" email Archives - Page 2 of 9 - LuxSci

Posts Tagged ‘email’

Is Email Archival Required by HIPAA?

Tuesday, April 5th, 2022

Customers often inquire if email archival is required by HIPAA regulations.

There is a great deal of confusion and uncertainty here because:

  1. HIPAA lists many requirements but does not provide specific instructions on implementing them. It’s ambiguous but provides a great deal of flexibility for organizations.
  2. Email archival adds a fixed cost to any email solution – and everyone prefers to avoid unnecessary costs.
  3. Due to time and budgetary constraints, many organizations want to do the minimum needed for compliance.

email archival hipaa

In our opinion, email archival is an implicit requirement of HIPAA for all organizations that send ePHI via email. In the next section, we’ll review why.

Read the rest of this post »

Tags: backup, disaster recovery, email, email archival, hipaa, HIPAA email, required
Posted in Email Archival, LuxSci Library: HIPAA
No comments »

HIPAA-Compliant Email Hosting or Outbound Email Encryption?

Tuesday, January 25th, 2022

There are many ways to protect ePHI in email. HIPAA is technology-neutral and doesn’t make specific recommendations for how to protect email communications. This article explains the difference between a HIPAA-compliant email host and an email encryption gateway. These are just two of the options for securing email accounts.

email encryption

Read the rest of this post »

Tags: email, email encryption, email security, encryption, hipaa, hipaa compliance, outbound email encryption, outlook, secure connector, secure email, secureline, smtp
Posted in Email, SMTP Connector
No comments »

Zero Trust Email

Tuesday, July 20th, 2021

Our third article on Zero Trust Architecture covers zero trust email and the systems it requires. In May, the Biden Administration announced a new approach to cybersecurity that included a push toward Zero Trust Architecture. We have already covered Zero Trust Architecture as a whole, and also talked about how dedicated servers are important parts of the zero trust model. Now, it’s time to talk about zero trust email.

zero trust email

Zero Trust Email and Encryption

As we discussed in our previous articles, Zero Trust Architecture begins with the presumption that an organization’s network may not be secure. Because attackers may already be inside the network, NIST stipulates that:

“…communication should be done in the most secure manner available… This entails actions such as authenticating all connections and encrypting all traffic.”

This means that emails always need encryption. While many organizations recognize external threats and encrypt their sensitive external communications, it’s still common for workplaces to use unencrypted communication methods within the company network. This is generally done under the outdated assumption that the internal network is secure.

Zero Trust Architecture understands that any attacker within the network could easily read these communications. This is why zero trust email needs to be encrypted, even when it’s within an organization’s private network. One step in this direction is to force TLS for email encryption for all entities.

The zero trust model also requires encryption at rest, so emails also need to be protected in storage, not just in transmission.

Authentication and Zero Trust Email

NIST’s publication on Zero Trust Architecture also stipulates that:

“Access to individual enterprise resources is granted on a per-session basis. Trust in the requester is evaluated before the access is granted. Access should also be granted with the least privileges needed to complete the task.”

When it comes to zero trust email, this means that sensitive messages require authentication and authorization to be read. TLS encryption alone is not sufficient, because it doesn’t have the full capability for this type of verification. While it does allow authentication and authorization on the recipient’s email account, it cannot do so on the raw message data.

LuxSci supports:

  • Sender Policy Framework (SPF) – This is a system for email authentication that can detect forged sender addresses. Due to its limitations, it is best to complement it with other email authentication measures.
  • DomainKeys Identified Mail (DKIM) – This authentication method can detect email spam and phishing by looking for forged sender addresses.
  • Domain-based Message Authentication Reporting and Conformance (DMARC) – This email authentication protocol complements SPF, allowing it to detect email spoofing. It helps to protect organizations from phishing, business email compromise attacks, and other threats that are initiated via email.

Each of these email authentication measures are useful for verifying sender identities. LuxSci also offers premium email filtering, and together these techniques limit the trust that is applied to inbound messages.

Together, these techniques identify legitimate email messages while filtering out those that are unwanted or malicious. While it isn’t directly stated in the NIST guidelines, SPF, DKIM and DMARC can all be integral parts of the zero trust framework.

Access Control and Zero Trust Email

In addition to measures for encrypting messages and verifying inbound emails, zero trust email requires granular access controls to keep out intruders. LuxSci’s Secure Email Services include a wide range of access controls that limit unauthorized access while still making the necessary resources available. These include:

  • Two-factor authentication
  • Application-specific passwords
  • Time-based logins
  • IP-based access controls
  • APIs that can be restricted to the minimum needed functionality

These configuration options help reduce the likelihood that a malicious actor can access your systems. They also limit the sensitive email data that an attacker may have access to if they do manage to compromise an organization’s network.

LuxSci’s Zero Trust Email

As a specialist provider in secure and compliant services, LuxSci’s offerings are well-positioned as zero trust email solutions. Our Secure Email aligns with Zero Trust Architecture for every industry vertical, not just HIPAA. Contact our team to find out how LuxSci can help secure your organization with a zero trust approach.

Tags: access controls, authentication, dkim, DMARC, email, email encryption, secure email, spf, zero trust, zero trust email
Posted in Dedicated & Cloud Servers, Email, LuxSci Library: Security and Privacy
Comments Off on Zero Trust Email

How to Create Email Suppression Lists

Tuesday, June 29th, 2021

LuxSci customers are now able to create email suppression lists. In this article, we will walk you through how to create an email suppression list in your own account.

email suppression lists

What is an Email Suppression List?

First, it may be helpful to clarify exactly what a suppression list is. It’s simply a list of email addresses to which all email sending should be blocked (or suppressed). There are many reasons why you might want to use a suppression list. One example is to track people who have opted-out of receiving marketing emails. When someone decides to unsubscribe from a mailing list, their email address can be placed on a suppression list that prevents them from receiving future emails.

Suppression lists are used to manage:

  • requests for removal from mailing lists,
  • requests to never be emailed, and
  • lists of people who have complained about emails sent from your account (i.e., by marking it as Spam).

LuxSci & Email Suppression

LuxSci Secure Marketing customers already have access to suppression tools for email marketing. The new suppression features apply to all email sent via:

  1. WebMail
  2. SMTP
  3. Secure Connector/smart hosting
  4. API
  5. Secure Marketing (Secure Marketing has additional suppression list functionality which is applied first).

Suppressions do not apply to email sent:

  1. via SecureForms
  2. from web hosting (that does not send through an authenticated SMTP connection or API call).

To view these features in your own account, login to the WebMail portal and navigate to the Settings page. From there, go to “Outbound Email” and select “Email Suppression.” From there, you will be able to add up to 500 new email addresses to be suppressed.

Email suppressions can be applied at the account, domain, and user level. Account-level suppressions apply to everyone in the account. No users in your account will be able to send emails to the addresses on the list. Domain-level suppressions apply to everyone whose login email address uses that specific domain name. For example, if your email username is joe@company.com the suppressions you apply will also be applied to jen@company.com and julie@company.com. However, they will not be applied for john@business.com. User-level suppressions apply only to the specific user who created them. For example, the email suppressions that joe@company.com creates will only apply to his account if the suppression is applied at the user-level.

Email Suppression Expirations

When an email suppression list is added to your account, the default setting is that it never expires. However, there may be times when it makes sense to add an expiration date to your suppressions. When uploading a list, select the length of time you want these emails addresses to remain on the suppression list from the drop-down menu. You can choose to keep email addresses suppressed for up to one year.

Deleting Suppressions

To delete an email from the suppression list, click the red “X” icon to the right of any entry. If the “X” is not present, then the suppression is defined at a higher level in your account and cannot be removed from the current page. This means that you cannot delete an account-wide suppression from the page where you mange user-specific suppressions.

How to Manage Email Suppression Lists via API

Finally, suppressions can also be managed by the API. The API allows managing user-level and account-level suppression lists and enables:

  • Listing/searching suppressions
  • Deleting suppressions
  • Adding suppressions individually or in bulk

If you have additional questions about the suppression features LuxSci offers, please reach out to our Support team. Current customers can find more information in our help documentation.

Tags: email, email services, email suppression, email tools
Posted in Email, LuxSci Help, New Feature Announcements
Comments Off on How to Create Email Suppression Lists

High Availability High Volume Email

Tuesday, June 8th, 2021

High volume email sending is essential to the business operations of many different companies. Whether these emails involve onboarding messages to new users, form a crucial part of an organization’s marketing strategy, or are sent for a wide range of other purposes, they are often a core component of how a company spreads necessary information.

If the suitable systems aren’t in place, high volume email can go down. This stops all transactional and marketing emails from being sent, which can cause delays or disruptions to business operations. These outages can have significant effects on a company’s bottom line.

If critical email systems cannot go down, then a high availability, high volume email system needs to be in place. This creates redundancy to keep systems online in case of an outage.

high volume email

What Is High Availability?

As we discussed above, the goal of high availability is to keep an organization’s email up and running as much as possible. This is known as high availability, an engineering term applied to many systems, especially in computing.

High availability is commonly used when talking about websites–a high availability service has redundancies in place that keep a website online, even if the main server fails. In addition to the server that hosts the site itself, high availability web apps also need high availability MySQL so that databases are still accessible if the main server that hosts them goes down.

These high availability services are critical for businesses that cannot perform their core functions if their websites or databases go offline.

If a high availability service isn’t used and there aren’t redundancies in place, outages to the servers will force the site down. This means that customers will no longer be able to access the platform or some of the site’s essential services.

It’s not just websites and web services that can go down. If a company’s high volume email doesn’t use a high availability infrastructure, it can go down when a server fails. This grinds all of an organization’s email to a halt, delaying or disrupting its marketing and transactional emails.

If these emails aren’t sent and received by customers, the company won’t be able to perform many of its necessary business functions until the server comes back online. This can lead to the loss of customers, increased complaints, reduced sales, and many other serious problems. With this in mind, high availability high volume email services are critical for any organization that relies on its email to perform its core functions.

Why Do Systems Go Down?

Some of the most common reasons that online systems go down include:

  • Hardware failures bringing down critical components such as the memory, CPU, or power.
  • Crashes or bugs in an operating system or other software.
  • DDoS and other attacks against the server.
  • Excessive amounts of traffic.
  • Failure of the network.
  • Overloading the network.
  • Failures at the data center, including human error or power outages.

How Can Load Balancing Help to Give You High Availability High Volume Email?

As we discussed above, there are many reasons services could go offline. These causes of failure are inevitable, and they can occur at random. If the organization’s high volume email needs to be operational as much as possible, put redundancies in place to take over when these inevitable failures happen.

A core component of this is load balancing, which shares the workload between servers. This boosts the capacity, allowing servers to share the volume with others when they get overwhelmed by traffic. Load balancers can also detect server failures and automatically redirect traffic to healthy servers when necessary. When high volume email services are equipped with load balancing, they will continue to send emails even when a server in the cluster goes down.

Many providers have their servers and load balancers in the same place, making it easier to operate but creating additional risks. If everything is located in the same data center, a failure at the data center or in the network can still bring the email system down. Load balancing won’t help if the servers’ data center goes down because of a power outage or extreme weather.

At LuxSci, we offer a more robust alternative by placing servers in separate data centers in the same geographic region. Having servers in different physical locations makes high volume email services far more resistant to going offline. Even if one data center fails, there will be backups online at other sites.

High Availability MySQL For High Volume Email

High volume email requires databases for tracking, logging, and other purposes. If the database goes down, so does the ability to send transactional and marketing emails. If high volume email is critical to business operations, high availability databases should also be put in place.

LuxSci’s solution is its regional high availability MySQL service. This offering includes a cluster of Enterprise MySQL servers, each located in separate locations within the same geographic region. It automatically replicates the databases across all servers, with features including automated:

  • Failover and recovery
  • Zero-downtime system
  • Software updates

Our high availability MySQL service is excellent for organizations that rely on their high volume email for business operations because it makes databases extremely resistant to going offline. It’s a solution that can help organizations survive the failure of a data center all maintaining HIPAA compliance.

Together with LuxSci’s high availability load balancers, our high availability MySQL makes bulk email systems incredibly resistant to downtime.

LuxSci’s High Availability High Volume Email Solution

High availability services are highly recommended if marketing and transactional emails are critical to an organization’s operations. When you consider the costs of the service going down, it’s best to choose a solution that offers high availability.

Nothing will stop systems from failing, but with redundancies such as high availability load balancers and MySQL in place, we can ensure common failures don’t impact your business. Contact us now to find out more on how LuxSci’s offerings can help to keep high volume email systems online as much as possible.

 

Tags: backup, disaster recovery, email, high availability, high volume, high volume email, load balancing, redundancy
Posted in Dedicated & Cloud Servers, Email Marketing
Comments Off on High Availability High Volume Email

« Older Entries
Newer Entries »