Why am I still getting spam at my old email provider?

Published: January 18th, 2017

This question came in through “Ask Erik:”

Hi Erik,

I came across your article entitled Split Domain Routing: Getting Email for Your Domain at Two Providers while trying to figure out why one of the people in the small 3 person company I am affiliated with got a call from our web hosting and domain name company asking him to increase his email storage capacity even though we had migrated our email service away from them 2 years ago and at that time had redirected our DNS MX records to our new email provider.

When I looked at my colleague’s email on the old service, I saw that he is still receiving spam mail there even though he is getting all his business mail through the new provider. How is it possible that he gets any mail at the old place at all now? I think the money he paid them is a completely ripoff as that is not his working email! Unfortunately I am the only one of the 3 of us that understands any of this…and that isn’t saying much. Thanks for any thoughts.

Hello!  This is actually quote a common scenario.  If you do not close down your account with your old email provider, then that provider will usually still accept inbound email addressed to you which arrives at its servers.

Read the rest of this post »

LuxSci’s 2016 Advancements – The Year in Review

Published: December 31st, 2016

LuxSci has been really busy in 2016!  Besides migrating customers from McAfee due to the “end of life” of their filtering and archival services, keeping up with the changing security landscape, and replacing our Enterprise Server Environment with a newer, faster, more scalable, and more secure private cloud, LuxSci has been hard at work adding new features and extending existing services in the directions most requested by our customers.  Here are some of the highlights.

Read the rest of this post »

End of Support for Internet Explorer 8 and Windows XP/Outlook

Published: December 28th, 2016

As of January 9th, 2017, LuxSci is ending support for Internet Explorer 8 and Outlook (all versions) running on Windows XP.

Internet Explorer 8.  This very old browser has worked to varying degrees with LuxSci.  Starting mid-January, LuxSci will be explicitly dropping support for Internet Explorer 8 by using new JavaScript libraries that do not support Internet Explorer 8.  Microsoft ended all support for Internet Explorer 8 on all versions of Windows on January 12th, 2016.  It ended all support for it on Windows XP (where it was primarily used) in April, 2014.

Internet Explorer 8 is very old, unsupported, and insecure.  It does not support many of the modern web standards used by modern web sites.  Anyone who is still using Internet Explorer 8 should either upgrade to a newer version of Internet Explorer (or Edge) and switch to an alternate supported browser such as Chrome or FireFox.

Windows XP and Outlook. In the interest of security, LuxSci often has to change the list of encryption ciphers supported by its servers — dropping those that are deemed too insecure and adding new ones.  Starting January 9th, LuxSci will be pushing out changes that remove support for the last TLS cipher that we supported that was also supported by Outlook running on Windows XP.  Once this change happens, Outlook on Windows XP will no longer be able to make secure IMAP, POP, or SMTP connections to LuxSci servers.    This will apply to any version of Outlook running on XP, as Outlook uses the (old) encryption services built into XP itself.  Windows XP itself has not been supported since April, 2014, and should be avoided for security reasons at this point.

Anyone affected by this change should either (a) upgrade to a newer version of Windows, (b) use an alternate email program that brings its own encryption libraries (e.g. Mozilla Thunderbird), or (c) use LuxSci WebMail directly using a supported web browser.

Outlook running on newer operating systems will continue to be supported as usual.

McAfee Migration Deadline Approaching

Published: December 9th, 2016

McAfee has been LuxSci’s partner for premium email filtering and email archival services, well, since these services were owned by McAfee-acquired  MXLogic and MXLogic first started setting up partner relationships.  A long time.

In late 2015, McAfee announced that it was ending its email filtering and archival service offerings, effective January 11th, 2017.  They gave everyone about 1 year to find alternatives and move away before the plug is pulled.

LuxSci chose two replacement companies: Proofpoint for email filtering and Sonian for email archival.  Both are very good; Proofpoint was even the 2015 pick by Gartner as the best in email filtering.  We announced this change in December of 2015:

Introducing Proofpoint and Sonian to replace McAfee for Premium Filtering and Archival

Over the past year, LuxSci has been working long hours migrating its 1000s of customers from McAfee to these new services.  All customers who were previously using McAfee have migration-related support tickets with detailed information and instructions on the process.  A majority of customers are all set — their migrations are complete.

There are, however, several hundred customers who have yet to complete the migration of their email filtering to Proofpoint: their email is still flowing through their old McAfee accounts.  These customers are in charge of the DNS settings for their domains, so LuxSci can not complete the migration steps without their assistance.  These customers need to follow the instructions in their migration tickets, which includes:

Read the rest of this post »

Does HIPAA really permit reminding patients to pick up their prescriptions?

Published: December 8th, 2016

We get calls and text messages from pharmacies like CVS, reminding us that it is time to pick up and/or renew our prescriptions for drugs or other medical items. When you think about HIPAA, this is confusing. In many cases, these reminders constitute Protected Health Information (PHI) … so is this really allowed?

The default answer of “it must be OK if CVS is doing it” is naive as it loses all of the context about what is and is not permitted and does not shed any insight into when and how other organizations may similarly inform or remind patients of things such as prescriptions and appointments.

Is it really PHI?

Read the rest of this post »

Upcoming Changes to Hosted MySQL Remote Access

Published: December 6th, 2016

Starting this weekend, LuxSci will be rolling out security changes that will lock down remote access to hosted MySQL databases. In particular, it will no longer be possible to connect directly to your hosted MySQL database from a remote location (i.e. from a computer or server outside of LuxSci’s hosted infrastructure) without an additional step. This change hides hosted MySQL databases from remote scans and attacks and also aligns with security lockdowns required for PCI compliance and other best practices.

LuxSci already locks down remote MySQL access on most accounts so that it is only available over SSL or VPN tunnels. This change takes things a step further and completely removes the MySQL servers from remote visibility.

Read the rest of this post »

What is HIPAA-Compliant Cloud Storage?

Published: November 11th, 2016

HIPAA-compliant cloud storage complies with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to ensure the security of healthcare patients’ data stored on remote servers accessed from the internet.

HIPAA governs how healthcare providers and their business associates, as defined in the Act, can store, manage, and share personal health information (PHI). If you’re a healthcare provider (or a cloud storage provider working with a healthcare provider), it’s important to understand how HIPAA applies to cloud storage.

With the rising popularity of services like iCloud and Dropbox, many people and companies have become more comfortable with cloud storage. There’s no question these services are convenient; being able to access universally synced data anytime, anywhere, from any device, is incredible.

HIPAA-compliant cloud storage

But that doesn’t mean these services are HIPAA-compliant. HIPAA introduces particular requirements that not every cloud storage provider satisfies.

Don’t make the mistake of assuming that a particular cloud storage option will comply with HIPAA. Storing your data “in the cloud” can make it difficult to achieve the level of security required of healthcare.

Here’s what you need to know about cloud storage to make sure your data is safe and sound — and HIPAA-compliant.

Read the rest of this post »

What Are HIPAA Hosting Requirements?

Published: November 7th, 2016

HIPAA Hosting Requirements are a set of rules that place the responsibility of protecting the privacy of patients’ healthcare data on the healthcare provider and their business associates. Whether using a hosting center, a third-party datacenter, or keeping the servers in-house, if you’re a healthcare provider or a business managing protected health information (PHI), your hosting must comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

HIPAA Hosting

There are three HIPAA requirements:

Read the rest of this post »

What Is HIPAA-Compliant Videoconferencing?

Published: October 10th, 2016

HIPAA-compliant videoconferencing is a form of telecommunication used in health settings, allowing multiple parties (e.g. doctor and patient) to communicate via two-way video and audio transmissions. It provides patients with the same privacy and confidentiality that applies to in-person visits, protecting their information and giving the same care to storage and dissemination of the video as to paper documents under the Health Insurance Portability and Accountability Act (HIPAA).

There are many advantages to videoconferencing with patients, rather than meeting them in-person. Some patients have limited mobility, making it difficult for them to physically visit a healthcare provider. Some patient follow-ups only require a quick conversation and don’t require a physical examination. For many patients, it may also be much more convenient to have a video conversation than to travel to doctor’s office.  An additional benefit is the cost savings; videoconferencing can be much cheaper than in-person visits.

Read the rest of this post »

Your Guide to a HIPAA-Compliant Website

Published: July 25th, 2016

The digitally savvy Internet user knows to check and see whether a website is secure before passing along any personal information like credit card numbers. TLS (SSL) certificates and encryption help keep hackers at bay by adding an extra layer of security to the typical website, preventing prying eyes from seeing information transmitted to and from the website. The need for website security also applies to HIPAA compliance when it comes to healthcare websites. Many doctors’ offices and healthcare companies want to keep up with the digital trend—and for good reason. Having a place online where individuals can apply for prescriptions, schedule appointments, and even get consultations is invaluable for both the patient and doctor. It saves everyone time, and it’s easier and more convenient than making a trip to the doctor’s office. But if there’s a breach of HIPAA regulations, even an unexpected or unintentional one, the cost and penalties can add up fast.

HIPAA-compliant website

Whether you’re building a new website for your healthcare company or seeking to make an existing site fully compliant with HIPAA standards, there are plenty of straightforward ways to ensure you have your bases covered. Here’s a quick overview of what makes a website HIPAA-compliant today, what to watch out for, and what best practices to maintain.

Read the rest of this post »