" smtp Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more

Posts Tagged ‘smtp’

HIPAA-compliant Email Host or SMTP Connector? Which to use…

Tuesday, July 28th, 2020

choosing hipaa compliant email

You may have heard that you need to use HIPAA-compliant email to protect your organization’s ePHI, but many people aren’t sure where to go from there. Don’t worry if you fall into this camp, because this article will explain your options in depth.

The most straightforward solution is to simply sign up for a HIPAA-compliant email host. These are providers who specifically design their email services to be compliant with HIPAA regulations. A good example is LuxSci’s Secure Email.

If you currently use tools like G Suite or Microsoft Office 365 for your email, you might be looking for ways that you can adapt them for HIPAA compliance. The good news is that this is possible with a tool like our HIPAA-compliant SMTP connector.

Some organizations may pursue this option because they need certain features that these programs offer, while others may be hesitant to introduce new software and have to train their employees to use it.

Why Do You Need a HIPAA-compliant SMTP Connector for G Suite, Microsoft Office & Other Services?

These services aren’t designed to be HIPAA-compliant. Tools like G Suite, Microsoft Office 365, and Microsoft Exchange are designed for the mass market, so HIPAA compliance was not a significant consideration during their development.

This means that they are unsuitable for protecting ePHI straight out of the box. In the case of G Suite, it lacks a HIPAA-compliant email encryption solution. Microsoft does have one, but it’s not ideal. A solution like LuxSci’s Secure SMTP Connector hooks up to your existing email service, bridging the gap to make your outbound email secure and HIPAA-compliant.

LuxSci Secure Connector

LuxSci Secure Connector

 

HIPAA-compliant SMTP connectors can also help you send emails if your ISP prevents or limits your outbound mail server from sending messages. On top of this, they can also add SMTP authentication to your outbound email system, as well as offer encryption and archival mechanisms. SMTP servers can also assist you in adapting your existing mail service in a variety of other ways.

Should You Use a HIPAA-compliant Email Host or an SMTP Connector

Every organization will come to its own conclusion, based on the factors that matter most in its unique situation. If your main concern is making your company’s HIPAA compliance as easy as possible, then a HIPAA-compliant email host is probably your best option.

These are developed with the regulations in mind, and are designed to make compliance simple, with configuration options that suit a range of scenarios. With a HIPAA-compliant email host, you are less likely to misconfigure it and accidentally expose ePHI. 

LuxSci’s HIPAA-compliant email is designed to offer you a high level of performance and functionality, without having to constantly worry about regulatory headaches.

In contrast, some organizations aren’t in a position where they are ready to switch to a new email host. If they rely on certain software features in G Suite or Microsoft Office 365, it’s best for them to deploy LuxSci’s secure connector so that they can become HIPAA compliant.

Setting up and maintaining HIPAA compliance may be more complicated if they pursue this option, but it’s still a better choice than completely disregarding their regulatory obligations.

Email Templates for SMTP and API Secure Email Sending

Wednesday, March 18th, 2020

Server-side email templates that can be utilized when sending email messages through LuxSci’s APIs and LuxSci’s SMTP services are now available.  In particular, users can:

  1. Create and manage up to 100 templates per user through LuxSci’s web site or via API commands.
    1. Templates can not only define the subject and bodies of the messages that use them, they can also control how these messages will be encrypted (or not).
  2. Send messages using templates via API commands or SMTP — so message content can be retrieved from the server-side templates rather than sent with every message
  3. Use dynamic place holders so the template content can be customized on a per-message basis (i.e., like “mail merge”).
  4. Send unique per-message attachments that will be attached to the template-derived messages.

That’s it — templates made simple.

How Can You Tell if an Email Was Transmitted Using TLS Encryption?

Tuesday, October 29th, 2019

Frequently, we are asked to verify if an email that someone sent or received was encrypted using SMTP TLS while being transmitted over the internet.  For example, banks, health care organizations under HIPAA, and other security-aware institutions have a requirement that email be secured at least by TLS encryption from sender to recipient.

Email should always be transmitted with this basic level of email encryption ensure that the email message content cannot be eavesdropped upon.  This check, to see if a message was sent securely, is fairly easy to do by looking the the raw headers of the email message in question.  However, it requires some knowledge and experience.  It is actually easier to tell if a recipient’s server supports TLS than to tell if a particular message was securely transmitted.

To see how to analyze a message for its transmission security, we will look at an example email message sent from Hotmail to LuxSci, and see that Hotmail did not use TLS when sending this message.  Hotmail is not a good provider to use when security or privacy are required.

Read the rest of this post »

Stronger Email Security with SMTP MTA STS: Strict Transport Security

Wednesday, July 25th, 2018

Email transmission between servers has historically been extremely insecure.   A new draft internet standard called “SMTP Strict Transport Security” or “SMTP MTA STS” is aiming to help all email providers upgrade to a much more secure system for server-to-server mail transmission.    This article lays out where we are currently in terms of email transmission security and how SMTP MTA STS will help.

Email servers (a.k.a. Mail Transmission Agents or “MTAs”) talk to each other using the Simple Mail Transmission Protocol (SMTP). This protocol, developed in 1982, originally lacked any hint of security. As a result, a lot of the email shooting around the internet is still transmitted in plain text.  Its easily eavesdropped on, easily modified, untrusted and not private.

SMTP MTA STS

Back in 2002, an extension to SMTP called “STARTTLS” was standardized.  This extension permitted servers to “upgrade” SMTP communications from plain text to an encrypted TLS-secured channel, when both servers supported compatible levels of TLS.  This process is known as SMTP TLS. In principle, this security addition was really great.  The “TLS” used is the same encryption method used by your web browsers to talk to secure web sites (e.g., banks, Amazon, your email provider, etc.).  Your web browsers do relatively good job making sure that connections to these secure sites are safe.  I.e., they seek to ensure that there is encryption, that the encryption is sufficiently strong, and that there is no one actively eavesdropping on your connections.

Read the rest of this post »

Warming Up Your IP Addresses Automatically

Thursday, June 21st, 2018

When sending email messages, there are many best practices for ensuring optimal deliverability.   I.e., for getting your messages into your recipients’ Inboxes and for staying off black lists.  One very important factor in deliverability is “IP reputation.

Good reputation: If your server is known to send lots of good quality email (email that people do not consider spam-like), then your server’s address (its “IP Address”) is looked on favorably by ISPs (such as Yahoo!, Google, Microsoft, etc.) and you can send large quantities of good email and have it all delivered.  Your server has a good reputation and your server’s IP address is “warm” (think warmed up and humming a long).

Warming up an IP address

Bad reputation: If your server is a known source of junk or malicious email (according to the recipients of the email — it doesn’t matter what you think about the email quality), then you will have a hard time getting your email delivered and many ISPs will throttle your email, accepting only a few messages a time.  Your server has a poor reputation and work will need to be done to repair it.

No reputation: If you just got a new server, it may not have been sending any email for a while.  Or, if you have a server but it has been idle for a long time (e.g, months).  In either case, your server’s address may have “no reputation.”  ISPs are very skeptical about email from servers with no reputation or recent history of good email sending.  A typical sign of a spammer is when a server with little or no reputation suddenly starts sending large quantities of email.  ISPs will detect this and they tend to quickly throttle or block such servers…. moving them from “no reputation” towards “bad reputation”.

Read the rest of this post »

LUXSCI