be Smart.
be Secure.
Phone: 800-441-6612

Email Identity Protection and LuxSci Email Hosting

We have just completed a long series of articles discussing how attackers forge email messages and what technologies and techniques can be used to counter these attacks.  See: Email Identity and Forged Email.

In this post, we will discuss some best practices when using LuxSci to maximize your protection against forged email messages.

Protecting Your Own Domain

1. Add SPF

LuxSci Supports SPF for outbound email messages.  We have a standard SPF record that we provide to all customers.  If you have dedicated servers, we can assist you with defining custom specific SPF records that authorize only the particular servers from which you send email.

2. Add DKIM

LuxSci supports the signing of email messages using DKIM.  Use our DKIM Tool to create DKIM keys for your and obtain the DNS records that need to be added.  If LuxSci manages your DNS for you, then we will setup your DKIM DNS once requested via this tool.

Use strict DKIM rules if all of your email is being sent through LuxSci.

3. Add DMARC

Not many spam filters support DMARC yet, but for those that do, you can provide instructions on what do to if both SPF and DKIM fail.  Luxsci can assist you with making these records, or you can use the DMARC Record Assistant if you have a good idea of how DMARC works.

Protecting Your Inbound Email

1. Basic Spam Filtering

If you have LuxSci’s Basic Spam Filtering, then SPF and DKIM analysis are automatically enabled and the results contribute to the overall “Spam Score” of messages.  Basic Filtering does not yet include DMARC support.

2. Premium Email Filtering

Premium Email Filtering also already supports SPF and DKIM and will support DMARC in the future.  Premium Email Filtering has a number settings recommended for identity protection that are not enabled by default:

  • Click Protect
    1. This replaces all links in email messages with redirects through the Premium Email Filtering system
    2. These links are scanned for malicious pages and compared to phishing sites both when the message is filtered and later again when you click on it
    3. You can control what happens based on the Riskiness of the link:  Allow click through, warn, deny, log, etc.
    4. This is a very good way to protect end users against phishing and malware scams.
  • HTML Shield
    • Removes malicious JavaScript and other HTML components (flash, iframes, etc) from email messages to sanitize them and make them safer.
  • Allow lists with SPF validation
    • Add domains to your allow list so that any email from them goes through the filters without issue — assuming that the message passes SPF as well.
  • Enforced TLS
    • Only accept email from specific domains when TLS is used.  This blocks spam and forged email being sent from servers and mailers that are not TLS-enabled.
  • Enforced SPF
    • Require SPF checks to pass for messages from specific domains.
  • Enforced DKIM
    • Require DKIM checks to pass for messages from specific domains.

Premium email filtering allows you to lock down email from a set of domains so that you can much better ensure that the messages are not likely to be forged.

3. LuxSci WebMail and SecureChat

Your LuxSci WebMail Settings Page has a number of options to allow you to better protect yourself.  These include:

Secured Email

Using LuxSci SecureLine email encryption, you can use a secure web portal for message pickup and/or PGP or S/MIME for encryption and digital signatures.  These methods can ensure email identity.


Using LuxSci SecureChat for a full-encrypted and identity-verified closed communication system ensures compliance and identity in all communications over SecureChat, automatically.

Always display the email addresses of message senders and recipients instead of their names.

It is best to know the actual email address that the message is from, rather than just the purported sender name — which can be completely arbitrary.  Enable this option to always see the email addresses.

Enable email message previews

LuxSci WebMail has a feature that will allow you to see a plain text preview of your message content (1-25 lines of text, your choice) without even marking the message as read.  These plain text previews are completely safe — you cannot get an infection from JavaScript, images, or any other objects in the messages; Senders will not know that you read the preview even if they have advanced email marketing tracking codes built into the message. Preview content cannot be dynamically affected by JavaScript or other technologies.

Previews give you a fast, clean, safe way to see what the message is about before you actually open it.

Viewing email messages

LuxSci’s WebMail removes script and style tags and many other objects from HTML-encoded messages before rendering them to you in the message display area.  This provides some degree of sanitization and protection.  If you open an HTML attachment “in a new window”, however, no sanitization is performed so that you can see that HTML “as is”.  So — just be aware of the difference.

Also, while many kinds of tags are removed when you view an HTML message, it is still possible for foreign JavaScript to be active in the message display, so you must still be wary.  This goes for viewing messages in any Web interface or email program.

Copy and paste links

If you are ever unsure about a link in an email message, the safest thing to do is to right click on the link and copy it and past it in to a text editor or MS word and see what the link is.  Then, if it looks legitimate, you can past it into a browser window or, even better, navigate  to that site normally without use of the link.

Note that in some cases, JavaScript can intercept your right-click action and cause an event to fire … such as redirecting you to a malicious web page.  This is not very common but technically possible.

Convert to Plain Text

LuxSci WebMail allows you to make many different kinds of custom email filters which process messages server-side on delivery.  One useful option for such filters is to convert messages to “plain text”.  E.g. you could save a full copy of all email to 1 folder and have only a plain text copy be saved to your INBOX.   The plain text copy will be safe to view and interact with (like the previews are).  IF you need the full message … you can go and look at it any time you need.

Check DKIM

The custom email filters tool also allows you to design rules that affect messages that pass or fail DKIM … so, for example, you could choose to discard ones that do not or to tag as “GOOD” messages that do pass.

Viewing source and headers

LuxSci WebMail makes it easy to view the full source and/or the full headers of any email message if you want to get your hands dirty with some snooping on the raw content of specific email messages.


Leave a Comment

You must be logged in to post a comment.

• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries