CodaMail
Apr 20
After running the expires to disable accounts that expired but had not renewed we found out just how transparent our migration was for most, it wasn't even noticed. Beyond this being the goal of any migration, never mind one as big as this one was, it brought up common questions.

To answer the main questions we are seeing, Cotse was NOT sold to CodaMail, CodaMail is Cotse, rebranded and updated. We are still the same company, all we did was rebrand our webmail when we upgraded our entire email infrastructure in stages over the last year and a half.

We have owned the CodaMail domain since 2009. CodaMail officially went into live testing about two years ago. It was run as a separate service during the testing period with notices to existing subscribers to contact helpdesk if they wished to be part of the test.

Cotse was migrated in stages, the final stage was moving all Cotse subscribers over to the new infrastructure, which included an entirely different mailbox format (Cotse was using mbox format, which is horrible for scaling). This was completed Mar 9th. Everything was announced in Notices and email.

For the curious, an mbox mailbox is one large text file with all the mail messages concatenatated. Without getting into the details of a deleted message from the middle, simply having the server have to open to read, write, and modify thousands of multi-gig text files every second got taxing fast.

So we threw hardware at it as a short term solution, knowing we had to change but that it was a very large project. Long story short, this was that project, it was long, and I guess we accomplished it so smoothly that most didn't notice.

Each mail is now AES-GCM-256 encrypted and stored to disk as individually encrypted files (your mail was transferred to this, without affecting indexing or flags). You can also now add automatic PGP/GPG encryption on top of this.

As a result, there are now larger quotas, and you should see substantially improved speeds and stability, with far less mailbox corruption/locking issues for couples using the same account at the same time, and no sync issues.

This migration also includes the addition of nearly every single request Cotse has received for improved services (We are still working on CardDAV and CalDav). We even rewrote our old webmail so it will run on the new service along side the new webmail for those who like the old one better, as well as migrated old cotse filters and incorporated them in with the new Sieve filters.

To the second question we are getting:

You did not lose anything, you just got a lot more new features for the same price, and yes, all your cotse email addresses will continue to work just as they always have (remember how you didn't even notice we migrated?). We also still offer web hosting, ssh, socks, and VPN with the service (they still operate under the cotse.net domain).
Apr 19
Last notice to check your account expiration prior to us disabling expired accounts. We held off on disabling expired accounts during our migration period so as to not confuse things, we will begin expirations again this evening.
Apr 19 - 2:00 am EST
We are undergoing routine maintenance. Webmail will be back soon, 10-30 min.
Apr 17
We are continuing to update the Support page with details on most of our unique features from creating identities, to explaining masked alias categorization, to setting up TOTP 2fa, and much more. We are updating it almost daily documenting the new service.
Apr 16
The old mail server at www2.cotse.net will not be around much longer (this is NOT the legacy webmail), so if you have mail on it that didn't transfer during the migration, please migrate it now. When we remove this server we will be wiping it. It's been available for over a month, at two months (approximately May 9) it will be retired for privacy and security reasons. Please contact helpdesk if you have any difficulty exporting or fetching any messages.
Apr 16
Apr 15
Would you like mail sent in any language you don't want to be marked as spam?

On your computer or tablet: Settings->Antispam Tools->General Settings.

On your phone: Tap the hamburger menu (three horizontal lines) in the upper left, tap Settings, tap Antispam Tools, tap General Settings.

There you can select the languages you will be getting mail in, all languages "switched off" will be marked as spam.
Apr 14
As things have settled with our mail migration, we are going to be revamping our VPN infrastructure. Unfortunately, this will not be transparent like the mail migration was, this one will involve all new configuration files. This is early notice, so please keep an eye here. It will not take as long as the mail migration, we expect to have it complete by the end of May. It will wrap up our entire system redesign, from web hosting (revamped last year), to our website and e-mail, to our VPNs and proxies.
Apr 13
We adjusted SpamAssassin to better fit our service, there were some instances where it was using default settings instead of user settings due to our unlimited aliases setup. This has been corrected. Please note: SpamAssassin can only be managed from the CodaMail webmail, it cannot be managed from the Legacy Cotse webmail.
Apr 11
Did you know that our built in PDF and ODF viewers also allow you to add text, images, highlight, draw, and even add signatures to these documents?
Apr 10
Did you know that you can turn any email into a calendar entry or a task?

On a desktop or tablet: when reading an email, click the three horizontal dots that say More in the upper right above the email. There you will see Add as Event and Add as Task entries.

On your phone: when reading an email, tap the three vertical dots in the upper right, then tap More in the following menu, and there you will find Add as Event and Add as Task.

Adding as event will bring up the calendar event dialog with the email, there you can add date and time along with the rest of the calendar event settings. Choosing Add as Task will bring it up in your task creation dialog, allowing you to then set all the desired task settings.
Apr 10
Did you ever think you might see letters in the CodaMail elephant? It was created from the letters in CodaMail.
Apr 9
We have added a page explaining the difference between account aliases and masked aliases here and also linked on our support page.
Apr 8 - 9:45 pm EST
We have added information on how our unique anti-spam system functions here. Yesterday we introduced the pdf and odf viewers without much fanfare, but we think you will find them very useful on your phone.
Apr 8 - 12:30 am EST
CodaMail is back, but we will be performing maintenance so it may be unavailable for short periods.
Apr 8 - 12:00 am EST
After a patch, we are having some difficulty with with CodaMail. We are working on it and hope to have it resolved asap. Until then, you can use the Cotse legacy webmail. If you have disabled it, please contact helpdesk.
Apr 7
Added built-in PDF and ODF viewers. Added Remove All Attachments link. Added ability to import and export address books as csv as well as vcard.
Apr 5
We have added a calendar and task list for CodaMail. No CalDAV or CardDAV yet, but we are working on it.

If you haven't seen the link, we have an active blog where we cover privacy issues, in depth.
Apr 4
Cotse subscribers who were migrated: If you are not using pop or imap (ie. using an email app), go to Settings->Enable/Disable POP/IMAP in CodaMail or Options->Enable/Disable POP/IMAP in the legacy webmail and shut it off. Because Cotse didn't have this ability and many use pop or imap, we migrated subscribers with these enabled for the least amount of disruption. New subscribers have it disabled by default.
Apr 3
Our bot pattern identification is learning rapidly, so you should be seeing a reduction in spam bot generated spam. In addition we've improved the blocking for both incoming aliases and blocked from addresses, domains, or top level domains. Blocking is now instant and still occurs during the SMTP handshake, rejecting as User Unknown so the sender thinks your address no longer exists even though it does for others.
Apr 2
Did you know:

Did you know that we have always supported automatically expiring aliases on any catch-all domain? If you enter an alias in the format of YYYYMMDD@any one of your choosen catch-all domains, that alias will accept mail up until that date (not including it, so last day mail is accepted is day before this date) and then it will forever reject as User Unknown. Just another one of the semi-hidden features of this service for when you need a temporary address just for a specific amount of time.

We have been offering this feature for 25 years and carried it over to CodaMail. We still see rejections for dates like 20010322 to this day.
Apr 1
We have developed a filter that is 100% accurate in stopping all spam. We believe that we are the first to accomplish this. It is always the most difficult problems that end up with the simplest answers. It turns out that it could be done with a single line of code:

if (recipient) {smfi_setreply(ctx, "550", "5.5.0", "User Unknown.");

This technological breakthrough has resulted in a drastic reduction in load on the server...it's basically idling. As a result, you should notice improvement in speeds and find your inbox much easier to manage. Happy April. (that was a geek joke, it would reject all mail as User Unknown)
Mar 31
We have made improvements to the catchall management rejections during smtp handshake as User Unknown and also with the blocking, specifically top level domain (that skull and crossbones icon is powerful with it's drop list options for blocking. It will cause a rejection during the SMTP handshake as User Unknown). These features give you server level control of your incoming mail.
Mar 31
We have not run our account expirations since December due to our mail migration. We didn't want expirations to confuse anything. Now that Cotse is settled into CodaMail they will begin again. Please take note of the Account Information section and check your expiration date. If it's a date in the past then your account will be disabled when we run expires. To renew, simply click the Make a Payment button in Account Information or go to our renewal link.
Mar 29
Migrated Cotse subscribers: Just a reminder - Change your password. We are not forcing password changes, but changing your password will upgrade the hash to yescrypt (more secure). Please make sure that you have set up Password Recovery first. In fact, you can kill two birds with one stone by setting up Password Recovery, then testing it and changing your password.
Mar 28
We received reports that some had difficulty logging into the codamail webmail interface. This was due to a change in the 2fa and has been resolved.

Full Details:

We utilize a widely used open source solution for the TOTP two factor authentication. Late yesterday/early today, during a regular red team code review, we discovered a number of previously unknown vulnerabilities in it that would allow an attacker to gain information and effectively bypass it. We patched it first and then properly notified the package maintainers. Our initial patch had an issue with accounts that did not have 2fa enabled (a testing faux pas as we all have 2fa enabled). We have resolved this and and have notified the package maintainer of this fix. It has been merged into the 2fa package so other services using it will now be able to update and secure their 2fa as well.

Full Vulnerability Report
Mar 28
We have expanded our Frequently Asked Qestions. It is also linked under Support. We will be continuing to expand this.
Mar 25
Now that Cotse has settled into CodaMail, we have switched to one Notices page for both.
Mar 22
We have updated our privacy policy, the specifics have not changed, further technical transparency has been added.
Mar 21
The latest targeted (or AI assisted) phishing attempts are trying to claim that their formatted emails are not email but system messages. We doubt anyone fell for that, especially when SpamAssassin caught it, but anytime is a good time to keep reminding everyone that we (and our systems) only send plain text email and we always tell you to manually enter urls as well as to verify with Notices and helpdesk. Anything different is always a phish.

We have done it this way from our very beginning (two and a half decades ago), seeing then what would be possible if we didn't. We didn't see it being AI back then, but we did see what we used to call "social engineering" becoming an issue with email as formatted email became dominant.
Mar 18
Reminder: Do not forget to go to Settings->Password Recovery and set this up if you want the ability to get back into your account should your forget your password. This is the only way for you to recover access to your account.
Mar 18
Cotse subscribers who are now strictly using the CodaMail web interface should visit Settings->Account Information and shut off access to the legacy webmail.

For information on our Sieve filtering and other options, please see our support page.
Mar 16
New blog post - Why CodaMail Doesn't Offer A Mobile App

Please be careful with the new capabilities, especially the new Block feature in CodaMail. It makes it very easy to instantly block mail at the connection level for email addresses, domains, and (the one to be most careful with) top level domains. This means you can block all .com addresses by having just com as a block and then wonder why example.com email is not showing up. With great control comes great responsibility and we give you the most control of your email available.

Please note: You cannot send to gmail with a gmail from address unless you use gmail SMTP servers. You will get the error "Your email has been blocked because the sender is unauthenticated." This is because gmail, through spf and dmarc, requires that mail with their from address must come from their SMTP servers or it gets rejected. This is the function of the spf and dmarc records and it's not only Google that does this, most services now do. This is why in CodaMail, Identities can have their own SMTP server.
Mar 16
You can renew your account through Settings-Account Information.
Mar 14
Did you know:

Did you notice that circle picture in the email when you read it? Did you know that is a unique cryptographic hash for that sender?
Mar 10
Cotse.Net is now CodaMail. All subscribers have been migrated from Cotse into CodaMail. Cotse subscribers who want additional information should see notices on cotse.net.
Mar 8
We will be migrating all Cotse.Net subscribers onto the CodaMail servers tomorrow evening EST (Sun Mar 9). During this time mail will be unavailable for between 3-5 hours.
Feb 13
We have begun offering our Cotse.Net services via the CodaMail subscribe form. However, e-mail will be the only thing available under the codamail.com domain. All proxies, vpn, web hosting, will only be available under the cotse.net domain. We will remain in dual domain setup to isolate e-mail from the proxies. You will receive access instructions upon signup.
Feb 6
Our privacy policy has been updated, no material changes, just additional information added regarding messages being individually encrypted prior to storage.
Feb 5
We updated the Support page for instructions on using the Automatic PGP Encrption and our Masked Aliases.
Feb 4
We have resolved an issue with the PGP Auto-Encrypt when a message does not have any To, CC, or BCC headers.
Jan 30
We have updated our privacy policy to be much more comprehensive.
Jan 24
We are in the final stages of preparation to migrate Cotse.Net into CodaMail. Cotse will run with CodaMail and be available by it's own domain name. It will bring with it Web Hosting, SSH Tunneling, Socks Proxy, and VPN servers all under the Cotse.Net domain. Cotse will expand upon CodaMail's offerings with the addition of more storage, more services, more advanced features, and the ability use the legacy html based webmail or the CodaMail webmail, where cotse subscribers will see additional features and settings. We are targeting the completion of the migration within the next 2 - 3 weeks, depending upon the completion of the beta stage.
Dec 30
Auto-PGP Encryption has been upgraded. There were some cases with address specific auto-encryption where some incoming messages that should have been auto-PGP encrypted were not, mainly if the alias was a BCC. This did not affect those who auto-pgp encrypt all mail, only those who selectively auto-encrypt aliases. It has been resolved and some other housekeeping type code cleanup was completed.
Dec 30
We have completed the third phase of migrating Cotse.Net into this service as the premiere tier, We expect this to be completed end of Jan, early Feb.
Jul 3
We have updated our policies. The meat of them has not changed, they have been edited to be more concise.
Jun 28
Added easy forward all mail option to enable adding the service to your existing email, if desired.
Jun 24
We now offer 30+ domains to choose from for our masked aliases. You choose the alias, you choose the domain, you also get *@alias.domain.com as a catch all with your masked alias.
Jun 16
We have been working on getting the 26 domains that cotse has ready for use with codamail too. After an initial glitch due to the increased load, they are now in testing. If all goes well they should be available for use as masked aliases domains by the end of the month.
May 31
CodaMail will be unavailable for routine maintenance for around 1/2 to 45 minutes this evening around 9 pm EST
May 20
Updated webmail framework
May 9
Removed the requirement to manually set SMTP servers for created Identities, it now falls back to default SMTP server unless you set a custom server for the identity.
May 8
Added some requested interface tweaks, including the block button in message view which provides a choice of ways to block by from address, subdomain, domain, and top level domain with the click of a button. All mail sent directly to codamail (including hosted domains) that matches a blocked entry will be rejected during the SMTP handshake as User Unknown. If mail is fetched from another service and matches an entry in your block list it will be delivered to the trash.
Apr 30
Upgraded many of our features, see Settings.
Apr 20
Added abilty to create custom catch-all masked aliases.
Mar 28
Added masked aliases across all domains we offer. These are root level aliases that you get to pick.
Mar 6
Added the ability to enter CIDR addresses to imap or pop enable so that you can restrict access to imap or pop to specific IPs or subnets.
Phishing Alert:
We are a constant target of phishing e-mail. We will never send you formatted e-mail, we only send plain text. We do not send links for you to click. Do not follow links or click things in emails. Manually come to our website and check notices, to make a payment, etc. As always, email helpdesk if you have questions.
Privacy Policy:
Because we are a privacy service, we do not back up your personal e-mail. This means that when you delete it, it is irretrievably gone. It is not floating around in some backup that can be retrieved from us against your will. However, it also means you must download and save your important mail, if you delete it, or we suffer a data failure, we do what we can with recovery tools, but we most likely cannot restore it.
Recommended Best Practices:
For optimum privacy with the service use a pop3s mail app and set it to delete the mail from the server after retrieval. We also recommend that your local mail store be an encrypted volume. Once your mail is removed from the server by your mail app, we no longer have a copy, no mail backups and we are deliberately not with a large cloud service, instead opting to keep everything in-house, for the same reason. This puts you in full control of your mail and its privacy. When you delete it, it can't be retrieved and there is no record of it being there.