There are many ways to protect ePHI in email. HIPAA is technology-neutral and doesn’t make specific recommendations for how to protect email communications. This article explains the difference between a HIPAA-compliant email host and an email encryption gateway. These are just two of the options for securing email accounts.
Read the rest of this post »
LuxSci is pleased to announce the release of a new feature for our Secure High Volume customers. If your email sending program or system does not provide a way to manage unsubscribes, LuxSci’s unsubscribe links feature can help. It seamlessly adds the links, provides the unsubscribe web page, collects unsubscribes, and adds them to a suppression list to block future sending. You can also use our web interface or API to manage the list of unsubscribed email addresses.
Unsubscribe links are only supported for messages sent via SMTP and via API using the email/send (also known as the sendEmail) endpoint. Messages sent via WebMail, SecureForm, and other API calls do not support Unsubscribe Links.
Read the rest of this post »
LuxSci is pleased to announce that our Secure High Volume solution is now available on the Oracle Cloud Marketplace for deployment with Oracle Cloud Infrastructure (OCI). The Oracle Cloud Marketplace is a centralized repository of enterprise applications offered by Oracle and Oracle partners.
LuxSci’s Secure High Volume email service allows organizations to secure their outbound transactional and marketing emails with highly flexible and secure email encryption. Users can select the method of encryption (TLS, Secure Portal Pickup, PGP, S/MIME, etc.) to meet their campaign needs. Sending emails that contain sensitive information like protected health information (PHI) is easy and secure with LuxSci’s ultra-flexible encryption technology.
LuxSci’s services are highly configurable. Each customer has their own custom deployment to meet their sending and throughput needs. Customers can choose to implement high availability services to increase sending power and reduce downtime in the event of server failure. Secure High Volume sending integrates with your existing platforms via SMTP or API to streamline secure email sending.
In spring 2021, LuxSci announced the move to Oracle’s security-first cloud infrastructure. OCI’s highly flexible and secure server configuration options allow LuxSci to deliver larger quantities of HIPAA-compliant email messages. Compared to other servers, OCI is faster and more reliable. With OCI, LuxSci can also architect more custom deployments and can serve customers of all sizes. Learn more about why LuxSci chose to work with Oracle.
Public cloud servers are great for many things; however, sending email is not one of them.
The main issue with public cloud based services is that you are sharing resources with their other customers. This includes IP addresses. Most organizations try to filter out bad IPs, but when joining a new service there is a chance you could be assigned an IP with a poor reputation.
The IP address spaces used by the major public cloud vendors (i.e. Amazon, Rackspace, etc.) for their cloud servers are well known and are generally black- or gray-listed by anti-spam systems. This can slow or altogether stop emails sent from those IPs to getting to inboxes. Additionally, many of the IP addresses in use by these systems are flagged from previous abusive use by spammers. When setting up a new cloud server, you could be easily assigned one of these flagged IP addresses. Even if you do not inherit a bad IP reputation from the previous user(s), your server will be listed as a public cloud IP address. As a result, it may suffer from the “bad neighborhood effect” and thus considered a possible spam source.
We have investigated several services that claim to offer “Cloud-Based Outbound Email” and have found that many use cloud servers for things like scanning email messages for spam and viruses, but use non-public cloud servers for the actual sending of email. This is obviously not true for all companies, but if everyone might be affected, the solution is to NOT send email directly from your public cloud. There are, however, straight-forward solutions to getting email originating from such servers delivered.
The “utility computing” model of the cloud is to blame. In the interest of making these services as cheap as possible, there are generally very few services included. In particular, you get 1) minimal customer support, 2) little pre-sales work, and 3) minimal, if any, validation of new customers. All that time would increase prices. As a result, it is easy for a spammer to signup with a name and credit card. To start sending spam, all they need to do is agree to “terms and conditions” by checking a box. (How much do spammers care about that?)
Spammers and fraudsters take advantage of this simple workflow to setup servers for sending spam or performing other abusive actions. They do not care if they get shutdown fairly quickly because:
Once they get shut down, spammers choose another public cloud provider and use another stolen identity to do it again. They can even automate this signup process by using the available APIs for these services.
The above scenario contributes to the pollution of the reputation of IP addresses and the public cloud servers in general.
With physical dedicated and managed servers and private clouds, you typically interact with a sales representative, sign a contract, and undergo some level of validation (even if that happens behind the scenes). The time it takes to sign up blocks most spammers who use these services and keeps these IP address spaces much cleaner. The more validation and attention that is offered by a sales staff before signing up their customers, the cleaner the IPs are.
If you are sending large quantities of important email from a cloud server, consider using LuxSci Secure High Volume Email Sending to avoid the risk of your emails getting blocked by spam filtering services. Using a trusted private provider will mitigate the bad neighborhood effect and significantly increase the deliverability of your email. Unlike in a public cloud, you can add additional dedicated resources to ramp up throughput for business critical emails.
