Two-Factor logins require users to

1. Enter their username and password properly (the 1st factor)
2. Authenticate a second way (e.g. by entering a code delivered to their mobile phones).

Case in point — you have an important web-based form and a visitor has spent 30 minutes filling it out.  The visitor presses the “submit form” button and the form post fails (because the visitor has lost Internet connectivity or for any number of other reasons).  The visitor gets some error screen, gets very annoyed, and quits.  Form post lost, data lost, customer feedback, potential sale … lost.

This situation can be prevented and these important form posts saved by using some JavaScript (AJAX) techniques in your web form page.

Read the rest of this post »

Any person or organization who accepts credit card payments online (or offline) is required to abide by PCI security standards.  It doesn’t matter if you accept only one payment a year … or millions.  Everyone who accepts, stores, or processes credit card information is required to be secure … no one is “too small”.  Also, all “deadlines” for compliance are far past — everyone has to be secure now.

PCI (Payment Card Industry) security standards are a collection of very rigorous best practices for securing the flow of, storage of, and access to sensitive credit card information.  In particular, this applies to: the credit card numbers, expiration dates,  CCV validation codes (and other information in the magnetic stripe).

Read the rest of this post »

Transactional bulk email messages are those that have mostly similar content and which go out to recipients as needed.  These may be to the same set of recipients over and over, or to new recipients every time.  What makes them “bulk” is that the number of messages sent can be quite large … much larger than you could hope to send through a normal business email account.

Examples of transactional bulk email messages include:

• Payment receipts
• Password reminder emails
• Auto-responders
• Notifications
• Trial account follow up reminders
• Welcome or sign-up messages for your web site

Read the rest of this post »

How do you ensure your messages make it into your recipients’ INBOXes?

Deliverability is key to anyone sending newsletters, announcements, notifications, or any other type of bulk email.  As a provider of premium and bulk email services, we constantly advise customers on how they can legitimately avoid having messages marked as spam and ensure that they are not black listed. In this article, we consolidate our advice for everyone’s benefit.  This includes: ensuring you have a good mailing list, maintaining your mailing list, email message content, and reputation management techniques like SPF, DKIM, and IP anonymization.

Read the rest of this post »

LuxSci has long supported SPF for inbound and outbound email.  SPF is a mechanism by which you can specify what servers are permitted to send email for your domain … and identify email from other places that may be fraudulent. This helps stop inbound Spam and helps ensure that your own messages are distinguished from any fraudulently sent ones by your recipients.

DKIM (DomainKeys Identified Mail) is the other standard for preventing email forgery.  DKIM works by cryptographically signing each email message sent.  The recipients can use information published in your DNS settings to verify if the message was sent from an approved location (e.g. the signature is valid) and that it has not been modified in transit.

LuxSci now supports DKIM for both inbound and outbound email.

Read the rest of this post »

Generally, when you send an email message and it fails to be delivered, you get a “bounce back” to inform you of this.  This delivery failure notification system is inherent in the way email works and does a good job, in general.  However, it has some serious limitations:

• The failure notice is spam filtered or otherwise lost, you will never know the message wasn’t delivered.
• Email spoofing is prevalent and that can cause you to receive all kinds of “backscatter” failure notices about messages that you never sent.  As a result, you may be blocking or deleting failure messages or may merely not notice a real failure notice amidst the back scatter garbage.
• The failure messages are long and in varied formats.  It may be difficult for the average person to determine the actual reason for the failure.
• If you have many failure messages (e.g. because you are sending out a newsletter) it is hard to convert a bunch of failure messages into a list of failed recipients together with the reasons for the failures.
• It is not simple for a manager to get reports of send failures by his/her staff … which may be very important so that business opportunities are not lost.

Read the rest of this post »

What happened to that email message that I sent 3 days ago?  It “never arrived!”.

Our Support team fields this kind of question on a daily basis.  Usually the message never arrived because the address was misspelled, the message was never actually sent, or it was filtered by the recipient’s servers.  There are many other reasons why messages “disappear” as well.

Customers sending email to mailing lists (e.g. those using LuxSci High Volume services), often want an easy way to find out what addresses failed and why, and to know for sure what messages were delivered properly.

Now, LuxSci customers can see for themselves exactly what messages have been sent and track them to learn what the disposition of any particular message to any recipient is at any time.  The new reporting tools are fast, easy, and no longer require the assistance of Support.

Read the rest of this post »

Many major Internet Service Providers (e.g. AOL, Hotmail, MSN, Comcast, etc.) have FBLs “feedback loops” for reporting SPAM complaints by their users.  I.e. if a user “marks a message as Spam”, information about that message and the fact that it was considered “Spam” by the recipient can be sent back to the originating email server, for example LuxSci.

LuxSci has participated in feedback loops for a long time .  Now we have greatly extended our participation by:

Read the rest of this post »

LuxSci has released a set of user password security features that complement many of its existing password security options so that, as a whole, they meet the needs of any kind of password security requirement.

This post reviews many of the existing password security options and highlights the new ones.

Read the rest of this post »