Service Notices

Important updates, security alerts, and operational announcements for CodaMail users

Current Service Updates

Oct 27
WebDAV/CalDAV/CardDAV Update:

I don't speak tech:

You can sync your calendars and contacts with all of your favorite devices like your phone, tablet, watch, or favorite email app. You can also share with your family, friends, business contacts, or groups, all privately.

I want the tech:

Our proprietary WebDAV server, built from the ground up for privacy, now supports:

RFC 3253 — WebDAV Versioning (expand-property REPORT, protected properties)
RFC 3744 — WebDAV ACL (Access control, privileges, owner, acl properties)
RFC 4791 — CalDAV (Calendar properties, REPORT, calendar-query, free-busy)
RFC 4918 — WebDAV (Core properties, PROPFIND, PROPPATCH, collections, COPY, MOVE, Class 1/2/3 compliance)
RFC 5397 — WebDAV Current Principal (current-user-principal discovery)
RFC 5545 — iCalendar (ICS/VCS format for events/tasks)
RFC 5689 — Extended MKCOL for WebDAV (creating collections with properties in single request)
RFC 5842 — WebDAV Bindings (resource-id for unique resource identification)
RFC 6352 — CardDAV (Addressbook properties, vCard handling)
RFC 6578 — WebDAV Sync (sync-token, sync-collection REPORT with allprop compatibility)
RFC 6638 — CalDAV Scheduling (calendar-user-address-set, schedule-inbox-URL, schedule-outbox-URL)
RFC 7617 — HTTP Basic Authentication (proper realm and credential caching)
RFC 7809 — CalDAV Time Zones by Reference (calendar-timezone property with UTC default)
RFC 8144 — Use of the Prefer Header Field in WebDAV (return-minimal for PROPPATCH optimization)
RFC 9110 — HTTP Semantics (ETag, If-None-Match, 304 Not Modified, conditional requests)
CalendarServer Extensions (calendar-proxy, notification-URL, dropbox-home-set, email-address-set, getctag)
Apple Extensions (calendar-color, calendar-order, calendar-enabled, calendar-transparency with PROPPATCH support)

The above properties which would normally contain identifying information are returned with privatized data. Randomized principals properly map. ACLs also properly map to our own unique method level dynamic permissions.

This ensures out-of-the-box compatibility with clients such as Apple Calendar, iOS, macOS Contacts, Thunderbird, DAVx5 with Android, Outlook with DAV plugins, and others, all without requiring protocol extensions or proprietary modifications.
Oct 22
We have updated the troubleshooting section for setting up DAV clients (ie. syncing your phone or other device calendar to the webmail calendar, contacts, and tasklist/todo). You can find this at the bottom of https://codamail.com/dav-setup.html. Specifically, things to check if it doesn't sync or only syncs one way.
Oct 22
We have updated our whitepaper on our unique privacy protecting CalDAV/CardDAV/WebDAV server with method level dynamic permissions. You can read it here: https://codamail.com/render.php?file=dav_reimagined.md.
Oct 22
We have released another round of updates for CalDAV and CardDAV. These updates add additional optional properties for some client specific functionality for better compatability.
Oct 15
We have released an updated version of our privacy protecting DAV (CalDAV/CardDAV) server. This version resolves some settings interface propagation issues when editing token permissions, specifically within the address book settings. It also added some changes to response headers for better compatibility with GNOME.

We also made some changes to our rate limiting that was specifically affecting macOS with large address books.
Oct 12
We have disabled access to accounts that expired in Sept and were not renewed. If your account was one and you would like to renew it, you can do so here: https://codamail.com/renew.html
Oct 10
We resolved an issue with exporting private pgp keys today that was caused by a routine system update, so if you had difficulty exporting a private key (and possibly other pgp key management, though we are only aware of the private key export) this was why.
Oct 7
Just a reminder for those just checking notices, we completely rebuilt our VPN network in July. If you have not downloaded new configs since and cannot connect to a VPN, this is why. You will need to download the new configuration files from our Support section.

We also retired our Denver site this week and in doing so moved our Denver VPN and Socks5 servers to Chicago.

Please note: Our support section is well fleshed out, please take a moment (if you have not already done so) and check out https://codamail.com/support.html. You just might find that the service is capable of a lot more than you are aware.

Important Information

Phishing Alert:
We are a constant target of phishing e-mail. We will never send you formatted e-mail, we only send plain text. We do not send links for you to click. Do not follow links or click things in emails. Manually come to our website and check notices, to make a payment, etc. As always, email helpdesk if you have questions.
Backups:
Because we are a privacy service, we do not back up your personal e-mail (though we do maintain a delayed 24 hr warm mirror to cover in case of a failure). This means that when you delete it, it is irretrievably gone. It is not floating around in some backup that can be retrieved from us against your will. However, it also means you must download and save your important mail, if you delete it, or we suffer a data failures to both the main spool and warm mirror, You could lose wanted mail. We give you many ways to backup and export your mail.
Recommended Best Practices:
For optimum privacy with the service use automatic pgp encryption and a pop3s mail app and set it to delete the mail from the server after retrieval. We also recommend that your local mail store be an encrypted volume. Once your mail is removed from the server by your mail app, we no longer have a copy, no mail backups and we are deliberately not with a large cloud service, instead opting to keep everything in-house, for the same reason. This puts you in full control of your mail and its privacy. When you delete it, it can't be retrieved and there is no record of it being there.