Changes to webmail login
Post categories
Founder & CTO
TL;DR: We’re now making all connections to the FastMail web interface immediately redirect to a secure (https) connection.
As part of our commitment to making all connections between users computers and our servers secure and encrypted, we’ve just made some changes to our webmail login page. In most cases, users won’t notice any change because we made Secure Login the default almost a year ago. The new changes will only affect the small number of users that have special login requirements.
The main change we’re making is that where previously we would redirect from an insecure (http) to secure (https) connection during login, or on returning to FastMail on a computer you’d logged in via before, we will now redirect to the secure login screen immediately when you connect to FastMail. That is, as soon as you go to http://www.fastmail.fm (insecure) or http://www.sent.com (insecure), we’ll always redirect to https://www.fastmail.fm (secure).
Going to other https:// domains that aren’t supported (e.g. https://www.sent.com, a secure connection, but will report a
certificate error) will redirect to https://www.fastmail.fm as well.
This will also be the case for businesses and families that use their own domain for logging in (e.g. http://mail.digitalintegrity.com), they’ll also be redirected to https://www.fastmail.fm, but we will continue to correctly show the family/business login screen.
There are a couple of additional exceptions to this.
The mobile UI domains that start with the http://m. prefix like http://m.fastmail.fm (insecure) and http://m.sent.com (insecure)
will redirect to https://m.fastmail.fm (secure). This will always show the mobile login screen and mobile interface when you login.
The special “sticky ssl” domains that start with the https://ssl. prefix like https://ssl.fastmail.fm (secure) and https://ssl.sent.com (secure, but certificate warning) will “stick” to
that domain. This may be useful as a work around for some proxies that block hostnames with the word “mail” in them.
If for some reason you need to use an insecure login (which we highly recommend you do not do), you will explicitly need to go to the URL http://insecure.fastmail.fm. If you use this to login, data sent between your computer and our server will travel unencrypted over the Internet. This service is only provided for dire circumstances, is highly discouraged, and may be removed in the future.
For the curious, here’s a list of all the transitions that should happen. The “(W)” means you’ll see a certificate warning about mismatched hostnames.
https://www.fastmail.fm -> stays at https://www.fastmail.fm
http://fastmail.fm -> https://www.fastmail.fm
http://sent.com -> https://www.fastmail.fm/?domain=sent.com
http://www.fastmail.fm -> https://www.fastmail.fm
http://www.sent.com -> https://www.fastmail.fm/?domain=sent.com
https://fastmail.fm -> https://www.fastmail.fm
https://sent.com (W) -> https://www.fastmail.fm/?domain=sent.com
http://mail.digitalintegrity.com -> https://www.fastmail.fm/?domain=digitalintegrity.com
https://mail.digitalintegrity.com (W) -> https://www.fastmail.fm/?domain=digitalintegrity.com
http://m.fastmail.fm -> https://m.fastmail.fm
http://m.sent.com -> https://m.fastmail.fm/?domain=sent.com
https://m.fastmail.fm -> stays at https://m.fastmail.fm
https://m.sent.com (W) -> https://m.fastmail.fm/?domain=sent.com
http://ssl.fastmail.fm -> https://ssl.fastmail.fm
http://ssl.sent.com -> https://ssl.sent.com/ (W)
https://ssl.fastmail.fm -> stays at https://ssl.fastmail.fm
https://ssl.sent.com (W) -> stays at https://ssl.sent.com/ (W)
http://insecure.fastmail.fm -> stays at http://insecure.fastmail.fm
http://insecure.sent.com -> stays at http://insecure.sent.com