Our bot pattern identification is learning rapidly, so you should be seeing a reduction in spam bot generated spam. In addition we've improved the blocking for both incoming aliases and blocked from addresses, domains, or top level domains. Blocking is now instant and still occurs during the SMTP handshake, rejecting as User Unknown so the sender thinks your address no longer exists even though it does for others.

Did you know:

Did you know that we have always supported automatically expiring aliases on any catch-all domain? If you enter an alias in the format of YYYYMMDD@any one of your choosen catch-all domains, that alias will accept mail up until that date (not including it, so last day mail is accepted is day before this date) and then it will forever reject as User Unknown. Just another one of the semi-hidden features of this service for when you need a temporary address just for a specific amount of time.

We have been offering this feature for 25 years and carried it over to CodaMail. We still see rejections for dates like 20010322 to this day.

We have developed a filter that is 100% accurate in stopping all spam. We believe that we are the first to accomplish this. It is always the most difficult problems that end up with the simplest answers. It turns out that it could be done with a single line of code:

if (recipient) {smfi_setreply(ctx, "550", "5.5.0", "User Unknown.");

This technological breakthrough has resulted in a drastic reduction in load on the server...it's basically idling. As a result, you should notice improvement in speeds and find your inbox much easier to manage. Happy April.

We have made improvements to the catchall management rejections during smtp handshake as User Unknown and also with the blocking, specifically top level domain (that skull and crossbones icon is powerful with it's drop list options for blocking. It will cause a rejection during the SMTP handshake as User Unknown). These features give you server level control of your incoming mail.

We have not run our account expirations since December due to our mail migration. We didn't want expirations to confuse anything. Now that Cotse is settled into CodaMail they will begin again. Please take note of the Account Information section and check your expiration date. If it's a date in the past then your account will be disabled when we run expires. To renew, simply click the Make a Payment button in Account Information or go to our renewal link.

Migrated Cotse subscribers: Just a reminder - Change your password. We are not forcing password changes, but changing your password will upgrade the hash to yescrypt (more secure). Please make sure that you have set up Password Recovery first. In fact, you can kill two birds with one stone by setting up Password Recovery, then testing it and changing your password.

We received reports that some had difficulty logging into the codamail webmail interface. This was due to a change in the 2fa and has been resolved.

Full Details:

We utilize a widely used open source solution for the TOTP two factor authentication. Late yesterday/early today, during a regular red team code review, we discovered a number of previously unknown vulnerabilities in it that would allow an attacker to gain information and effectively bypass it. We patched it first and then properly notified the package maintainers. Our initial patch had an issue with accounts that did not have 2fa enabled (a testing faux pas as we all have 2fa enabled). We have resolved this and and have notified the package maintainer of this fix. It has been merged into the 2fa package so other services using it will now be able to update and secure their 2fa as well.

Full Vulnerability Report

We have expanded our Frequently Asked Qestions. It is also linked under Support. We will be continuing to expand this.

Now that Cotse has settled into CodaMail, we have switched to one Notices page for both.

We have updated our privacy policy, the specifics have not changed, further technical transparency has been added.

The latest targeted (or AI assisted) phishing attempts are trying to claim that their formatted emails are not email but system messages. We doubt anyone fell for that, especially when SpamAssassin caught it, but anytime is a good time to keep reminding everyone that we (and our systems) only send plain text email and we always tell you to manually enter urls as well as to verify with Notices and helpdesk. Anything different is always a phish.

We have done it this way from our very beginning (two and a half decades ago), seeing then what would be possible if we didn't. We didn't see it being AI back then, but we did see what we used to call "social engineering" becoming an issue with email as formatted email became dominant.

Reminder: Do not forget to go to Settings->Password Recovery and set this up if you want the ability to get back into your account should your forget your password. This is the only way for you to recover access to your account.

Cotse subscribers who are now strictly using the CodaMail web interface should visit Settings->Account Information and shut off access to the legacy webmail.

For information on our Sieve filtering and other options, please see our support page.

New blog post - Why CodaMail Doesn't Offer A Mobile App

Please be careful with the new capabilities, especially the new Block feature in CodaMail. It makes it very easy to instantly block mail at the connection level for email addresses, domains, and (the one to be most careful with) top level domains. This means you can block all .com addresses by having just com as a block and then wonder why example.com email is not showing up. With great control comes great responsibility and we give you the most control of your email available.

Please note: You cannot send to gmail with a gmail from address unless you use gmail SMTP servers. You will get the error "Your email has been blocked because the sender is unauthenticated." This is because gmail, through spf and dmarc, requires that mail with their from address must come from their SMTP servers or it gets rejected. This is the function of the spf and dmarc records and it's not only Google that does this, most services now do. This is why in CodaMail, Identities can have their own SMTP server.

You can renew your account through Settings-Account Information.

Did you know:

Did you notice that circle picture in the email when you read it? Did you know that is a unique cryptographic hash for that sender?

Cotse.Net is now CodaMail. All subscribers have been migrated from Cotse into CodaMail. Cotse subscribers who want additional information should see notices on cotse.net.

We will be migrating all Cotse.Net subscribers onto the CodaMail servers tomorrow evening EST (Sun Mar 9). During this time mail will be unavailable for between 3-5 hours.

We have begun offering our Cotse.Net services via the CodaMail subscribe form. However, e-mail will be the only thing available under the codamail.com domain. All proxies, vpn, web hosting, will only be available under the cotse.net domain. We will remain in dual domain setup to isolate e-mail from the proxies. You will receive access instructions upon signup.

Our privacy policy has been updated, no material changes, just additional information added regarding messages being individually encrypted prior to storage.

We updated the Support page for instructions on using the Automatic PGP Encrption and our Masked Aliases.

We have resolved an issue with the PGP Auto-Encrypt when a message does not have any To, CC, or BCC headers.

We have updated our privacy policy to be much more comprehensive.

We are in the final stages of preparation to migrate Cotse.Net into CodaMail. Cotse will run with CodaMail and be available by it's own domain name. It will bring with it Web Hosting, SSH Tunneling, Socks Proxy, and VPN servers all under the Cotse.Net domain. Cotse will expand upon CodaMail's offerings with the addition of more storage, more services, more advanced features, and the ability use the legacy html based webmail or the CodaMail webmail, where cotse subscribers will see additional features and settings. We are targeting the completion of the migration within the next 2 - 3 weeks, depending upon the completion of the beta stage.

Auto-PGP Encryption has been upgraded. There were some cases with address specific auto-encryption where some incoming messages that should have been auto-PGP encrypted were not, mainly if the alias was a BCC. This did not affect those who auto-pgp encrypt all mail, only those who selectively auto-encrypt aliases. It has been resolved and some other housekeeping type code cleanup was completed.

We have completed the third phase of migrating Cotse.Net into this service as the premiere tier, We expect this to be completed end of Jan, early Feb.

We have updated our policies. The meat of them has not changed, they have been edited to be more concise.

Added easy forward all mail option to enable adding the service to your existing email, if desired.

We now offer 30+ domains to choose from for our masked aliases. You choose the alias, you choose the domain, you also get *@alias.domain.com as a catch all with your masked alias.

We have been working on getting the 26 domains that cotse has ready for use with codamail too. After an initial glitch due to the increased load, they are now in testing. If all goes well they should be available for use as masked aliases domains by the end of the month.

CodaMail will be unavailable for routine maintenance for around 1/2 to 45 minutes this evening around 9 pm EST

Updated webmail framework

Removed the requirement to manually set SMTP servers for created Identities, it now falls back to default SMTP server unless you set a custom server for the identity.

Added some requested interface tweaks, including the block button in message view which provides a choice of ways to block by from address, subdomain, domain, and top level domain with the click of a button. All mail sent directly to codamail (including hosted domains) that matches a blocked entry will be rejected during the SMTP handshake as User Unknown. If mail is fetched from another service and matches an entry in your block list it will be delivered to the trash.

Upgraded many of our features, see Settings.

Added abilty to create custom catch-all masked aliases.

Added masked aliases across all domains we offer. These are root level aliases that you get to pick.

Added the ability to enter CIDR addresses to imap or pop enable so that you can restrict access to imap or pop to specific IPs or subnets.