" escrow Archives - LuxSci

Posts Tagged ‘escrow’

How to Tell If Someone Read Your Email: Read Receipts and Web Bugs

Tuesday, January 30th, 2024

We’ve all been in this scenario: you send an important email to your boss or a client, and then you wait, stressed out and anxious to know if they received it and their response. Typically, you can request a read receipt when sending the message to confirm the email was received. Another method, HTML web bug tracking, can also be used to see if an email message was read. However, spammers often use this method to identify active email addresses. Both methods are unreliable ways to tell if the recipient read an email.

The only way to have complete confidence that a message was read is by using a secure web portal solution like LuxSci’s SecureLine Escrow. It also allows for message retraction, which can be helpful when handling sensitive information.

This article explains how read receipts and web bugs work and how you to tell if someone read your email.

email read receipt

What Are Read Receipts?

Read receipts are requests attached to an email message by the sender. Most email programs, like Outlook, Thunderbird, and LuxSci WebMail, allow read receipts to be added to email messages and allow senders to choose if receipts are sent “never,” “on-demand,” or “always.”

Sending: Read receipts are implemented by adding a special “Header” to the headers area of the outbound email message. For example, if somebody@luxsci.net sent an email message and wanted a Read Receipt, the following “Disposition-Notification-To” header would be added:

Disposition-Notification-To: somebody@luxsci.net

Receipt: When the recipient opens the message, the recipient’s email program may see this header and send a special “Delivery Notification” email back to somebody@luxsci.net. When somebody@luxsci.net gets this notification, they know the message has been read.

Read Receipts are Not Reliable

Read receipts are not a reliable way to know if a message has been read. Why?

  • No Support: The recipient’s email program might not support responding to read receipt requests. In this case, receipts would never be sent.
  • Refusal: Even if the email program supports read receipts, the programs generally allow recipients to choose whether to respond. Recipients could choose to respond “never,” “always,” or “decide each time.” The default usually prompts the recipient and allows them to decide yes or no for each receipt.

So, if you use a read receipt to confirm delivery, you will only get a receipt if the recipient wants you to. Sending read receipt requests is unreliable for confirming the read status of a message in general, especially if the recipient denies that the message was even received!

What are Web Bugs?

So, we’ve established that read receipts aren’t 100% reliable because users can choose not to respond to them. Web bugs try to get around this problem by not letting the recipient know you are checking to see if they read the message. To explain how web bugs work, first, we must take a step back to explain how images are transmitted within email.

When an HTML-formatted email message is opened, any referenced external objects, such as images, are downloaded from the internet and displayed. For example, if someone sends you an email message with a link to display a picture that is not attached to the message but hosted elsewhere, your email program will download that image and display it.

Web bugs are contained within image files. To send a web bug, the sender includes some unique tracking code in the link to a picture in the email. When the email is received, the picture is downloaded, and the web server where it was stored records that download, complete with the date, time, tracking code, and the computer’s IP address. By looking at those web server log files, the sender can confirm if you have downloaded the image and, thus, if you have read the message.

Typically, the tracking code is attached to some small, innocuous image. These small tracking images are collectively known as web bugs because they are invisible to the recipient and are meant to secretly transmit data back to the sender, like a phone bug in a spy movie.

Why Web Bugs Are Not Reliable

Unfortunately, spammers often use web bugs to detect active email addresses. As a result, many email providers have taken steps to reduce their impact. That means that web bugs are also not a reliable way to know if a message has been read. Why?

  • No HTML: No images or other objects will be downloaded if the recipient opens the message in an email program with HTML support turned off. For example, LuxSci WebMail shows recipients a plain text preview of their messages. There is no way to track opening the plain text preview of a message using a web bug.
  • Images Off: If the recipient has turned the display of external images off in their email program, the web bugs will never be downloaded. This is an optional feature in some programs like Thunderbird and LuxSci WebMail.
  • Web Bug Extraction: Some email filters will auto-detect images that look like web bugs (i.e., images that look like tracking codes) and automatically remove them by replacing them with transparent images. The web bugs would not be downloaded in this case, but other images would appear as expected. LuxSci’s Premium Email Filtering can do this.

Spammers don’t care that this is not 100% reliable. It is “good enough” to identify many valid recipients and thus allows them to narrow down their lists and send these people more spam.

How to Tell if Someone Read Your Email

So, as we’ve learned, read receipts and web bugs do not always work and cannot be relied on to indicate if a message was read. What options do we have left?

The only way to tell if your email message was read is if you can control the recipient’s ability to access the message. A common way to do this is to:

  • Save the message on a website over which you have control.
  • Send the recipient a notice that a message is waiting for them on that website and provide them with the means to access it.
  • Record when the recipient successfully connects and uses their access credentials to open the message.

By controlling the message location, you can know if and when the message was retrieved. You also know how many times it was accessed and from what IP address(es), and you could remove access to it (i.e., retract it) at any time.

Other email systems may also provide reliable ways of read access tracking. In every case, it depends on if:

  • The system is configured to support it, and
  • Having complete control over the system that the recipient uses to access the message.

If you cannot control your recipient’s email system, consider using a secure web portal system with tracking included, such as LuxSci’s SecureLine Escrow.

Tags: email, escrow, message retraction, privacy, read receipt, secure web portal, secureline, web bug
Posted in LuxSci Library: Security and Privacy, LuxSci Library: The Technical Side of Email
No comments »

HIPAA-Compliant Secure Email: Understanding Encryption

Tuesday, August 15th, 2023

Email encryption is an important topic to understand when evaluating HIPAA-compliant, secure email vendors. Encryption is an addressable standard for HIPAA compliance, but if you send sensitive information via email, encryption is the easiest way to meet the standard.

The two most common email encryption methods include SMTP TLS and Secure Portal Pick Up. This article will discuss their differences and guide users on selecting the right option for HIPAA-compliant secure email.

secure email sending

Read the rest of this post »

Tags: email encryption, escrow, hipaa, hipaa compliance, hipaa-compliant email, s/mime, secure email, smtp tls, ssl, tls
Posted in LuxSci Library: HIPAA, LuxSci Library: Security and Privacy
No comments »

New Feature: Secure Email Tagline

Thursday, June 23rd, 2022

LuxSci is introducing a new email tagline feature to inform recipients that email messages are secured. This helps build trust and increase confidence with less tech-savvy recipients who do not understand how email encryption works.

secure email tagline

TLS Encryption

TLS encryption is now widely supported by the most popular email providers. As a result, more organizations are choosing to send emails containing sensitive data with TLS encryption. There are a few reasons for this:

  1. TLS encryption is permitted under HIPAA and most compliance regulations.
  2. It’s easier to use and does not require recipients to log in to portals to access their messages.
  3. The open and response rates are higher on TLS encrypted messages.

However, using only TLS to encrypt emails can be confusing to the laypeople receiving them. While it’s easy to use and “invisible,” that can be concerning when transmitting sensitive information. If it looks like a regular email, recipients may be concerned that the organization does not care about the security of their personal information. This perception can negatively impact the business and dissuade people from using digital channels.

Introducing a New Email Tagline

For these reasons, all Email Hosting, Secure Connector, Secure High Volume Email, and Secure Marketing customers who send emails encrypted via SecureLine will have a small tagline at the bottom of the email that indicates the message is secure. It looks like this:

message secured by LuxSci tagline

This tagline builds trust and lets the recipient know that the company has taken steps to secure sensitive data. If you are an existing customer, visit your email settings or contact Customer Support to enable this feature. New customers will automatically have the tagline enabled when sending SecureLine encrypted emails.

Tags: email encryption, email security, encryption, escrow, portal pickup, tls, tls encryption, user experience
Posted in Email, New Feature Announcements
Comments Off on New Feature: Secure Email Tagline

Ask Erik: Is misaddressed email a HIPAA breach?

Friday, December 8th, 2017

Read the rest of this post »

Tags: breach, email, escrow, hipaa, recipient, tls
Posted in LuxSci Library: HIPAA
No comments »

Next Generation Data Loss Prevention (DLP) with LuxSci Secure Email

Tuesday, September 29th, 2015

Data Loss Prevention (DLP) describes a plan for companies to control the sending of sensitive data.  E.g. this can include controls to stop the flow of sensitive data or to ensure that sensitive data is always well-encrypted (for compliance) when sent.

In the context of email, DLP is usually achieved through the following formula:

  1. Construct a list of words, phrases, or patterns that, if they are present in an email, signify an email message that may contain sensitive information.
  2. Have all outbound email scanned for these words, phrases, or patterns
  3. For messages that match, take action:
    1. Block: Refuse to send the message, or
    2. Encrypt: Ensure that the message is encrypted
    3. Audit: (and maybe send a copy of the message to an “auditor”)

This classic DLP system is available through many email providers and has been available at LuxSci for many years as well. However, it does have a glaring limitation — no matter how complete and complex your DLP pattern list is, it is almost certain that some messages containing sensitive information will not quite match (or the information will be embedded in attachments that can’t be searched properly).  If they do not match, then they will escape in a way that may be considered a breach.

Read the rest of this post »

Tags: data loss prevention, dlp, encrypt, escrow, hipaa, pgp, s/mime, tls
Posted in LuxSci Library: HIPAA, LuxSci Library: Security and Privacy
No comments »

« Older Entries