Published: May 24th, 2018
GDPR, the General Data Protection Regulation which asserts and enforces protections on the personal information of EU citizens is on everyone’s minds these days. This is because it impacts any company anywhere in the world that interacts with citizens of the European Union (EU), even if that only means sending email messages to them. The kicker … if you are found to be in non-compliance you could earn yourself a fine of 20 million euros or 4% of your gross annual revenue, whichever is higher.
As an email security company, we receive a lot of questions around the intersection of email and GDPR. There is a whole lot of confusion out there and ambiguity in the regulations. In this post, we answer 10 of the most prominent and important questions on GDPR and email that we have seen. The answers are at times surprising and even enlightening. However, if you are unaware of the answers to these questions, you are almost certainly out of compliance with GDPR. Read the rest of this post.
Published: May 23rd, 2018
On the 25th of May 2018 a new data protection law, the General Data Protection Regulation (GDPR), will take effect in the European Union. The GDPR aims to strengthen the data protection and privacy for all individuals within the EU and brings with it the most significant changes to data protection law in two decades. Based on privacy-by-design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.
The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardize data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.
Published: May 18th, 2018
Your eCommerce customer, Paul, has ordered a special mattress for his bed. He’s put the item into the cart, and paid for it. Now you send a confirmation of purchase email. But, instead of just a note stating that “we’ve received your payment, and your item has been posted for shipment…” or whatever boilerplate many companies send, you include that message and add photos of three sheets-and-pillowcases products that fit the mattress you just sold him. Paul has his own sheets, but has been thinking about replacing them – now your confirmation email makes him decide to buy them.
All eCommerce companies have to send transactional email, a type of email sent to facilitate an agreed-upon transaction between the sender and the recipient. Common transactional email use cases include doctor appointment reminders, account creation emails, password resets, purchase receipts, account notifications, medical lab results, and social media updates like friend and follower notifications.
What makes transactional email different from ordinary marketing email is that they are sent as part of doing actual business with people – not just chatting with, marketing to, or selling to a customer. In this respect, they are also different from so-called “triggered” emails which may be generated by a number of customer actions – not just transactions.
Transactional emails are opened eight times more than traditional marketing messages, according to a study by EPSILON. So it only makes sense to adapt your transactional email for marketing, to take advantage of this unparalleled opportunity to reach your customer with a personalized offer. Read the rest of this post.
Published: May 12th, 2018
SSL versus TLS
TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data encryption and authentication between applications and servers in scenarios where that data is being sent across an insecure network, such as checking your email (How does the Secure Socket Layer work?). The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1. With this said though, is there actually a practical difference between the two?
See also our Infographic which summarizes these differences.
Read the rest of this post.
Published: May 10th, 2018
If you are a healthcare organization and have to abide by HIPAA regulations, you may be struggling with HIPAA-compliant email marketing. Besides getting patient consent, there is the whole concern that the marketing email messages need to be secured, as in many cases the marketing messages plus the addresses or list being used imply something about the recipients … something ePHI-related.
It is a best practice to use a HIPAA-compliant email marketing service to send healthcare-related email marketing messages, newsletters, appointment reminder emails, etc. Such a service signs the required HIPAA Business Associate Agreement with you, takes care of your data, and ensures that your email messages go securely to your recipients.
Read the rest of this post.
Published: May 1st, 2018
In a question recently submitted to “Ask Erik,” John asked:
“How does sending a TLS-encrypted email sometimes become non-compliant? Lets says I send an email from my Office 365 Business account to a gmail.com account which both support TLS encryption. Is it because I do not know what path and what servers the email has to go through? Does each server have to decrypt the email and is that when it becomes non-compliant? I love the Luxsci forms by the way!”
This is a great question! In a recent survey that LuxSci did, less than 50% the people interested in secure email even knew what TLS is and how it works. So it is not surprising that there is a lot of confusion out there about what is acceptable for compliance and what is not. Read the rest of this post.
Published: April 12th, 2018
Public cloud servers are great for many things; however, sending email is not one of them.
Why Cloud Servers are Bad for Sending Email?
The IP address spaces used by the major public cloud vendors (i.e. Amazon, Rackspace, etc.) for their cloud servers are well known and are generally black- or gray-listed by anti-spam systems. Additionally, many of the IP addresses in use by these systems are additionally “polluted” from previous abusive use by spammers. When you set up a new cloud server, you could be easily assigned a “tarnished IP.” Even if you do not inherit an exceptionally bad IP reputation from the previous user(s) of your new IP, your server will still be in the uncertain neighborhood of “public cloud IP addresses.” This is the “wrong side of the tracks” and thus considered a possible spam source.
We have investigated several services that claim to offer “Cloud-Based Outbound Email” and have found that many use cloud servers for things like scanning email messages for spam and viruses, but use non-public cloud servers for the actual sending of email. This is obviously not true for all companies, but it points to the fact that if everyone might be affected, the solution is to NOT send email directly from your public cloud. There are, however, straight-forward solutions to getting email originating from such servers delivered. Read the rest of this post.
Published: April 9th, 2018
Many organizations use Google G Suite or Microsoft Office 365 for their email services. A large number of these have issues with outbound email deliverability or need outbound email encryption to achieve HIPAA compliance. LuxSci has a very simple and cost-effective solution via its email smart hosting service.
Neither Google nor Microsoft offer email encryption as part of their already expensive standard business service offerings, even if you have a HIPAA business associate agreement with them. As a result, many folks rely on third parties, such as LuxSci, that specialize in HIPAA-compliant email to fill the gap and enable the sending of secure email messages (and secure text messages) to anyone. For more information on each of these services, see:
Read the rest of this post.
Published: March 20th, 2018
We are often asked questions about Cloud Servers and Virtual Private Servers (VPS) and which is better and in what circumstances. We also find that many customers are using these terms without a good understanding of what they mean and the differences between them.
Read the rest of this post.
Published: March 19th, 2018
LuxSci has just released a number of new dedicated server options and pricing changes. This post goes over what is new, what is changing, and how it impacts existing customers. Read the rest of this post.