" email Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci

Posts Tagged ‘email’

How can I determine if an email was actually sent to me?

Wednesday, June 14th, 2017

Someone claims to have sent you an email message.  You never got it, as far as you know.  How can you determine if the sender actually sent the message?  How to you prove or disprove the claim?

This question is submitted by a reader via “Ask Erik” — a channel by which anyone can ask LuxSci a technical question.

Email

Read the rest of this post »

Self-Addressed Spoofed Email: How to Shut Down Spam

Thursday, May 11th, 2017

Spam messages coming from… your own email? This may sound like a cheesy movie plot, but this form of spam, known as “spoofing,” can have horrifying consequences if they result in compromised security, stolen data, or malware on your company’s machines. Read on to find out how to snuff out spoofing and help everyone avoid these attacks in the future.

Forged Email

Read the rest of this post »

How do I send HIPAA-compliant lab results via email?

Friday, May 5th, 2017

A question about HIPAA-compliant transactional email from Ask Erik:

As a non-technical member of the founding team of a Health Care Startup I have a question about HIPAA-compliant email as we begin to send out lab test results to individuals and the health care providers we partner with:

“Does one dedicated email address for results distribution that is HIPAA-compliant and secure make us in compliance. ”

We have team members who communicate with our DDS clinics but they don’t distribute test results. Only I will do that through a dedicated email address.   What do we have to do to be compliant from day one of distributing test results as part of our service to our customers (primarily dentists and oral surgeons)?

I was told by the service provider of our website and email hosting services that if we made the one email address a Business Premium account using the Microsoft Secure Server, that all the other regular email addresses would be covered as well. Is this true?

Thank you for the forum to ask real life scenario questions.

Lab results to email

Hello,

There are many aspects to your question.  Lets address each one in turn:

Read the rest of this post »

What is really protected by SSL and TLS?

Saturday, April 8th, 2017

This question came in via Ask Erik:

Hi Erik,

I stumbled upon your blog while trying to learn a little about SSL/TLS in the context of client/server e-mail sessions, i.e. not web mail which I understand to be an HTTP session.  I am just an ordinary user with no special security needs but I find all this news about corporate and government surveillance to be troubling for both philosophical and practical reasons.  In any case my questions is quite simple.

My e-mail client, apple mail, and my e-mail service provider both support SSL so my e-mail exchanges between my computer and the server are encrypted.  I understand that I can’t control what happens with other e-mail servers.  What I am trying to understand is what does it mean to be encrypted?  When an e-mail leaves my computer how much of the message is encrypted?   Are the e-mail headers encrypted including the sender and recipient e-mail addresses.  I would assume so but nobody talks about the details.  What metadata trail does a user leave when using SSL/TLS.  Is it is as simple as the destination and sending IP address with everything else encrypted?  Reading Data and Goliath right now by Bruce Schneider which talks about a lot of this stuff but again doesn’t give quite enough detail.  At the end of the day I am trying to understand how much protection SSL really provides.

SSL (now TLS) protects data as it travels across the Internet. To understand in detail how SSL works, we recommend reading: How does Secure Socket Layer (SSL andTLS) work?  However, looking at how the protocol works can leave answers to some of these fundamental questions a little unclear.  Lets address them one by one.

SSL and TLS Security

Read the rest of this post »

Am I at HIPAA-risk if a patient replies to my secure email message?

Tuesday, January 31st, 2017

Here is a question from “Ask Erik:”

Dear Dr. Kangas,  When I write an email to a patient from my LuxSci account, it is encrypted and therefore HIPPA compliant.  When they write me back from their regular email address (it’s often hard to get them to sign up at LuxSci), they are putting [PHI /Medical Information] out without security, but that is not my HIPPA violation as I understand it because patients are not required to keep their PHI secure.  Yet often a patient replying to my email simply hits ‘reply’ and my email is attached to their reply, putting my original email in an insecure from on the Internet.  Does that become therefore a HIPPA violation of mine, especially if I continue to allow this without telling the patient to stop doing this?

Read the rest of this post »

Why am I still getting spam at my old email provider?

Wednesday, January 18th, 2017


This question came in through “Ask Erik:”

Hi Erik,

I came across your article entitled Split Domain Routing: Getting Email for Your Domain at Two Providers while trying to figure out why one of the people in the small 3 person company I am affiliated with got a call from our web hosting and domain name company asking him to increase his email storage capacity even though we had migrated our email service away from them 2 years ago and at that time had redirected our DNS MX records to our new email provider.

When I looked at my colleague’s email on the old service, I saw that he is still receiving spam mail there even though he is getting all his business mail through the new provider. How is it possible that he gets any mail at the old place at all now? I think the money he paid them is a completely ripoff as that is not his working email! Unfortunately I am the only one of the 3 of us that understands any of this…and that isn’t saying much. Thanks for any thoughts.

Hello!  This is actually quote a common scenario.  If you do not close down your account with your old email provider, then that provider will usually still accept inbound email addressed to you which arrives at its servers.

Read the rest of this post »

LuxSci’s 2016 Advancements – The Year in Review

Saturday, December 31st, 2016

LuxSci has been really busy in 2016!  Besides migrating customers from McAfee due to the “end of life” of their filtering and archival services, keeping up with the changing security landscape, and replacing our Enterprise Server Environment with a newer, faster, more scalable, and more secure private cloud, LuxSci has been hard at work adding new features and extending existing services in the directions most requested by our customers.  Here are some of the highlights.

Read the rest of this post »

Query the LuxSci API for Email Sending and Delivery Status Reports

Thursday, July 16th, 2015

LuxSci’s API has been expanded to enable automated queries for reports of:

  1. What messages have been sent from SMTP and/or WebMail
  2. The current delivery status (tracking) of these messages
  3. Feedback loop notices for these messages
  4. The history of SMTP login failures and sending failures due to sender usage problems

All of these reports are available at the account level (e.g. to download information for one or all users in an account) and at the user level (where someone using the user API can query data about his/her own sending activity).  Each API request can return up to 50,000 matches or 50MB of data and you can easily submit multiple queries to “page” though very large result sets.  The queries support refinement by date range, customization of the number of matches returned at once, and include report-specific search capabilities so that, for example, you could find only message sent to a particular person or which have a particular delivery status.

These reports are available to all customers — business email, dedicated, and High Volume email sending.

Read the rest of this post »

Email Delivery: How do you know if they got your message?

Monday, May 18th, 2015

You just sent an important business communication via email and assume all is well … but what if that email was not received?

How do you know?  There could be significant delays or consequences if the message was not delivered.  What can you do to put your mind at ease?

Read the rest of this post »

Is your Accountant protecting your privacy and identity?

Wednesday, April 15th, 2015

Everyone always harps on the necessity of privacy when discussing health care, government, and banking communications.  It is surprising how little attention is paid to email security with regards to accounting and tax preparation.   There is a real danger of identity theft, unintended information disclosure, as well as invasion of privacy when using tax preparation services or organizations that do not use secure email.  Why is this?

Read the rest of this post »