:
use secure authentication (APOP): no

send:
generated message-id: yes
send account mail address in Message-ID: no
generate x-mailer header: no

SMTP authentication (SMTP AUTH): yes
Authentication method: Automatic
User ID: empty
Password: empty
Authenticate with POP3 before sending: no

SSL:
POP3: Use SSL for POP3 connection

Send (SMTP):
Use STARTTLS command to start SSL session

Use non-blocking SSL: yes

Advanced:
SMTP port: no
POP3 port: no
Domain name: no
(everything is unchecked)

And an example of the accountrc file:

[Account: X]
account_name=xxx@ruggedinbox.com
is_default=0
name=xxx@ruggedinbox.com
address=xxx@ruggedinbox.com
organization=
protocol=0
receive_server=ruggedinbox.com
smtp_server=ruggedinbox.com
nntp_server=
local_mbox=/var/mail
use_mail_command=0
mail_command=/usr/sbin/sendmail -t -i
use_nntp_auth=0
use_nntp_auth_onconnect=0
user_id=xxx@ruggedinbox.com
password=XXX
use_apop_auth=0
remove_mail=1
message_leave_time=0
message_leave_hour=0
enable_size_limit=0
size_limit=1024
filter_on_receive=1
filterhook_on_receive=1
imap_auth_method=0
receive_at_get_all=1
max_news_articles=300
inbox=#mh/Mailz/inbox
local_inbox=#mh/Mailz/inbox
imap_directory=
imap_subsonly=1
low_bandwidth=0
generate_msgid=1
generate_xmailer=0
add_custom_header=0
msgid_with_addr=0
use_smtp_auth=1
smtp_auth_method=0
smtp_user_id=
smtp_password=!
pop_before_smtp=0
pop_before_smtp_timeout=5
signature_type=0
signature_path=/home/xxx/.signature
auto_signature=1
signature_separator=--
set_autocc=0
auto_cc=
set_autobcc=0
auto_bcc=
set_autoreplyto=0
auto_replyto=
enable_default_dictionary=0
default_dictionary=en
enable_default_alt_dictionary=0
default_alt_dictionary=en
compose_with_format=0
compose_subject_format=
compose_body_format=
reply_with_format=0
reply_quotemark=
reply_body_format=
forward_with_format=0
forward_quotemark=
forward_body_format=
default_privacy_system=
default_encrypt=0
default_encrypt_reply=1
default_sign=0
default_sign_reply=1
save_clear_text=0
encrypt_to_self=0
privacy_prefs=gpg=XXX==
ssl_pop=1
ssl_imap=0
ssl_nntp=0
ssl_smtp=2
use_nonblocking_ssl=1
in_ssl_client_cert_file=
in_ssl_client_cert_pass=!
out_ssl_client_cert_file=
out_ssl_client_cert_pass=!
set_smtpport=0
smtp_port=25
set_popport=0
pop_port=995
set_imapport=0
imap_port=143
set_nntpport=0
nntp_port=119
set_domain=0
domain=
set_tunnelcmd=0
tunnelcmd=
mark_crosspost_read=0
crosspost_color=0
set_sent_folder=0
sent_folder=
set_queue_folder=0
queue_folder=
set_draft_folder=0
draft_folder=
set_trash_folder=0
trash_folder=
imap_use_trash=1

Let us know ..

Hi, that's because the valid SSL certificate is installed only on the web server (webmail).
POP/IMAP and SMTP are still using the self-signed certificate, that's because we decided not to trust CAs (and for the webmails we suggest using the onion address http://s4bysmmsnraf7eut.onion/rc).
We are not thunderbird users but didn't receive any complaints, anyway, would you consider using claws-mail ?

Hi please have a look at https://bitcointalk.org/index.php?topic=660374.msg10150062#msg10150062

are you using claws-mail with torsocks ?

SUCCESS!!!!

I am successfully logged in, sending and receiving email using claws.

This is great! 

What I found:
There were a few changes I had to make in the configuration settings.  You did a great job listing each setting and it was easy to fix. 

Many thanks!
Many thanks!
Many thanks!

Hi, thanks for confirming and you are welcome :)
And thanks for your patience! We are still missing some decent documentation, we'll use some contents wrote here as a starting point ..

Tried to send to a hotmail account, and a Live account, both are Microsoft.
I received a bounceback message stating my server is on the blocklist.
Is this something that is fixable or, is the Ruggedinbox server forever going to be on the blocklist due to the nature of this server?
I have a hard time believing that anyone would try to use Ruggedinbox to send SPAM since you can only send an email once every 3 minutes.  However, it is on the blocklist so, who knows?  Too bad too,.... I love this email!
Hoping that this can be fixed.

My work around for this problem is to get the family member who I am trying to send an email to, to become create a ruggedinbox account.

Thanks!

I recently found ruggedinbox & it seems like a solid e mail program.Not to many bells & whistles which i prefer,but,still has some nice features.

It is still in BETA,at least to my knowledge.I'm no expert but this seems to be a long time for BETA.

Also it seems someone forgot to proof read...this is an excerpt from the features page...

Hi!

As you can see: http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3aruggedinbox.com&run=toolpage

RIB is not blacklisted on any blacklist
but .. M$ (same as gmail) have internal blacklists ..

RIB was never blacklisted on any RBL
and look at the reputation of RIB's public IP (which never changed):
https://www.senderscore.org/lookup.php?lookup=94.156.77.238&validLookup=true

as you pointed out, RIB is simply not a great tool for spamming: 30 emails every day, 3 minutes between every email sent ..

M$ hates us from day 1 (we hate them from long time before), we tried to fill their form to be unblacklisted but nothing happened.
Feel free to try yourself, thanks to you we may have better luck :)

Hi, thanks for your kind words and for reporting the typo. Fixed!
About leaving BETA stage, yes probably you are right. RIB is now bullet proof and should be considered stable.
(and those were the last unwise words of RIB team ..)

I noticed some other issues,i was gonna upload screenshots but don't see how to accomplish this.

Settings>user interface>date shows 7/24/2015 & time shows 7:30 all the time.
What does "pretty dates" mean?

Settings>mailbox view>Display desktop notifications on new message & Play the sound on new message doesn't work.

I'm not sure but i believe i noticed a time limit with account being active without logging in.Is there a time limit if one doesn't log in in a given time frame.

Hi, the form shows 7/24/2015 & time shows 7:30 all the time because they are just examples.

"pretty dates" means something like Monday 1st April 2015 instead of 2015-04-01.

Desktop and sounds notifications works perfectly here.

Session expiration time is 10 hours.

That's odd,i wonder what the issue can be,any ideas?


What i meant was is there a time frame if one doesn't log in to the e mail account.Some e mail programs will deactivate the account if there are no log in to the e mail program,such as 3 months,6 months etc.Does ruggedinbox have such a policy.

decent email client ,but several restrictions on the number of total emails sent in one hour

Hi, about your sounds and desktop notification problem, don't know sorry.

About the deactivation policy, currently there isn't any
and storage usage is decently low so there will not be any for long time.

When storage availability will be a problem we'll increase the size.

After that, we'll probably add another server but also enable a very relaxed deactivation policy, for example over 12 months inactive accounts.

Yep, 30 outgoing email per day (unlimited incoming) and 1 outgoing email every 3 minutes.
(the limit is daily, not hourly)
Those are the default rules.

We lower the limits for users who asks.

I would like to pick up on this and suggest (gently!!) that I, as a grateful user, do have a problem with the lack of a non-self-signed SSL certificate for IMAP.

I use Postbox, The Bat! (on Windows) and K-9 (on Android). I don't really want to use Claws Mail.

Postbox and The Bat! point-blank refuse to connect without a certificate. I have tried more than once.

K-9 accepts the lack of a certificate at first, but then kick it out and will not connect.

This is such a good email service! Could you (please!) re-consider your stance on certification, so that users of email clients other than Claws can access emails by IMAP or POP?

Thanks!

Hi, we are getting a lot of requests on that, we'll change the configuration on the server as soon as possible in order to use the valid certificate even on pop/imap/smtp.

Thanks for the feedback!

Hi ok we brought and installed a proper ssl certificate for smtp/pop/imap on the domain mail.ruggedinbox.com (which is the MX record)
and did some tests on thunderbird/icedove + torbirdy in order to check for exceptions.

Since we were there, we did some packet sniffing and it doesn't appear to leak.

On Debian Wheezy this is the install procedure:

on terminal, as root, type:
apt-get install icedove tor
(icedove is the debian name for thunderbird)

open a browser (perhaps TBB) and download the torbirdy add-on: https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/

open icedove, go to preferences -> press on the 'switches' button on top right, near the 'Search all add-ons' search box -> 'Install Add-on From File ...'
and select the 'torbirdy-0.1.X-tb.xpi' file you downloaded before.

Close and reopen icedove.

On bottom right you should read the following, in green: TorBirdy Enabled: Tor

Now you can input / create a new mail account.
Insert your username and password.
We tested POP.
Since torbirdy is installed, the wizard is disabled .. you'll need to change some settings manually:

go to preferences -> Account Settings

* Server Settings:
Server Name: mail.ruggedinbox.com
Port: 995
User Name: xxx@ruggedinbox.com
Connection security: SSL/TLS
Authentication method: Normal password

* Outgoing Server (SMTP) -> Edit
Server Name: mail.ruggedinbox.com
Port: 465
Connection security: SSL/TLS
Authentication method: Normal password
User Name: xxx@ruggedinbox.com

Now you should be able to send and receive, all traffic will be routed thru Tor and you'll never get the ssl certificate exception.

The new ssl configuration applies also to other clients, with or without Tor they should validate ruggedinbox.com and/or mail.ruggedinbox.com

Thanks for your good work, we've added your email service to our list: https://www.privacytools.io/#email

Everyone, please feel free to participate (https://www.reddit.com/r/privacytoolsIO/) in our community project.

Hi! Thanks for including RIB and thanks for your efforts, very nice project!

By coincidence, we were going to contact you right now when we saw this post :)
We'd like to add a 'warrant canary' on RIB's home page, that's a very clever idea.
We'll contact you now ..

Hi so a user asked us if we could install this plugin: https://squirrelmail.org/plugin_view.php?id=153
but as you can see, it is broken: http://squirrelmail.5843.n7.nabble.com/G-PGP-Encryption-plugin-td9828.html
and here: http://squirrelmail.5843.n7.nabble.com/G-PGP-plugin-td21818.html

That said, the SquirrelMail project has some bounties: https://squirrelmail.org/donations.php#smbounty
where you can read "Update GPG plugin .. Proposed bounty: $2000"
so we pressed 'Purchase' and were contacted by Paul Lesniewski of the SquirrelMail team http://squirrelmail.org/donate_paul_lesniewski.php
which confirmed that the project accepts bitcoins.

The plugin would provide correct Content-Type header (multipart/encrypted) so email client processes the message properly without hassle for recipient
and also search public keys on keyservers and encrypt the messages.

So here we are trying to fundraise the requested amount, 8.412371 BTC ( calculated with https://www.coindesk.com/calculator ) giving as a deadline 30 days from today: 26th June 2015.

We don't know any trusted/privacy oriented fundraising platform (never used one), so we just setup a dedicated BTC address: 1AH1mMYQvoHUUK55UY8hdguBbJNK6LrARm
and if the amount is not reached, we'll send back the funds to the sender addresses.

Now send some coins and make this happen!


Thanks,
RIB team

This week, we have noticed that we are not able to send email.
Here is the log:


* Account 'xxxxxxx@ruggedinbox.com': Connecting to SMTP server: ruggedinbox.com ...
[02:57:22] SMTP< 220 csds.local ESMTP
[02:57:22] ESMTP> EHLO localhost
[02:57:22] ESMTP< 250-csds.local
[02:57:22] ESMTP< 250-8BITMIME
[02:57:22] ESMTP< 250-AUTH PLAIN LOGIN
[02:57:22] ESMTP< 250-XCLIENT NAME HELO
[02:57:22] ESMTP< 250-XFORWARD NAME ADDR PROTO HELO
[02:57:22] ESMTP< 250-ENHANCEDSTATUSCODES
[02:57:22] ESMTP< 250
[02:57:22] ESMTP> STARTTLS
[02:57:22] ESMTP< 500 5.5.1 Error: unknown command
** error occurred on SMTP session
*** Error occurred while sending the message:
500 5.5.1 Error: unknown command
* Account 'xxxxxxx@ruggedinbox.com': Connecting to POP3 server: ruggedinbox.com...
[03:01:44] POP3< +OK Welcome to ruggedinbox.com
[03:01:44] POP3> USER xxxxxxx@ruggedinbox.com
[03:01:44] POP3< +OK
[03:01:44] POP3> PASS ********
[03:01:45] POP3< +OK Logged in.
[03:01:45] POP3> STAT
[03:01:45] POP3< +OK 0 0
[03:01:45] POP3> QUIT
[03:01:46] POP3< +OK Logging out.

Thank you in advance, for your help.

nice service man!!
to be anonymous...
thumbs up !!!

Hi, all working fine here. Do you still have the issue ?

no its just working fine like a charm for me..
one question i wanna ask..will ever our real location will be trapped ??
in any case??

I still have problems.  However, I decided to try a test and it went through.  all is good.  Sorry I posted this issue.

Well, that didn't work.   :(
I was able to send, and then I cannot send.  I tried many times today but, I get the following error:

POP3< +OK 0 0
POP3> QUIT
POP3< +OK Logging out.
* Account 'xxxxxxx@ruggedinbox.com': Connecting to SMTP server: ruggedinbox.com ...
SMTP< 220 csds.local ESMTP
ESMTP> EHLO localhost
ESMTP< 250-csds.local
ESMTP< 250-8BITMIME
ESMTP< 250-AUTH PLAIN LOGIN
ESMTP< 250-XCLIENT NAME HELO
ESMTP< 250-XFORWARD NAME ADDR PROTO HELO
ESMTP< 250-ENHANCEDSTATUSCODES
ESMTP< 250
ESMTP> STARTTLS
ESMTP< 500 5.5.1 Error: unknown command
** error occurred on SMTP session
*** Error occurred while sending the message:
500 5.5.1 Error: unknown command

I do not remember making any changes on my end, it just stopped sending.  I can receive without any trouble.
I see the error comes after STARTTLS.  What can I do to check my setting?  Here are the Send settings in Claws:

send:
generated message-id: yes
send account mail address in Message-ID: no
generate x-mailer header: no

SMTP authentication (SMTP AUTH): yes
Authentication method: Automatic
User ID: empty
Password: empty
Authenticate with POP3 before sending: no

SSL:
POP3:
Use SSL for POP3 connection

Send (SMTP):
Use STARTTLS command to start SSL session

Use non-blocking SSL: yes

Advanced:
SMTP port: no
POP3 port: no
Domain name: no
(everything is unchecked)

If you can think of anything that I can check, I would appreciate it!
Thank you!

Update:
Ok, after failures all day, the email finally went through in the evening.  I have no clue as to why.
So, I hardly know how to approach this erratic problem.  I do not know what to look for being that it is erratic like this.
Scratching my head.

Update 06/08/2015:
I have not been able to send.  The error in the post above means that there is something wrong with my Claws settings?  It comes after "STARTTLS".  Any idea what I can look for in my own settings?  Claws is able to connect to serve and download all incoming email.  I am only having a problem with sending.

Thanks in advance!


Update #2 06/08/2015:

I decided to check my router settings.  As I went through the security settings, I remembered checking the "Anti-Hacking" checkbox a few weeks ago.  I removed the checkbox and the email sent.  I caused my own problem.  Doing too many things at once, otherwise I would have remembered the change I made immediately.

I really, really like Claws, and Ruggedinbox. 

Hello everyone. Yes, it's a nice free offshore email. Does anybody know how to check IP address for incoming emails. Need help. Thanks.

You can try this http://whatismyipaddress.com/trace-email but im not sure it will work with ruggedinbox

Thanks for your reply. Actually I use this site http://whatismyipaddress.com/trace-email every day. My point is to find the IP address of the sender in the
body of incoming email. Its easy to find IP in MSN, Yahoo, Google emails. But how to find the same in Ruggedinbox?
Thanks.

FBI message OUTDATED, Not replying here will make us assume things.... ::)
Today is  :   July 26, 2015, 08:51:14 PM   , while i am writing here .

The content of the file https://ruggedinbox.com/canary.txt (https://ruggedinbox.com/canary.txt) was that moment :


*********************************************************************************************
We do not know about any seizures, warrants or searches of the following
servers:

 - ALL public servers
 - ALL hidden servers

We do not know about any seizures, warrants or searches of staff hardware.
We never placed any backdoors in our servers or network and never received any requests to do so.

Today is 2015-07-16

We can't guarantee no secret searches have been performed.
We can't guarantee the private key wasn't secretly compromised.
We can't guarantee the staff won't give in to force.

Be extremely careful if this file disappears or is outdated.

Public Key: https://ruggedinbox.com/rib.pub.txt (or http://s4bysmmsnraf7eut.onion/rib.pub.txt)

This message expires in 14 days.

*********************************************************************************************

Check again your math ;)
(we updated the canary exactly on the 'expiration' day, first rule: don't panic)

SENT an email to support team a few hrs ago. I actuallly forgot my password andis there i way i can reset it. Plus i can answer verification questions so as to help me reset it.
Expecting to her from ya

Answered, sry can't do.

Hi,
Running claws mail and having issues setting up ruggedinbox account.
Can receive OK but get error on send.
Have followed instructions for settings in this thread.
Compared my accountrc file to the example given too but not seeing my problem.
Any help greatfuly received.

Hi, are you perhaps using Tails ?
If yes, RIB is known to _not_ work with claws-mail on Tails, but icedove/thunderbird + torbirdy works ok.
We are in the process of writing a step-by-step howto on configuring thunderbird on Tails ..

TY

guys, i can't neither receive nor send any mail.
its been like a week already and it's sad

it even does not send from ruggedinbox to ruggedinbox.
please fix this!

anyone who knows these guys from ruggedinbox, can you please tell them the service is not working properly!?

Is anyone else unable to send or receive messages? I have tried multiple times to send emails with people not getting them. I have had people resend emails and I still never get them. Any help?

Same here and i don't know how to contact the team of ruggedinbox cause I suppose even their mail is not working.
I'm in trouble because I've lost a password on a forum and I can't receive the email for resetting the password.
Nothing works, sending, receiving, sending on the same address.
Hope someone of the ruggedinbox staff will reply on this thread.

finally at least someone replied:) thus im not alone :)
i wrote to every place where ruggedinbox mentioned... their email, reddit account, here to PM... no response...

i switched to TorMessenger finally..

I'm happy for you, sadly I've lost the password on one forum and the account is connected to a ruggedinbox account.
If ruggedinbox doesn't start working again I can't reset my password.

Ruggedinbox.com's clearnet site is not down, but their .onion version is down or not working "(Unable to connect)".

Ruggedinbox recently (November) started operating a tor relay server.

Their warrant canary (https://ruggedinbox.com/canary.txt) is expired by 1 day which says "Be extremely careful if this file disappears or is outdated." No telling if these things are related...

Their onion site went down about two days ago.
Anyway no one words from them.....Seems "strange".

Ouch that site is ugly.
The service itself seems ok to me. Only 200 MB is not enough. Why not introduce some paid packages with some upgrades on the diskspace you have.

Hi all sorry for late reply and thanks for the feedback,
had some urgent stuff with our daily jobs.

Yesterday we noticed that the antivirus / antispam crashed
so we restarted the services and the emails queue 'flushed' alone slowly.

Now everything should work as usual, we'll upgrade the RAM on the VPS
asap ..

Also updated the canary file, sorry for being late and causing rightful worries!

TY

This one: http://cryptonoid.com
it's an exit node: https://atlas.torproject.org/#search/87.120.37.163 (needs javascript)
or here: https://torstatus.blutmagie.de

Cheap, easy to setup and works well
(it's on a different VPS than RIB)

TY

So are the emails sent/received over the last few days going to come through or are they wiped out? I still have not received any of the emails into my inbox since at least 18 hours ago. Do I just keep waiting? how long until I can send and receive an email within 1 minute time frame? I use the email to log into websites, like online banking, and the websites require email code verification to log in, so when this email is not working, I can't log into the websites either! Really frustrating!

Your service looks great, but why limit it to only 30 emails a day? Most people who use their emails on a daily basis sent over 50 mails easily.
On your website they have to wait to sent an email. Quite odd right?

Let me add to that:
The site needs a graphical upgrade. It's just too ugly (sorry for being honest)
The service needs improvement, 30 mails per day and 200 MB space is just not enough.

I know resources cost money, but you can ask a little donation from users to make it cost efficient.

The service seems working normal again.

As far as i know they tried to collect donations in the past but with very little sucess.

The Tor developers have been recommending disabling JavaScript for strong anonymity since the project was new, ten years ago. That warning has never changed.

Hi yes the spam problem is still ongoing and yes, some of the previous emails (queue) were sent
but we then realized that the queue was full of spam and, sorry about that, we deleted ALL the queue.
This means that previous emails are lost.

Currently the service is still sending spam and also, it was blacklisted on a number of RBLs.

This is the first serious spam issue with RIB, but not something we have never seen on our daily jobs:
so we are still investigating the cause and the fix.
Probably we used a stupidly easy captcha for the account registration and it was 'cracked'.

We'll update all users with a broadcast message as soon as we have some (hopefully good) news.

TY

We tried a fund raise campaign to update a G/PGP plugin for SquirrelMail,
long story short: the plugin required the PRIVATE g/pgp key to be present on the server and so, we canceled the fund raise.

RIB is economically in perfect shape: we are glad to say that the project is self funding (with community donations) from around 1 year.

We hope to fix this spam problem asap ..

TY

I whish you to get the problem fixed soon as i highly recommend your service!

Thank you, yes the outgoing spam problem was stopped and the service looks in good shape since then.
We changed the captcha and wrote some custom rules for spamassassin.
We also had to stop Tor and the relative Hidden Service access, this sucks hard but it looks like from yesterday our Tor HS 'stack' is under ddos :|
We asked for delisting where possible, where not possible we simply need to wait and RIB will be delisted automatically.

TY

your side seems not to work at the moment. is there a problem?

The email service is currently virtually unusable!

It is so SLOW that it keeps on timing out... what is going on????

Seems all is back to normal. Side is working correctly again :).

RIB is down? Have been trying since yesterday with no success. Tried webmail, e-mail client, TOR. Have we lost RIB?

The same issue here! I'm really concerned because I started using it as my primary mail... What's going on guys?

same here! :( trying all 15 minutes but nothing!

i really hope they come back! :(

Me too.

Previously just the onion service was down. Now the whole site seems to be down. Yesterday I got this message trying to load http://ruggedinbox.com (with no SSL):

Ruggedinbox is also down for me since Friday.

I know that Voxility (their DDOS Protection and Peering partner) had some problem this day but I'm sure these issues have been already fixed.

I noticed that Ruggedinbox is hosted on a normal VPS. This is not professional in my opinion, also regarding the privacy and reliability. They should use true dedicated servers.

Given that we are locked out of our darknet SquirrelMail on ruggedinbox, I was pondering alternatives like Sigaint.  But Gmail is probably less likely to go offline for several days (or for good).  Is an onion-based mail service really all that more anonymous than using Gmail over VPN from Private Internet Access, which says it does not keep any logs of any kind and can be paid for anonymously.  Gmail on Tor is unpleasant due to constant calls for cell verification when it encounters a "new" country of dial tone.  The cost issue ($40/year) aside, what are the realistic privacy decrements of going with Gmail via commercial VPN on the web compared to an onion service like Rugged Inbox?

I tried both clear and tor sides, and it seems pretty dead.

It was not my main mail address, but strangely I have been using it maybe more than the main one.

I hope it comes back soon.

Virtual are the best way to recover quickly.
Something else is wrong.
Sure wish we could get an update from a moderator.  This is my only email and it has been down for a long time.

Well, I believe they'll be back soon. BTW it's pretty annoying that there is no official communication channel or IRC or whatever. Sure we can wait but we don't know if there is something for.

I just checked Canary Watch. RIB was added on 4-29-2015. They were last checked 9-23-2015. "Warrant canary" is a colloquial term for a regularly published statement that a service provider has not received legal process that it would be prohibited from saying it had received, such as a national security letter. They may have received a "national security letter" or legal process and went offline like Lavabit.  Just sayin' . I hope that's not the case and that they come back, and "re-certify" on Canary Watch. <p>https://www.canarywatch.org

Exactly what i think about the situation!

The site is now even unfindable using google... No replies, no contact. I assume it's over.

well, google is not the only one.
if you use some other search engines, you will find ruggedinbox.com and some subsites on the top of the results:

duckduckgo
ixquick
swisscows
bing
yahoo
and others...

but of course, ruggedinbox is currently down.

Message to ruggedinbox admins:

You guys had a great service, dont know what happened to you.  Im interested in helping you guys get back up.   Get in touch.

Hi all and sorry for the long downtime, nothing wrong with the security and privacy/integrity of the service but reason was our disorganization and quite unlucky timing: busy with daily jobs, problems with connectivity, problems with blockchain.info wallet.
The VPS went to 'inactive' mode and we now made few payments to restore the services (RIB, cloud and tor exit node, we'll refund the last one asap).
Also, VPS storage is probably full and we need to enable the script to remove old and unused accounts.
Also, there is a silly easter-egg cronjob on the VPS ... it will probably change the RIB logo on the home page once the data center process the payments and press 'play' on the VPS ...
we'll restore the image and update the canary asap.

Sorry for the inconvenience, anyway we are back and hope to regain trust with better uptime and support (and another project and few ideas).

Service should be back in around 24 hours.

Ok luckily enough the VPS was unpaused in no time and we were able to restore the service and give a first run of the script which deletes accounts with no pop/imap/webmail activity in 1 year.
(Also updated the canary and the OS)

We hoped to get more free storage from the script, upgrade needed asap ..

Working again, thanks.
Keep up guys!

Very cool email service! I'm already using it ;)
Keep up the good work!

So it was down for a week.  Then, when it came back up, things seemed to work fine -- until I tried to reconfigure my Thunderbird POP settings, and suddenly got a warning about the security certificate pointing to a site that wasn't "ruggedinbox".

Not seeing the certificate issue mentioned here in the days since, I've begun to wonder whether it's something flying under the radar, maybe slipping past those who continued "business as usual" under their previous settings.  So, in the interim, I opted to use the webmail interface.

Unfortunately, since yesterday, the website appears to be down again, at least for me.

Hi no we didn't touch anything on the configuration except usual OS updates, our mail clients are working ok (no ssl alerts)
and there is no other feedback about this (until now).
But yes the http service was down/slow because once restored the service we also restored the Tor HS onions
and it looks like the DDOS attack resumed.

At least this time we found a number of hits on the access.log file like this:
"GET /?PAY-2BTC-TO-1Efc4djSCfqobjXXXXXXXXXXXXXX-FOR-THE-PATCH HTTP/1.1" 200
but can't say if its directly related to the long going problems on TOR HS :|

So HS services stopped again and this sucks.

About your certs problem, were you using Tor ? Could it be the 'usual' bad exit node (MITM) SSL hijacking problem ?

Great service! Do you guys have an API that I can utilize to maybe make a newsletter program, or something?

I'm still getting a warning when using the Thunderbird account setup wizard and selecting the POP3 option.  Yesterday, the certificate details listed some non-ruggedinbox URL, and now it lists "mail.ruggedinbox.com" but still claims it's invalid.

I've manually typed everything I saw, so there may be mistakes...

Thunderbird 38.5.1 over non-Tor connection...

Selected "Add Mail Account...".

Entered name, e-mail address (...@ruggedinbox.com), and password; kept "Remember password" checked; pressed "Continue" button.

Observed messages of "Looking up configuration: Trying common server names", etc.

Switched radio button from "IMAP" to "POP3"; pressed "Done".

Observed "Checking password" message, then window stating the following:
   You are about to override how Thunderbird identifies this site.
   Legitimate banks, stores, and other public sites will not as you to do this.
   Server: Location: pop.ruggedinbox.com:110 [Get Certificate]
   Certificate Status: This site attempts to identify itself with invalid information.  [View]
   Wrong Site: The certificate belongs to a different site, which could mean that someone is trying to impersonate this site.
   [ x ] Permanently store this exception
   [Confirm Security Exception] [Cancel]

Here's where I'm getting really confused.  When I click "View", it brings up a window with "General" and "Details" tabs -- sometimes showing one set of credential, sometimes another.

Result #1:

This certificate has been verified for the following uses:
SSL Client Certificate
SSL Server Certificate

Issued To
Common Name (CN): mail.ruggedinbox.com
Organization (O): (I inadvertently overlooked this entry.)
Organizational Unit (OU): Domain Control Validated
Serial Number: 0B:A6:AB:22:5D:CD:AF:C4:6C:9F:92:19:85:16:57:53

Issued By
Common Name (CN): COMODO RSA Domain Validation Secure Server CA
Organization (O): COMODO CA Limited
Organizational Unit (OU): <Not Part Of Certificate>

Period of Validity
Begins On: 03/04/2015
Expires On: 03/04/2016

Fingerprints
SHA-256 Fingerprint: A0:59:AF:7B:A5:69:23:C2:93:23:7D:86:CC:30:E6:14:4B:9B:77:41:92:5E:E1:10:9A:0F:C7:B8:49:B9:EE:2D
SHA1 Fingerprint: FD:18:DE:8F:55:A1:01:4E:E8:A9:DF:8E:95:4E:92:BB:2F:75:FC:67

Result #2:

This certificate has been verified for the following uses:
SSL Client Certificate
SSL Server Certificate

Issued To
Common Name (CN): us2.pop.mailhostbox.com
Organization (O): <Not Part Of Certificate>
Organizational Unit (OU): Domain Control Validated
Serial Number: 1C:30:0E:C7:E6:FC:1D:49:D8:86:01:A3:24:1E:A7:75

Issued By
Common Name (CN): COMODO RSA Domain Validation Secure Server CA
Organization (O): COMODO CA Limited
Organizational Unit (OU): <Not Part Of Certificate>

Period of Validity
Begins On: 09/15/2015
Expires On: 05/15/2016

Fingerprints
SHA-256 Fingerprint: CD:DA:B0:66:00:1F:4E:E7:67:EC:39:AE:FB:FF:9C:FB:FC:D3:7B:F3:DC:5C:BE:82:10:01:87:12:9F:82:C1:7B
SHA1 Fingerprint: 17:C3:65:17:2F:F7:D9:1E:C2:BA:F2:7D:C1:6E:C7:C6:92:5C:38:E0

Ruggedinbox is back up and running  ;D

Yet, even though the webmail works, I'm still getting the "us2.pop.mailhostbox.com" certificate confusion/scam/MitM/whatever issue when using Thunderbird's account wizard.  Has no one else encountered this problem?

Confirmed, HTTP SSL cert is valid but POP/IMAP/SMTP SSL cert is expired, fixing asap, thank you

I like this email service.  But it is down again.
I cannot connect to RI website.
On the 3/4/2016 I received a cert issue popup.  It said it had expired on 3/3/2016.  I cannot send using pop.

Any idea how long before this is resolved.  This is my only email service.
It is not the end of the world for me.  So, I am not jumping up and down in a frantic.  (...yet)  :)  But, I sure would like to send and receive email. 

About 6 or 7 years ago, I worked as an IT Tech in a university.  The exchange server was low on disk space, and we had seen this coming in advance.  So, we were just about to migrate all of the mailboxes to the new virtual drive.  But, something happened and all the diskspace was used up before we could do it and the exchange server crashed.  All of the instructors and department heads who loved us, all of a sudden turned on us.  And we were threatened with being fired.  I worked 20 hour days for almost a week.  It was in the midst of the summer heat, and the A/C went out in the tech office.  I was sweating my *** off.  And when it went back up, everyone apologized and everything was good again.  But I never forgot how my friends turned into enemies so fast. 

I hope everyone keeps that in mind as this issue gets resolved.  Peace.

Thanks.

Using it a long time :)
Great Work! Keep it up guys!

 

Side is working very slow again. Seems to be a returning problem.  :'(

Great project. :)

It currently takes roughly a minute to bring up any page on the site, so perhaps what I assumed was a downed service may not have been.  That a Tor-friendly "mom and pop" e-mail service is probably under attack really shouldn't surprise me -- government has the motive and the resources, and doesn't play fair -- but I still find it disheartening.  I wish that I were in a position to contribute to Rugged Inbox; but for the time being, all I can do is offer my moral support.  Just know that we're rootin' for ya!  :)

Hi guys, sorry to inform you that we are unable to continue to run the service, mainly because of too much work on our daily jobs.
Please backup your emails asap, the VPS will be wiped within 2 days.
The web service is currently under DDOS, but imap works ok (you can use icedove/thunderbird + torbirdy).
For refunds of donations refer to ruggedinbox@safe-mail.net

Thanks for all your feedback and support,
RuggedInbox team

Oh, I'm sorry about that, i liked your service.

I'll try to backup using thunderbird.

So long.

Is anyone else thinking, "They got to him..."?  :-\

I just notice today that you are not available anymore. 2 days is a very short time to backup everything eventhough to get to know that you are permanently down. Is that a chance to get my emails or you already wiped everything down?..
Is that a chance that you will change your mind and ruggedbox.org gonna be recovered soon?..
So many services there I jused accounts from you guys and for now it is very big pain in the a** to change everything for new addresses. Crossing my fingers for you guys hope that you will be back soon. You did amazing job and actually I am ready if you make your service payable...

Theyr last message doesn't sound like they would come back.
But thanks for the nice service you offered! :)

Hi everyone,

First, don't get over-excited about the title of my post -- that's pure conjecture at the moment, and even if it could come true, it would come with a load of caveats.

I'm the main developer of SquirrelMail and have quite a number of years of mail server experience (I make my living as a consultant for people running such systems).  I'm also a big security and privacy advocate, and am no stranger to pretty much any topic around these parts.  In fact, I helped the RuggedInbox admins when they were considering adding GPG to their webmail interface, and I've run mail over Tor since the early days of Tormail.

I have recently started working on a privacy-oriented email system that we had planned to take public later this year, but I randomly came upon the fact that RuggedInbox seems to have shut down for good and thought maybe we could help...

It is conceivable that if the RuggedInbox admins wanted to hand over the password hashes for their users, we could resurrect all accounts.  In fact, I suppose if they want to hand over the domain, or just redirect their MX, we could keep your mail flowing.  I suppose we could take all the email data, too, but that could be a bit much.

Mind you, I've not spoken with the admins, and moreover, I'm VERY MUCH NOT looking to get into the same boat that they've been in (props to them for sticking it out so long).  I've seen systems attacked by DDOS, I've seen CAPTCHAs demolished, and I've watched spammers send out their filth, triggering widespread blacklistings and it's no fun.

I am a strong believer that people should be able to find a free email account that they can use without their home IP address being exposed to recipients.  I don't think you should have to give your mobile number to get a simple email account.  Yet, even just these two things are VERY hard to come by, at least in one place.  However, the reason for this is as much practical as it is tin-foil-hat:  spammers & scammers ruin it for the rest of us.  It's one thing to make a strong stance as a privacy advocate, but when people abuse your service to the point that no one else will accept your email, it becomes pointless.  So, sadly, you end up with these choices that coincide with anti-privacy interests:  take something from your users that links them to their real world identity.

Our planned approach to this has been something of a hybrid: we'd be offering free accounts, but they'd come with fairly restrictive policies.  You'd have to pay to get more features and less restrictions.  Best part is that Bitcoin payments would be welcome, allowing for users to retain their privacy during signup.

Yet, there's still the DDOS problems and the consistent stream of anonymous attacks coming via Tor, but I digress.

Our service is currently operational, but it's far from feature-complete.  There are some key differences, both positive (offers automatic encryption of all incoming email, other important privacy-oriented features) and negative (I'm not coming at this as an anonymous party).  There's lots more to be said, but let me not digress any further.

I'm putting this out to both the community and the admins of RuggedInbox to see what interest there is...  and again, mind you, our launch was not intended to come nearly this soon, so there would probably be plenty of migration headaches if we were to attempt such.

Let me know what you think,
Paul

Thank you very much for your answer Paul. I think it is a first message after Ruggedinbox said that they want to give up.
Anyway if there is a chance at least save the domain name and all mailboxes that would be great. Ruggedinbox have been unique service exactly what many people were looking for:
very simple, full of privacy, with a little space and not commercial. So I am ready to pay for the service like that because I have been sure that it is something that guys full of enthusiasm and brave enough to make real privacy service for real people...
Hope that ruggedinbox gonna get back soon. And again I am ready to pay for the service like that.

There are several service like ruggedinbox was.

https://www.reddit.com/r/emailprivacy/comments/3gf2ta/email_providers_with_onion_tor_hidden_service/

Any alternatives?