diff --git a/active_bots/mailbot.py b/active_bots/mailbot.py
index dc03bb3..40285ed 100644
--- a/active_bots/mailbot.py
+++ b/active_bots/mailbot.py
@@ -18,7 +18,7 @@ class Mailbot(Bot):
     # returns a list of Report objects
     def crawl(self, user):
         reports = []
-        mails = mailbox.mbox('/var/mail/test')  # todo: adjust to actual mailbox file
+        mails = mailbox.mbox('/var/mail/test')  # todo: adjust to actual mailbox
         for msg in mails:
             if get_date_from_header(msg['Date']) > user.get_seen_mail():
                 reports.append(make_report(msg, user))
@@ -27,12 +27,13 @@ class Mailbot(Bot):
     # post/boost Report object
     def post(self, user, report):
         recipients = user.get_mailinglist()
+        print(recipients)  # debug
         for rec in recipients:
             rec = rec[0]
             unsubscribe_text = "\n_______\nYou don't want to receive those messages? Unsubscribe with this link: "
             body = report.text + unsubscribe_text + config['web']['host'] + "/city/mail/unsubscribe/" \
                    + db.mail_subscription_token(rec, user.get_city())
-            print(body)
+            print(body)  # debug
             if report.author != rec:
                 try:
                     sendmail.sendmail(rec, "Ticketfrei " + user.get_city() +
diff --git a/db.py b/db.py
index 17ade92..d8f1e53 100644
--- a/db.py
+++ b/db.py
@@ -14,7 +14,7 @@ class DB(object):
         self.conn = sqlite3.connect(dbfile)
         self.cur = self.conn.cursor()
         self.create()
-        self.secret = urandom(32)
+        self.secret = self.get_secret()
 
     def execute(self, *args, **kwargs):
         return self.cur.execute(*args, **kwargs)
@@ -138,8 +138,30 @@ class DB(object):
                 FOREIGN KEY(user_id) REFERENCES user(id),
                 UNIQUE(user_id, city) ON CONFLICT IGNORE 
             );
+            CREATE TABLE IF NOT EXISTS secret (
+                id          INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT UNIQUE,
+                secret      BLOB
+            );
         ''')
 
+    def get_secret(self):
+        """
+        At __init__(), the db needs a secret. It tries to fetch it from the db,
+        and if it fails, it generates a new one.
+
+        :return:
+        """
+        # select only the newest secret. should be only one row anyway.
+        self.execute("SELECT secret FROM secret ORDER BY id DESC LIMIT 1")
+        try:
+            return self.cur.fetchone()[0]
+        except TypeError:
+            new_secret = urandom(32)
+            self.execute("INSERT INTO secret (secret) VALUES (?);",
+                         (new_secret, ))
+            self.commit()
+            return new_secret
+
     def user_token(self, email, password):
         """
         This function is called by the register confirmation process. It wants
@@ -169,15 +191,9 @@ class DB(object):
             'email': email,
             'city': city
         }, self.secret).decode('ascii')
-        print("mail_subscription_token")
-        print(token)
-        print(self.secret)
         return token
 
     def confirm_subscription(self, token):
-        print("confirm_subscription")
-        print(token)
-        print(self.secret)
         json = jwt.decode(token, self.secret)
         return json['email'], json['city']