" smtp Archives - LuxSci

Posts Tagged ‘smtp’

Is TLS Email Encryption Suitable for Compliance?

Tuesday, September 19th, 2023

This article discusses what types of email encryption are sufficient to comply with government regulations. TLS email encryption is a good option for many organizations that manage sensitive data. However, it does not protect data at rest. Each organization must perform a risk assessment to determine which encryption methods suit their legal requirements.

Read the rest of this post »

8 Ways to Maximize Email Throughput: Send More Email, Faster

Tuesday, September 5th, 2023

Sending high volumes of email messages is more complex than sending a quick message to a colleague. To reach a large contact list in a timely manner, it’s essential to understand ways to maximize email throughput. In this article, we lay out eight best practices for sending more emails faster.

person sending emails on laptop

1. Use Concurrent Connections

When sending an email message, the emailing program connects to the servers, establishes its identity, and passes the message through. When sending emails in bulk, connecting to the server can take up a lot of time. For example, if you send 1,000 messages, the program must connect to the server 1,000 times. Many sending programs can be configured to make more than one connection at a time. If you make ten connections simultaneously (e.g., concurrently), you could send those messages about ten times faster. That is a significant speedup.

However, you don’t want to make too many concurrent connections. The more connections you make at once, the harder the server must work to process the mail. The server will become overloaded at some point, and the average time to send a message will increase. You want to avoid pushing the server to the point where it struggles to keep up with sending, as that will only make it operate slower. Instead, use a modest number of concurrent connections to take advantage of parallel sending and allow the server to efficiently process all the messages.

We recommend keeping concurrent connections to ten or fewer if you use public cloud servers and share capacity with other bulk senders. Single dedicated servers can support between 20-30 concurrent connections (or more depending on the factors discussed below), and dedicated server clusters can support as many as you need (depending on how large a cluster you have).

2. SMTP Pipelining

The next way to maximize email throughput involves utilizing SMTP pipelining. First, let’s look at the regular way messages are sent via SMTP:

  1. Connect to the SMTP server
  2. Establish SSL or TLS encryption, if configured
  3. Authenticate the sender’s identity and permission to send
  4. Upload the list of recipients and message content
  5. Disconnect

When sending small messages, the time taken by steps 1, 2, 3, and 5 is very significant relative to the time it takes to upload the message data. With SMTP pipelining, the connection is reused for successive messages. For example, when sending three messages, the process looks like this:

  1. Connect to the SMTP server
  2. Establish SSL or TLS encryption, if configured
  3. Authenticate your identity and permission to send
  4. Message 1: Upload the list of recipients and message content
  5. Message 2: Upload the list of recipients and message content
  6. Message 3: Upload the list of recipients and message content
  7. Disconnect

Not repeating the connect-authenticate-disconnect steps for every single message saves time and sends messages faster. SMTP pipelining should always be used if supported by your email-sending program and outbound email service.

3. Multiple Recipients in One Message

Imagine sending the same message to 1,000 recipients. If you send these one at a time and it takes one second to process, it takes almost 20 minutes to send 1,000 messages. Instead, if you include all recipients in the BCC line of a single message, it will take only about 1-2 seconds to upload the message to the server (though it will still take the server some time to deliver it to those recipients).

Sending messages to multiple recipients using BCC allows you to upload messages to the server much faster.

There are two downsides to this method:

  1. The received message may appear more SPAM-like since the recipient would not see their email address as the “To” recipient. BCCs are more SPAM-like than messages individually addressed (because it is so much easier and faster to send this way).
  2. A single message sent to 1,000 recipients may take longer to be delivered as the mail server will not generally parallelize delivery to the recipients but will process them sequentially. This may not be important if the delivery time is not time-sensitive.

LuxSci’s Secure High Volume service allows you to send to up to 1,000 recipients in each message. Customers with dedicated servers and clusters can have this limit increased to suit their business needs.

4. Smaller Messages are Better

A significant factor in maximizing email throughput is reducing the time it takes to upload each message to the server. To see the difference, let’s look at an example — sending a one-megabyte PDF to 1,000 people in 1,000 separate messages.

Case 1 – The PDF is attached to the message, and it takes ten seconds to upload the large message to the mail server. It takes 10,000 seconds (almost 3 hours) to send 1,000 messages with the attachment (unless you use some of the other strategies for maximizing throughput mentioned above).

Case 2 – The PDF is placed on a website, and a link is included in each message. The email message is only ten kilobytes (100 times smaller than in Case 1) and can be sent about 100 times faster. That’s less than 2 minutes without any other optimization.

As you can see from the example, it is best to remove images and other attachments from bulk messages to decrease the message size. Images can be hosted on a website and displayed in the message by linking rather than including the image content every time. Attachments that are not sensitive can be similarly hosted on a website and linked to. Reducing the size of your email messages significantly impacts sending speed and helps maximize email throughput.

5. Clean Mailing Lists are Important

Email messages should only be sent to contacts who have opted into communications or with whom you have established business relationships. These are the standard terms for using any reputable bulk mailing service.

Even if you follow the rules, mailing lists get stale as people change addresses, domain names go defunct, etc. Removing invalid addresses and only sending messages to clean mailing lists is imperative. Why?

  • Bad Domains. Sending an email to an email address whose domain name is no longer valid can delay sending while the program determines if the domain is bad. Determining that the domain is good and the email should be delivered takes less time. The delay caused by expired domain names can slow down your sending.
  • Defunct Addresses. Sending emails to invalid email addresses looks like spamming. Recipient servers like Yahoo!, AOL, McAfee, etc., are very sensitive to the number of messages that come through to defunct email addresses. If they see a lot of these, they will either block emails or slow down the rate at which they process them. This will result in more delays and potential non-delivery to valid recipients.
  • Waste of Time. Attempting to send messages to invalid recipients also wastes time and money.

You should take advantage of tools available to track what recipient email addresses are failing and actively remove them from your mailing lists.

6. Insecure Sending is Faster than Secure

While encrypting your username, password, and message contents is always recommended, this encryption will slow down email sending. It requires extra processing by the server and the sending machine. Using encryption also requires more bandwidth to transmit the data.

So, if you want to maximize email throughput, we recommend not using TLS or SSL when connecting to your bulk SMTP server. However:

  • Ensure that the username and password used to authenticate the message sending is not used for anything else. It is not your administrator user, the password is not one of your “standard” passwords, etc. You must assume that this username and password could be compromised.
  • Do not grant this user any permission except for sending emails. At LuxSci, you can restrict it from using the web interface and any other services.
  • Change the password often- weekly is recommended.
  • Use tools to check that no one else is using this credential to connect to your SMTP service. LuxSci provides alerts and reports about logins, which you can use to be sure that no one else is accessing this user account.

If the credentials are compromised, and you have followed these guidelines, the worst thing that could happen is that someone could send email through your account until you change the password or hit your sending limits.

7. Use an Appropriate Email Program

Many programs that are good for regular email sending are terrible for bulk email messages. Don’t bother trying to use Outlook, Thunderbird, Apple Mail, Gmail, and similar programs to send high volumes of email if you are interested in sending speed or efficiency. Why? Such programs:

  • Generally, do not support concurrent connections
  • Might not support SMTP pipelining
  • Cannot efficiently handle large mailing lists (more than hundreds of recipients)
  • Get bogged down and can be very slow when sending many messages

These programs are not designed or optimized for high volume sending. Instead, use a program explicitly designed for bulk mailing, like LuxSci’s Secure High Volume or Secure Marketing, which supports maximizing outbound email throughput in the ways outlined above.

8. Increase Capacity

If you try the above solutions and still need faster delivery times, you may need to increase your outbound server’s sending capacity. At LuxSci, we offer tiers of capacity that allow you to create a fully custom solution to meet any throughput requirement:

  • Shared – Your account shares a single server with multiple other accounts. The server’s capacity is shared, and your sending throughput (i.e., maximum concurrent connections, maximum recipients/month, etc.) is restricted to maintain enough capacity for other customers. Your outbound IP reputation is also shared with others.
  • Dedicated – A dedicated server gives you complete control over the sending server resources and IP address. You get all the capacity to yourself and thus can attain a much higher throughput. Your IP address is not subject to other customer’s actions to help you maintain a good reputation.
  • Cluster – A dedicated server cluster may be a good solution if you need to send many messages very quickly. It consists of two or more outbound servers behind a load balancer. The more servers you put in the cluster, the higher your throughput can be. Another benefit of a dedicated server cluster is having multiple sending IP addresses for reputation management and failover to make your sending more resilient.

Which option is best? It depends on the number of recipients you want to reach per month. Also, if you need to send to large numbers of recipients in a very short time frame, you may need a dedicated or cluster solution. LuxSci’s team of email experts can help design the correct configuration to suit your throughput requirements. Contact us today to get started.

How to Secure SMTP Email Delivery with TLS

Tuesday, August 29th, 2023

Secure email sending is a priority for organizations that communicate sensitive data externally. One of the most common ways to send secure emails is with SMTP TLS. TLS stands for Transport Layer Security and is the successor of SSL (Secure Socket Layer). TLS is one of the standard ways that computers on the internet transmit information over an encrypted channel. In general, when one computer connects to another computer and uses TLS, the following happens:

  1. Computer A connects to Computer B (no security)
  2. Computer B says “Hello” (no security)
  3. Computer A says, “Let’s talk securely over TLS” (no security)
  4. Computers A and B agree on how to do this (secure)
  5. The rest of the conversation is encrypted (secure)

In particular:

  • The conversation is encrypted
  • Computer A can verify the identity of Computer B (by examining its SSL certificate, which is required for this dialog)
  • The conversation cannot be eavesdropped upon (without Computer A knowing)
  • A third party cannot modify the conversation
  • Third parties cannot inject other information into the conversation.

TLS and SSL help make the internet a more secure place. One popular way to use TLS is to secure SMTP to protect the transmission of email messages between servers.

hands on a keyboard sending secure email

Read the rest of this post »

Is Your Organization Prepared for On-Premises Exchange 2007, 2010, and 2013 Updates?

Tuesday, April 11th, 2023

Microsoft recently announced they would begin blocking emails sent from vulnerable on-premises Exchange Servers to Exchange Online. Microsoft no longer supports these servers, so they no longer receive security updates and risk being hacked or breached. In 2022, cybercriminals targeted on-premises Exchange Servers with new zero-day attacks.

To reduce risk and encourage customers to upgrade to Exchange Online, Microsoft will begin throttling messages sent from older on-premises Exchange Servers starting with Exchange 2007 servers in June. Emails will arrive slower, causing a painful disruption to business processes.

on-premises exchange upgrades

What Will Happen to On-Premises Exchange Servers?

First, Microsoft has added a new report to the Exchange admin center in Exchange Online. It informs tenant administrators of any unsupported or out-of-date Exchange Servers operating in their environment that connect to Exchange Online to send emails. If your servers are listed, they will be throttled and blocked from future sending to Exchange Online customers.

If administrators do not take any action to upgrade their servers, Exchange Online will begin to throttle emails sent from on-premises Exchange Servers. The throttling will be progressive, starting with five minutes of throttling per hour and escalating gradually over 30 days to 20 minutes of throttling. This slowdown will prevent emails from being delivered promptly.

If its owner does nothing to upgrade the server during the 30-day throttling period, Exchange Online will block messages sent from vulnerable Exchange 2007 servers. Starting July 26, 2023, Exchange Online will block inbound traffic from obsolete Exchange 2007 servers. Customers using old on-premises Exchange Servers will no longer be able to send mail to Exchange Online customers.

This reporting, throttling, and blocking plan will eventually be rolled out to other legacy on-premises servers running older versions of Exchange, including Exchange 2010 and Exchange 2013.  

What Do I Do to Protect My On-Premises Exchange Servers?

Microsoft recommends upgrading your server to Exchange Online to continue sending and receiving mail as usual. However, this process is complicated for certain businesses with complex deployments of exchange. Upgrades can be very time consuming and disruptive if not done very carefully. You may need more than ninety days’ notice to prepare for upgrades and/or migration. You can request a temporary pause from Microsoft, but it’s limited to an additional 90 days.

LuxSci offers another way to protect on-premises Exchange Servers. Using Secure Connector, you can route outgoing email through LuxSci’s SMTP mail servers, effectively anonymizing the sending source and allowing mail to be delivered as expected to Exchange Online customers. Secure Connector is easy to set up and will help hide what version of Exchange you are using from attackers to reduce the risk of a breach.

How Anonymous SMTP Works to Disguise the Sender’s Mail Programs

Microsoft can block mail from vulnerable on-premises Exchange servers because the mail headers reveal the sender’s email program, servers, and IP address. It can use the information in the headers to throttle and block messages. Routing your mail through LuxSci’s Authenticated SMTP (or Authenticated Secure SMTP) scrubs the message headers, removing all information about the sender’s IP address and email program. The message is then re-emailed to the intended recipients.

The recipients receive messages that appear the same, but now they can only track them back to LuxSci’s SMTP servers. They know who you are based on your email address and message content, but the recipient cannot review the headers to identify your IP address or email program.

Using Secure Connector’s SMTP anonymization features may be a good measure for organizations as they determine their next steps for upgrading vulnerable on-premises Exchange Servers. Secure Connector can also be used to futureproof your communications as cyber threats continue to rise. Contact LuxSci today to learn how we can help you secure your identity and maintain business operations.

Warming Up Your IP Addresses Automatically

Monday, February 13th, 2023

There are many best practices for ensuring optimal deliverability when sending email messages. One critical factor in deliverability is IP reputation. However, how can you build a good reputation when using a brand-new server and IP address? This article will explain how to warm up an IP address to build a good reputation and improve email deliverability.

warm up ip address

Read the rest of this post »