diff --git a/template/mailbox-notes.php b/template/mailbox-notes.php
new file mode 100644
index 0000000..a80fd03
--- /dev/null
+++ b/template/mailbox-notes.php
@@ -0,0 +1,51 @@
+<?php
+# Copyright (C) 2018, 2019, 2020 Valerio Bozzolan
+# KISS Libre Hosting Panel
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+/*
+ * This is the template for the mailbox notes input
+ *
+ * Called from:
+ * 	template/mailbox.php
+ *
+ * Available variables:
+ * 	$mailbox object
+ */
+?>
+
+	<h3><?= __( "Notes" ) ?></h3>
+
+	<form method="post">
+
+		<!-- protect against CSRF attacks -->
+		<?php form_action( 'save-mailbox-notes' ) ?>
+
+		<div class="form-group">
+			<textarea name="mailbox_description" class="form-control"><?php
+
+				// check if there is a mailbox description
+				if( $mailbox && $mailbox->getMailboxDescription() ) {
+
+					// print the escaped textarea value
+					echo esc_html( $mailbox->getMailboxDescription() );
+				}
+
+
+			?></textarea>
+		</div>
+
+		<p><button type="submit" class="btn btn-default"><?= __( "Save" ) ?></button></p>
+	</form>
diff --git a/template/mailbox.php b/template/mailbox.php
index f7e638b..e2afea8 100644
--- a/template/mailbox.php
+++ b/template/mailbox.php
@@ -1,80 +1,88 @@
 <?php
 # Copyright (C) 2018, 2019, 2020 Valerio Bozzolan
 # KISS Libre Hosting Panel
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as
 # published by the Free Software Foundation, either version 3 of the
 # License, or (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU Affero General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 
 /*
  * This is the template for a mailbox
  *
  * Called from:
  * 	www/mailbox.php
  *
  * Available variables:
  * 	$mailbox object
  * 	$domain  object
  *      $plan    object
  * 	$mailbox_password string|null
  */
 
 // unuseful when load directly
 defined( 'BOZ_PHP' ) or die;
 ?>
 
 	<!-- start description -->
 	<?php template( 'mailbox-description', [
 		'mailbox' => $mailbox,
 	] ) ?>
 	<!-- end description -->
 
 	<!-- start stats -->
 	<?php if( $mailbox ): ?>
 		<?php template( 'mailbox-stats', [
 			'mailbox' => $mailbox,
 			'plan'    => $plan,
 		] ) ?>
 	<?php endif ?>
 	<!-- end stats -->
 
 	<!-- start documentation -->
 	<?php if( $mailbox ): ?>
 
 		<?php template( 'mailbox-documentation', [
 			'mailbox' => $mailbox,
 		] ) ?>
 
 	<?php endif ?>
 	<!-- end documentation -->
 
+	<!-- notes -->
+	<?php if( $mailbox ): ?>
+		<?php template( 'mailbox-notes', [
+			'mailbox' => $mailbox,
+		] ) ?>
+	<?php endif ?>
+	<!-- /notes -->
+
 	<?php if( $mailbox ): ?>
 		<h3><?= __( "Actions" ) ?></h3>
 		<form method="post">
 			<?php form_action( 'mailbox-password-reset' ) ?>
 			<?php if( $mailbox_password ): ?>
 				<label for="password"><?= __( "Please copy your new password:" ) ?><br />
 				<input type="text" id="password" readonly<?= value( $mailbox_password ) ?> />
 			<?php else: ?>
 				<p><button type="submit" class="btn btn-default"><?= __( "Generate new password" ) ?></button></p>
 			<?php endif ?>
 		</form>
 	<?php else: ?>
 		<form method="post">
 			<?php form_action( 'mailbox-create' ) ?>
 			<p><label for="mailbox-username"><?= __( "Mailbox name:" ) ?></label><br />
 				<input type="text" name="mailbox_username" id="mailbox-username" length="64" /> @ <?= esc_html( $domain->getDomainName() ) ?>
 			</p>
 			<p><button type="submit" class="btn btn-default"><?= __( "Create" ) ?></button></p>
 		</form>
 	<?php endif ?>
 	<!-- /actions -->
diff --git a/www/mailbox.php b/www/mailbox.php
index 82c17fb..4bbbc31 100644
--- a/www/mailbox.php
+++ b/www/mailbox.php
@@ -1,155 +1,164 @@
 <?php
 # Copyright (C) 2018, 2019, 2020 Valerio Bozzolan
 # KISS Libre Hosting Panel
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as
 # published by the Free Software Foundation, either version 3 of the
 # License, or (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU Affero General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 
 /*
  * This is the mailbox edit page
  */
 
 // load framework
 require '../load.php';
 
 // wanted domain and mailbox username
 list( $domain_name, $mailbox_username ) = url_parts( 2, 1 );
 
 // some useful information
 $domain   = null;
 $mailbox  = null;
 $plan     = null;
 $mailbox_password = null;
 
 // check if the page is about a specific Mailbox
 if( $mailbox_username ) {
 
 	// retrieve the mailbox and its domain and its Plan
 	$mailbox = ( new MailboxFullAPI() )
 		->joinPlan( 'LEFT' )
 		->whereDomainName( $domain_name )
 		->whereMailboxUsername( $mailbox_username )
 		->whereMailboxIsEditable()
 		->queryRow();
 
 	// 404?
 	$mailbox or PageNotFound::spawn();
 
 	// the mailbox object has the domain stuff - recycle it
 	$domain = $mailbox;
 
 	// the mailbox object has the Plan stuff - recycle it
 	$plan   = $mailbox;
 } else {
 
 	// retrieve just the domain and its Plan
 	$domain = ( new DomainAPI() )
 		->whereDomainName( $domain_name )
 		->whereDomainIsEditable()
 		->joinPlan( 'LEFT' )
 		->queryRow();
 
 	// 404?
 	$domain or PageNotFound::spawn();
 
 	// the domain object has the Plan stuff - recycle it
 	$plan = $domain;
 }
 
 // does the user want to create a Mailbox?
 if( !$mailbox ) {
 
 	// count the actual number of Domain Mailbox(es)
 	$mailbox_count = (int)
 		( new MailboxAPI() )
 			->select( 'COUNT(*) count' )
 			->whereDomain( $domain )
 			->queryValue( 'count' );
 
 	// check if I can add another Mailbox
 	if( $mailbox_count >= $plan->getPlanMailboxes() && !has_permission( 'edit-email-all' ) ) {
 		BadRequest::spawn( __( "Your Plan does not allow this action" ), 401 );
 	}
 
 }
 
 /*
  * Change the mailbox password
  */
 if( $mailbox && is_action( 'mailbox-password-reset' ) ) {
 	$mailbox_password = $mailbox->updateMailboxPassword();
 }
 
+/**
+ * Eventually save the notes
+ */
+if( $mailbox && is_action( 'save-mailbox-notes' ) ) {
+
+	// read the description
+	$description = $_POST['mailbox_description'] ?? null;
+
+	// save the description
+	( new MailboxAPI() )
+		->whereMailbox( $mailbox )
+		->update( [
+			'mailbox_description' => $description,
+		] );
+
+	// POST -> redirect -> GET
+	http_redirect( $mailbox->getMailboxPermalink() );
+}
+
 /*
  * Create the mailbox
  */
 if( !$mailbox && is_action( 'mailbox-create' ) && isset( $_POST[ 'mailbox_username' ] ) ) {
 
 	// assure that the username is not too long
 	$_POST[ 'mailbox_username' ] = luser_input( $_POST[ 'mailbox_username' ], 64 );
 
 	// check if the mailbox already exist
 	$mailbox_exists = ( new MailboxFullAPI() )
 		->select( 1 )
 		->whereDomainName( $domain_name )
 		->whereMailboxUsername( $_POST[ 'mailbox_username' ] )
 		->queryRow();
 
 	// check if we can create the mailbox
 	if( !$mailbox_exists ) {
 		// assign a damn temporary password
 		$mailbox_password = generate_password();
 		$mailbox_password_safe = Mailbox::encryptPassword( $mailbox_password );
 
+		// really create the mailbox
 		insert_row( 'mailbox', [
 			new DBCol( 'mailbox_username', $_POST[ 'mailbox_username' ], 's' ),
 			new DBCol( 'domain_ID',        $domain->getDomainID(),       'd' ),
 			new DBCol( 'mailbox_password', $mailbox_password_safe,       's' ),
 		] );
 	}
 
-	$mailbox = ( new MailboxFullAPI() )
-		->select( [
-			'domain.domain_ID',
-			'domain_name',
-			'mailbox_username',
-		] )
-		->whereDomainName( $domain_name )
-		->whereStr( 'mailbox_username', $_POST[ 'mailbox_username' ] )
-		->queryRow();
-
-	if( $mailbox ) {
-		http_redirect( $mailbox->getMailboxPermalink( true ) );
-	}
+	// POST -> redirect -> GET
+	http_redirect( $mailbox->getMailboxPermalink( true ) );
 }
 
 // spawn header
 Header::spawn( [
 	'uid' => false,
 	'title-prefix' => __( "Mailbox" ),
 	'title' => $mailbox ? $mailbox->getMailboxAddress() : __( "create" ),
 	'breadcrumb' => [
 		new MenuEntry( null, $domain->getDomainPermalink(), $domain->getDomainName() ),
 	],
 ] );
 
 // spawn the page content
 template( 'mailbox', [
 	'mailbox'          => $mailbox,
 	'mailbox_password' => $mailbox_password,
 	'domain'           => $domain,
 	'plan'             => $plan,
 ] );
 
 // spawn the footer
 Footer::spawn();