" smtp tls Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci

Posts Tagged ‘smtp tls’

SMTP TLS: All About Secure Email Delivery over TLS

Monday, October 2nd, 2017

TLS stands for “Transport Layer Security” and is the successor of “SSL” (Secure Socket Layer). TLS is one of the standard ways that computers on the Internet transmit information over an encrypted channel. In general, when one computer connects to another computer and uses TLS, the following happens:

  1. Computer A connects to Computer B (no security)
  2. Computer B says “Hello” (no security)
  3. Computer A says “Lets talk securely over TLS” (no security)
  4. Computer A and B agree on how to do this (secure)
  5. The rest of the conversation is encrypted (secure)

In particular:

  • The meat of the conversation is encrypted
  • Computer A can verify the identity of Computer B (by examining its SSL certificate, which is required for this dialog)
  • The conversation cannot be eavesdropped upon (without Computer A knowing)
  • The conversation cannot be modified by a third party
  • Other information cannot be injected into the conversation by third parties.

Basic email security starts with SMTP TLS

TLS (and SSL) is used for many different reasons on the Internet and helps make the Internet a more secure place, when used. One of the popular uses of TLS is with SMTP for transmitting email messages between servers in a secure manner.  See also:

Read the rest of this post »

Stopping Forged Email 4: Your Last Resorts

Wednesday, March 4th, 2015

In previous posts we have examined how hackers and spammers can send forged email and how it can be extremely difficult to differentiate these messages from legitimate messages.  We have looked at the various common techniques for anti-fraud such as SPFDKIM, and DMARC and seen that, while these technologies can help a lot, they all have limitations; they all require strict and proper setup by the owner of the purported sender’s domain, and they must be well supported by your own spam filtering system.

Yet even with these technologies, it’s not hard in many cases for a determined attacker to send you a forged, fraudulent email message that still looks and feels legitimate.

What else can you do to validate email messages and protect yourself from phishing or social engineering attacks?

Read the rest of this post »

SMTP TLS vs Secure Message Pick Up: Which is Better for HIPAA?

Wednesday, November 12th, 2014

There are many methods for sending an email message securely.  These generally vary in terms of the degree of security vs how easy they are to set up and use.  The two most common email encryption methods include:

  • SMTP TLS: Encrypting the message only while it is transmitted between the sender’s and the recipient’s servers.  See: SMTP TLS: All about secure email delivery over TLS.  Note that SMTP TLS is only supported by some email service providers.
  • Secure Message Pickup:  Sending the recipient an email notice with a link.  The recipient clicks on the link and goes to a secure web site to authenticate and access the message. (LuxSci call’s this method “Escrow”).  Secure Message Pickup allows one to send a secure message to anyone.

Other methods, such as PGP and S/MIME, are also in wide use.  However, these require a lot more setup and collaboration between the sender and recipient.  The above two methods are most commonly used for sending messages to people that you have not otherwise communicated with.

So, which is better?  How does that answer change when HIPAA compliance is involved?

Read the rest of this post »

Who does not support SMTP TLS for Secure Inbound Email Delivery?

Thursday, November 7th, 2013

Note: lists below have been updated as of 9/11/2015.

We are frequently asked how common is the support of SMTP TLS  for securing inbound email delivery to recipients across the Internet.  This is especially important for customers who need to be HIPAA compliant, as email transport encryption over TLS is sufficient for HIPAA compliant communications to end users, so long as the TLS is configured to be sufficiently strong.

While it is possible to tell who supports TLS, its is somewhat technical to do yourself.  So, we have assembled a table with many of the popular free / public email domains in use across the Internet and indicate which currently (as of January 14th, 2015) support SMTP TLS for inbound email.

The results are surprising.  A majority of domains these days do support TLS, and with Microsoft’s recent TLS implementation on its email domains (hotmail.com/live.com/outlook.com), this rounds out consistent TLS support (for inbound delivery–outbound may or may not be supported)  for all of the most popular free email providers (e.g. aol.com, gmail.com yahoo.com, hotmail.com).

Read the rest of this post »

AOL Supports SMTP TLS: It’s Still Not HIPAA Compliant

Monday, November 4th, 2013

For those of you just tuning in, “SMTP TLS” is a technology that allows email servers to transmit your email messages between themselves securely, preventing eavesdropping on the email messages sent. Read all about SMTP TLS.

Use of TLS is not standard on an email server. It requires special certificates to be purchased, installed, updated periodically.  It also imposes a burden on the servers … all that encryption takes a lot more effort and thus costs more money to operate and maintain.  For large providers like AOL which receive extremely large numbers of email messages every day for their members, support for SMTP TLS requires many more email servers and much more work by the server administration staff.

As a result, most major free ISPs (like AOL, and Yahoo, and Comcast) do not support TLS and have never supported it.  But with the increasing demand for security and with TLS being “something relatively easy”, we are seeing more hosts offering TLS.

Read the rest of this post »

Are Replies to my HIPAA-Compliant Secure Emails also Secure?

Friday, October 11th, 2013

HIPAACustomers of LuxSci HIPAA-compliant email accounts can send secure email messages in a secure and compliant manner to anyone with an email address.   One common question is whether the replies back to these messages will also be HIPAA compliant.  This is especially a concern when customers choose to use TLS only a a secure means of email delivery.

In this article we will break down the various ways that messages are sent securely from LuxSci to recipients across the Internet, and how replies behave — and whether they are secure and compliant.  At the end, we provide some recommendations for best practices for maximizing data security.

Read the rest of this post »

SSL and TLS are not enough to secure your email

Friday, February 22nd, 2013

A very common marketing ploy involves companies advertising “secure” services .. where that security consists of only SSL- or TLS-encrypted connection to their servers.  While use of TLS and SSL is a critical part of web and email security, it is only one small aspect of security.  Below, we will talk about some of the other aspects of what you should be looking for in terms of an actual secure solution so you can be more saavy of simplistic marketing claims in the future.

Read the rest of this post »

Enhanced Email Security Reports

Monday, November 19th, 2012

LuxSci provides a vast array of options for sending outbound email securely — from Opportunistic TLS, to SecureLine for enforced TLS and other methods of end-to-end email encryption.  Many organizations requiring HIPAA compliance or high security solutions rely on these services every day.

In relation to these services, we are commonly asked: “Was the email message sent securely?  How do we know?  What kind of encryption was used?  Did the user receive the message? etc.”.

LuxSci has offered email sending and delivery status reports for some time.  What was missing until now was the ability for users to see if the message was delivered securely and by which method.

Read the rest of this post »

LuxSci HIPAA Services a Perfect Fit for Home Health Care Agencies

Monday, August 27th, 2012

LuxSci’s HIPAA-compliant email services (see overview video) are a big hit in many different sectors, from legal, to accounting, to the myriad facets of the health care industry.  Why? Because it ensures security and compliance, enables privacy, is easy to use, and integrates well with traditional work flows.

As a case in point, we see that many “Home Health Care” companies find the breadth of our services a particularly good fit for them — enabling them to communicate quickly, efficiently, and securely while everyone is on the go.

Read the rest of this post »

Do They Support TLS? Find out Fast

Friday, July 6th, 2012

Do you want your email messages sent “in the clear” across the Internet, where they could be read by anyone?

TLS (Transport Layer Security) enables email servers to automatically establish a secure channel between themselves so that your email messages can be securely transmitted from your servers to your recipient’s servers.  See: All about email delivery over TLS.

Read the rest of this post »