" smtp Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more

Posts Tagged ‘smtp’

Email Templates for SMTP and API Secure Email Sending

Wednesday, March 18th, 2020

Server-side email templates that can be utilized when sending email messages through LuxSci’s APIs and LuxSci’s SMTP services are now available.  In particular, users can:

  1. Create and manage up to 100 templates per user through LuxSci’s web site or via API commands.
    1. Templates can not only define the subject and bodies of the messages that use them, they can also control how these messages will be encrypted (or not).
  2. Send messages using templates via API commands or SMTP — so message content can be retrieved from the server-side templates rather than sent with every message
  3. Use dynamic place holders so the template content can be customized on a per-message basis (i.e., like “mail merge”).
  4. Send unique per-message attachments that will be attached to the template-derived messages.

That’s it — templates made simple.

How Can You Tell if an Email Was Transmitted Using TLS Encryption?

Tuesday, October 29th, 2019

Frequently, we are asked to verify if an email that someone sent or received was encrypted using SMTP TLS while being transmitted over the internet.  For example, banks, health care organizations under HIPAA, and other security-aware institutions have a requirement that email be secured at least by TLS encryption from sender to recipient.

Email should always be transmitted with this basic level of email encryption ensure that the email message content cannot be eavesdropped upon.  This check, to see if a message was sent securely, is fairly easy to do by looking the the raw headers of the email message in question.  However, it requires some knowledge and experience.  It is actually easier to tell if a recipient’s server supports TLS than to tell if a particular message was securely transmitted.

To see how to analyze a message for its transmission security, we will look at an example email message sent from Hotmail to LuxSci, and see that Hotmail did not use TLS when sending this message.  Hotmail is not a good provider to use when security or privacy are required.

Read the rest of this post »

Stronger Email Security with SMTP MTA STS: Strict Transport Security

Wednesday, July 25th, 2018

Email transmission between servers has historically been extremely insecure.   A new draft internet standard called “SMTP Strict Transport Security” or “SMTP MTA STS” is aiming to help all email providers upgrade to a much more secure system for server-to-server mail transmission.    This article lays out where we are currently in terms of email transmission security and how SMTP MTA STS will help.

Email servers (a.k.a. Mail Transmission Agents or “MTAs”) talk to each other using the Simple Mail Transmission Protocol (SMTP). This protocol, developed in 1982, originally lacked any hint of security. As a result, a lot of the email shooting around the internet is still transmitted in plain text.  Its easily eavesdropped on, easily modified, untrusted and not private.

SMTP MTA STS

Back in 2002, an extension to SMTP called “STARTTLS” was standardized.  This extension permitted servers to “upgrade” SMTP communications from plain text to an encrypted TLS-secured channel, when both servers supported compatible levels of TLS.  This process is known as SMTP TLS. In principle, this security addition was really great.  The “TLS” used is the same encryption method used by your web browsers to talk to secure web sites (e.g., banks, Amazon, your email provider, etc.).  Your web browsers do relatively good job making sure that connections to these secure sites are safe.  I.e., they seek to ensure that there is encryption, that the encryption is sufficiently strong, and that there is no one actively eavesdropping on your connections.

Read the rest of this post »

Warming Up Your IP Addresses Automatically

Thursday, June 21st, 2018

When sending email messages, there are many best practices for ensuring optimal deliverability.   I.e., for getting your messages into your recipients’ Inboxes and for staying off black lists.  One very important factor in deliverability is “IP reputation.

Good reputation: If your server is known to send lots of good quality email (email that people do not consider spam-like), then your server’s address (its “IP Address”) is looked on favorably by ISPs (such as Yahoo!, Google, Microsoft, etc.) and you can send large quantities of good email and have it all delivered.  Your server has a good reputation and your server’s IP address is “warm” (think warmed up and humming a long).

Warming up an IP address

Bad reputation: If your server is a known source of junk or malicious email (according to the recipients of the email — it doesn’t matter what you think about the email quality), then you will have a hard time getting your email delivered and many ISPs will throttle your email, accepting only a few messages a time.  Your server has a poor reputation and work will need to be done to repair it.

No reputation: If you just got a new server, it may not have been sending any email for a while.  Or, if you have a server but it has been idle for a long time (e.g, months).  In either case, your server’s address may have “no reputation.”  ISPs are very skeptical about email from servers with no reputation or recent history of good email sending.  A typical sign of a spammer is when a server with little or no reputation suddenly starts sending large quantities of email.  ISPs will detect this and they tend to quickly throttle or block such servers…. moving them from “no reputation” towards “bad reputation”.

Read the rest of this post »

High Volume Transactional Email: Balancing Utility and Marketing

Friday, May 18th, 2018

Your eCommerce customer, Paul, has ordered a special mattress for his bed. He’s put the item into the cart, and paid for it. Now you send a confirmation of purchase email.  But, instead of just a note stating that “we’ve received your payment, and your item has been posted for shipment…” or whatever boilerplate many companies send, you include that message and add photos of three sheets-and-pillowcases products that fit the mattress you just sold him. Paul has his own sheets, but has been thinking about replacing them – now your confirmation email makes him decide to buy them.

All eCommerce companies have to send transactional email, a type of email sent to facilitate an agreed-upon transaction between the sender and the recipient. Common transactional email use cases include doctor appointment reminders, account creation emails, password resets, purchase receipts, account notifications, medical lab results, and social media updates like friend and follower notifications.

What makes transactional email different from ordinary marketing email is that they are sent as part of doing actual business with people – not just chatting with, marketing to, or selling to a customer. In this respect, they are also different from so-called “triggered” emails which may be generated by a number of customer actions – not just transactions.

Transactional email are effective for marketing

Transactional emails are opened eight times more than traditional marketing messages, according to a study by EPSILON.  So it only makes sense to adapt your transactional email for marketing, to take advantage of this unparalleled opportunity to reach your customer with a personalized offer.

Read the rest of this post »

LUXSCI