Posts Tagged ‘smtp’
If you want to make sure your emails are secure and private, opportunistic TLS for SMTP won’t quite cut it. To explain why, first we have to step back a bit.
Most people don’t put a lot of thought into how their emails are sent and received, so it’s not unusual for them to think it works akin to teleportation or magic–that messages somehow just appear right in their inboxes.
While the rapid delivery speeds may seem to justify such presumptions, there are actually a bunch of steps under the hood. When you send an email, it uses a protocol called the Simple Mail Transfer Protocol (SMTP) to make its way through to your recipient’s server. From there, your recipient uses another protocol such as ActiveSync, POP3, MAPI, or IMAP, or a Web-based interface, to pick it up and read it.
Unfortunately, these aren’t always secure by default. Under its original design, emails are sent as plaintext. This means that anyone along the email’s journey can see (and even change) their contents. This can include those in charge of the servers, the government, and even hackers that intercept the data.
Read the rest of this post »
You may have heard that you need to use HIPAA-compliant email to protect your organization’s ePHI, but many people aren’t sure where to go from there. Don’t worry if you fall into this camp, because this article will explain your options in depth.
The most straightforward solution is to simply sign up for a HIPAA-compliant email host. These are providers who specifically design their email services to be compliant with HIPAA regulations. A good example is LuxSci’s Secure Email.
If you currently use tools like G Suite or Microsoft Office 365 for your email, you might be looking for ways that you can adapt them for HIPAA compliance. The good news is that this is possible with a tool like our HIPAA-compliant SMTP connector.
Some organizations may pursue this option because they need certain features that these programs offer, while others may be hesitant to introduce new software and have to train their employees to use it.
Why Do You Need a HIPAA-compliant SMTP Connector for G Suite, Microsoft Office & Other Services?
These services aren’t designed to be HIPAA-compliant. Tools like G Suite, Microsoft Office 365, and Microsoft Exchange are designed for the mass market, so HIPAA compliance was not a significant consideration during their development.
This means that they are unsuitable for protecting ePHI straight out of the box. In the case of G Suite, it lacks a HIPAA-compliant email encryption solution. Microsoft does have one, but it’s not ideal. A solution like LuxSci’s Secure SMTP Connector hooks up to your existing email service, bridging the gap to make your outbound email secure and HIPAA-compliant.
HIPAA-compliant SMTP connectors can also help you send emails if your ISP prevents or limits your outbound mail server from sending messages. On top of this, they can also add SMTP authentication to your outbound email system, as well as offer encryption and archival mechanisms. SMTP servers can also assist you in adapting your existing mail service in a variety of other ways.
Should You Use a HIPAA-compliant Email Host or an SMTP Connector
Every organization will come to its own conclusion, based on the factors that matter most in its unique situation. If your main concern is making your company’s HIPAA compliance as easy as possible, then a HIPAA-compliant email host is probably your best option.
These are developed with the regulations in mind, and are designed to make compliance simple, with configuration options that suit a range of scenarios. With a HIPAA-compliant email host, you are less likely to misconfigure it and accidentally expose ePHI.
LuxSci’s HIPAA-compliant email is designed to offer you a high level of performance and functionality, without having to constantly worry about regulatory headaches.
In contrast, some organizations aren’t in a position where they are ready to switch to a new email host. If they rely on certain software features in G Suite or Microsoft Office 365, it’s best for them to deploy LuxSci’s secure connector so that they can become HIPAA compliant.
Setting up and maintaining HIPAA compliance may be more complicated if they pursue this option, but it’s still a better choice than completely disregarding their regulatory obligations.
Server-side email templates that can be utilized when sending email messages through LuxSci’s APIs and LuxSci’s SMTP services are now available. In particular, users can:
- Create and manage up to 100 templates per user through LuxSci’s web site or via API commands.
- Templates can not only define the subject and bodies of the messages that use them, they can also control how these messages will be encrypted (or not).
- Send messages using templates via API commands or SMTP — so message content can be retrieved from the server-side templates rather than sent with every message
- Use dynamic place holders so the template content can be customized on a per-message basis (i.e., like “mail merge”).
- Send unique per-message attachments that will be attached to the template-derived messages.
That’s it — templates made simple.
Frequently, we are asked to verify if an email that someone sent or received was encrypted using SMTP TLS while being transmitted over the internet. For example, banks, health care organizations under HIPAA, and other security-aware institutions have a requirement that email be secured at least by TLS encryption from sender to recipient.
Email should always be transmitted with this basic level of email encryption ensure that the email message content cannot be eavesdropped upon. This check, to see if a message was sent securely, is fairly easy to do by looking the the raw headers of the email message in question. However, it requires some knowledge and experience. It is actually easier to tell if a recipient’s server supports TLS than to tell if a particular message was securely transmitted.
To see how to analyze a message for its transmission security, we will look at an example email message sent from Hotmail to LuxSci, and see that Hotmail did not use TLS when sending this message. Hotmail is not a good provider to use when security or privacy are required.
Read the rest of this post »