" secureline Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more

Posts Tagged ‘secureline’

Has Your Email Been Read? Read Receipts and Web Bugs

Wednesday, July 1st, 2020

 

Customers often ask how they can know if a message has been read by a specific recipient.  Typically, this is done by requesting a “Read Receipt” when sending the message; however, read receipts are not reliable. Spammers use techniques such as HTML “web bug” tracking to see if you have read an email message and thus if your email address is valid and ripe for more spamming; this is also not reliable. LuxSci’s SecureLine Escrow service includes a 100% reliable Read Receipt function that can be used when it is essential to know if someone has read a message. It also allows for message retraction (removing further access to an email message).

This article goes over these various methods of determining if a message has been read, shows how each works, and discusses the pros and cons of each.

Read the rest of this post »

Opt-In Email Encryption is Too Risky for HIPAA Compliance

Tuesday, July 11th, 2017

A majority of companies and hospitals that offer email encryption for HIPAA compliance allow senders to “opt in” to encryption on a message-by-message basis.  E.g., if the sender “does nothing special” then the email will be sent in the normal/insecure manner of email in general.  If the sender explicitly checks a box or adds some special content to the body or subject of the message, then it will be encrypted and HIPAA compliant.

Opt-in encryption is desirable because it is “easy” … end users don’t want any extra work and don’t want encryption requirements to bog them down, especially if many of their messages do not contain PHI.  It is “good for usability” and thus easy to sell.

Cybersecurity opt-in email encryption

However, opt-in encryption is a very bad idea with the inception of the HIPAA Omnibus rule.  Opt-in encryption imposes a large amount of risk on an organization, which grows exponentially with the size of the organization.  Organizations are responsible for the mistakes and lapses of their employees; providing an encryption system where inattention can lead to a breach is something to be very wary of.

Read the rest of this post »

Automating the Sending of Secure Messages

Monday, February 1st, 2016

Do you have an application or system that needs to send secure messages on demand?  Do you need the flexibility to encrypt messages in different ways, to include files, HTML, and read receipts, or to have the messages be fully HIPAA compliant?

LuxSci has added secure messaging functionality to its Application Programming Interface (API).

Customers with SecureLine, LuxSci’s message encryption service, can now send secure messages though LuxSci’s REST API.  Features of this service include:

  1. Up to 100 recipients/message  (total daily and monthly recipient limits also exist and can be negotiated).
  2. Up to 70MB of content (body and attachments) per message.
  3. Email encryption via SMTP TLS, Escrow, PGP, and/or SMIME.
  4. The ability to toggle between use of TLS and Escrow on a per-message basis, depending on the level of security needed.  See: next generation opt-in email encryption.
  5. Message delivery tracking
  6. Read receipts — invisible to the recipient and reliable (with SecureLine Escrow).

If you would like to give LuxSci’s SecureLine messaging API a try, please contact LuxSci support and we can enable API access for your real or free trial account.

See also our General API Usage guide, and our API User Functions guide.

Does TLS Corruption Spell the end of SMTP TLS?

Tuesday, November 3rd, 2015

We have seen discussions recently about how attackers can interfere with SMTP TLS, influencing connections, and causing them to be downgraded to insecure — SMTP without TLS.  E.g. Ars Technica’s – “Don’t Count on STARTTLS to Automatically Encrypt your Sensitive Emails“.

What is being discussed here is a very real attack on Opportunistic TLS. I.e. the kind of automated establishment of encryption that can happen when two email servers being their dialog and discover that “hey, great, we both support TLS so lets use it!”  In such cases, servers take the “opportunity” to use TLS to encrypt the delivery of an email message from one server to another.  Opportunistic TLS is great as it is enabling automatic encryption of more and more email over time (see: Who supports TLS?).

The problem is that the initial negotiation of the SMTP email connection, before TLS is established, occurs over an insecure channel.  A man-in-the-middle attacker can interfere with this connection so that it appears that TLS (i.e. the STARTTLS command) is not supported by the server (when it really is).  As a result, the sending server will never try to use TLS and the connection will remain insecure — transmitting the email message “in the clear” and ripe for eavesdropping.

Read the rest of this post »

Get facebook Email Notifications Securely with LuxSci Email

Wednesday, September 23rd, 2015

facebook has a great feature where you can have all facebook notifications sent to you using PGP-encrypted email.  This is great if you want to be sure that noone except for you can read these messages.

LuxSci has supported sending and receiving PGP-encrypted email for the last 10 years, since the introduction of SecureLine email encryption services (10 years old this month).

In this article, we show you how users of LuxSci WebMail with SecureLine can setup facebook so that all facebook notices will be encrypted and delivered securely to their email Inboxes.

If you don’t have LuxSci email hosting yet, you can try it free.

If you are a LuxSci customer but don’t have SecureLine yet, you can upgrade.

Read the rest of this post »

LUXSCI