LuxSci

Control Email Forwarding with TLS-Only Restriction

Published: February 18th, 2010

LuxSci has added two new features to help administrators manage the forwarding of email in their accounts so that they can meet HIPAA and other regulatory requirements and at the same time easily control the actions of their users:

  • Globally restricting email forwarding to only recipients whose email servers support SMTP TLS for message transport encryption, and
  • Globally restricting users from managing their own email forwarding settings.

TLS-Only Email Forwarding

LuxSci SecureLine now has a feature that can restrict all types of email forwarding rules in an account from sending messages to any recipients whose email servers do not support SMTP TLS.  Note that this does not limit “forwarding” email messages manually using WebMail or an email program (though that can be restricted as well using SecureLine Outbound Email Encryption and its optional TLS-Only settings).

What is restricted:

  • User email forwarding rules
  • Custom server-side email filtering rules which result in forwarded email messages
  • User settings which result in the forwarding of copies of sent email to an arbitrary email address
  • Domain settings which send copies of all inbound or outbound email to an arbitrary email address
  • Domain settings which send copies of outbound email messages which match a set of content monitoring criteria to an arbitrary auditor email address.
  • Email aliases which forward their email to one or more addresses
  • Catch-all email aliases which forward their email to one or more addresses

You can check and see if your account has any insecure forwarding rules currently in place by using the “Security Audit Report” in the “Reports” section of your account administration area.

If you enable TLS-Only Email Forwarding, all insecure forwarding rules will be auto-disabled.  Also, if any of the recipients servers decide to not support TLS anymore, then the forwarding will also be disabled.  Under no conditions will messages be forwarded insecurely by a forwarding rule when this setting is enabled.

Email Forwarding Restrictions

Administrators can also use the new email forwarding restrictions available in the “Email Settings” area of their “Advanced Administration” pages to control what users can view and edit personal email forwarding settings.

By default, all users can view and edit their own settings and this can be controlled on a per-user basis in the User Administration area.  This new setting allows you to globally restrict viewing and editing for user forwarding settings of all users to only account administrators or account and domain administrators.  I.e. regular users can be restricted from seeing and editing their:

  • Email forwarding settings
  • Custom server-side email filters (including those which may forward email)
  • User settings which result in the forwarding of copies of sent email to an arbitrary email address

In this way, account administrators can:

  • Impose settings on users that they are restricted from viewing or changing
  • Force users to get approval for any changes to forwarding or filtering settings by requiring that all such changes are made by an administrator.

The Benefits

With these two new features, account administrators:

  • Can ensure that messages are not forwarded insecurely
  • Can ensure that users are not forwarding messages to undesirable email addresses
  • Can more easily comply with HIPAA and other regulatory requirements on email flow with less setup and less need to oversee their users.

Leave a Comment


You must be connected or logged in to post a comment. This is to reduce spam comments.

If you have not previously commented, you can connect using existing social media account, or register with a new username and password.