SecureLineTM Email Encryption

  • Adaptive Encryption: TLS, portal pickup, PGP & S/MIME support
  • Dynamic TLS negotiation & fallback
  • Send secure text messages (SecureTextTM)
  • Opt-in, Opt-out, & DLP encryption
  • Use WebMail or any email program
  • Discover: SecureLineTM

HIPAA-compliant Email

  • Highly-configurable email encryption
  • Access controls and login audit trails
  • Backups and email archival
  • Protection from inbound email threats
  • Choose your level or security & isolation
  • Business Associate Agreement

High VolumeTM Secure Sending

  • Include ePHI or PII in sent email messages
  • Protect sensitive lists and data
  • Meeting high-security compliance requirements
  • Sending millions of messages/month
  • Transactional & marketing email
  • Discover: High Volume Secure Sending

Smart Hosting

  • Add HIPAA compliance to your existing email
  • Relay email from your servers through LuxSci
  • Works with GSuite & Office 365
  • Encryption. + Delivery, open, and click tracking
  • Discover: Smart hosting

Premium Email Filtering

  • Real-time, state-of-the-art inbound email filtering
  • Protection from malicious email & phishing attacks
  • Scan for: Viruses, content, attachments, links, etc.
  • Quarantine access & emergency Inbox
  • Spam flood protection
  • Discover: Premium Email Filtering

Email Archival

  • Tamper-proof & redundant
  • Unlimited storage; unlimited retention
  • Fast search and download
  • Encryption, annotation, automated alerts
  • Geographically separate from your email: Great for disaster recovery
  • Discover: Archival

MobileSync: Exchange ActiveSync

  • Synchronize: Email, calendars, contacts, tasks
  • Secure, real-time, & HIPAA compliant
  • For any mobile device & Outlook for Windows
  • Remote device wipe
  • Discover: MobileSync

WebAidesTM Collaborative Apps

  • Calendars, contacts, tasks
  • Secure CalDAV/CardDAV Synchronization
  • Online file storage
  • Secure, sharable password libraries
  • Internal blogs
  • User and group sharing

Request a demo

Enter your contact information

I accept LuxSci's privacy policy.

Custom Enterprise Solutions

Custom large-scale solutions

Custom Enterprise solutions can be tailored for very large numbers of users, very high security, and business continuity. They can include:

  • Redundant high-availability dedicated hardware firewalls
  • Redundant high-availability dedicated load balancers
  • Network-based intrusion detection systems
  • DDOS Protection up to 100 Gbps
  • Redundant, load-balanced outbound email sending servers
  • Redundant, load-balanced inbound email processing servers
  • Dedicated databases and redundant WebMail interfaces
  • System isolation and capacity scaling
  • Encrypted SAN storage arrays
  • An additional disaster recovery footprint in a different data center

If a custom solution might be right for you, talk to a LuxSci Expert.

LuxSci provides a very high quality, HIPAA-compliant email service. I really like their support. They always respond very promptly to any support issues. Their web-based email client is very powerful, buy yet intuitive and easy to use. I recommend them highly!"

Mark Singh . Blue Hills Medical Associates

eBook: HIPAA-compliant Email Basics

Safeguarding your healthcare practice and protecting patient privacy

Book 1 in the LuxSci Internet Security Series.

Created by Erik Kangas, PhD

Get the HIPAA eBook

How it Works

HIPAA-compliant Email at LuxSci

HIPAA compliance requires that the transfer of any sensitive or confidential patient health information (ePHI) over the Internet is done securely. Our SecureLineTM email encryption system is designed to do just that. SecureLineTM seamlessly and dynamically integrates the following modes of secure email transmission to ensure that you can securely communicate with anyone, no matter what email system they have.

  • SMTP TLS - SMTP TLS enables mail servers to transfer email between themselves in a secure manner, even if the messages themselves are not internally encrypted. TLS provides secure email delivery to recipients whose email servers support TLS (which includes about 85% of recipients). LuxSci fully supports TLS and uses only FIPS/NIST-recommended security protocols and ciphers.
  • SecureLineTM Escrow - SecureLineTM Escrow requires that a recipient actively verify his or her identity before s/he can access a message via a secure web portal. Escrow provides secure email delivery, authentication, storage, transmission, and auditing for messages to anyone with an email address. Which is better: TLS or Escrow?
  • SecureLineTM PKI - SecureLineTM PKI uses public key certificates (PGP and/or S/MIME) to internally encrypt email messages before sending them to the recipients. The recipients must also be using PKI for this method to be useful.

Extremely Flexible

HIPAA requirements are extremely vague and decisions on risk, security, usability and applicability are generally in the hands of each individual organization. As such, LuxSci's email security system is uniquely flexible, allowing you to "dial in" where you need to be on the spectrum from high usability to high security.

For those who wish to leverage of the easy of use offered by SMTP TLS as much as possible, LuxSci offers two very unique features:

  • Dynamic TLS: LuxSci determines dynamically, at the time of message delivery, which of your recipients support TLS and which do not. For those that do not, LuxSci automatically falls back to Escrow or PKI for secure message delivery. You do not have to pre-configure anything to use TLS to the maximum degree possible. You also do not have to worry about messages being delivered insecurely to people who do not support TLS.
  • Exclusive TLS: When the ease of opening email messages is more important than email delivery (e.g., for email marketing), TLS Exclusive is appropriate. With this technology, Dynamic TLS is used to determine which recipients will get your messages securely over TLS. Messages to everyone else will be automatically dropped. This is ideal for securing all your email using TLS, while not annoying the 10-15% of recipients using poor email systems with portal-pickup email messages.

Required Business Associate Agreement (BAA)

LuxSci requires a signed HIPAA Business Associates Agreement (BAA) and a signed Account Restrictions Agreement (ARA) in order for LuxSci to be considered your Business Associate and for us to consider your account HIPAA compliant.

SecureLineTM Meets Your Compliance Needs

When you sign up for HIPAA-compliant email, SecureLineTM ensures that all email messages sent via SMTP or through our WebMail interface are sent securely, while remaining flexible enough to allow exceptions where appropriate for usability. The chart below shows how SecureLineTM can be adjusted to fit the scope of your compliance.

Who sends ePHI? Is non-ePHI sending required? Solution
Never Full account-wide lockdown. All users are required to send securely. Insecure sending is entirely prohibited.
Occasionally for some users Account-wide lockdown with opt-out enabled. All users are required to send securely, but certain users are permitted to opt-out on an individual message basis. All opt-outs are logged.
Occasionally for all users All users have logins to two separate domains — one for secure sending (typically a subdomain), and one for non-ePHI sending. The secure domain is completely locked down to prohibit non-ePHI sending.
Some Users
Never Majority of users have logins in a non-HIPAA domain, while the few that send ePHI have logins in a different HIPAA-secure domain (typically a subdomain). The secure domain is locked down to prohibit non-ePHI sending.
Some Users
Occasionally Majority of users have logins in a non-HIPAA domain, while the few that send ePHI have logins in a different HIPAA-secure domain (typically a subdomain). The secure domain is set to allow opt-outs. All opt-outs are logged.

Final Review

Your security settings are locked down as soon as your account is created. Once we have your signed BAA and ARA, LuxSci gives your account a final review to make sure everything is in order. At this point your account is considered HIPAA compliant.

Users are locked down to certain security settings based on whether they will be sending ePHI or not:

Feature Sending non-ePHI Sending ePHI
Global enforcement of outbound email encryption
Opt-out of secure sending
Forced secure logins for all services
Email forwarding only over TLS
Insecure email forwards and aliases allowed
WebAideTM App encryption allowed
Auditing of Blog, Document, and Password apps
Password strength requirement
Strength may vary 12+ Alphanumeric + Hard to Guess
WebMail session timeout after inactivity
Length may vary up to 3 hours

Beyond email sending, LuxSci ensures compliance of your email and other data (e.g. WebAidesTM, Widgets, etc.) per the terms of our Business Associate Agreement with you.

FAQs: Perhaps you were wondering...?

We include technical support with all accounts. LuxSci's support staff are located in the USA and are all US citizens. Standard support hours are 9am to 11pm Eastern Time, USA. During this time, our staff is standing by to answer your questions via email, support ticket, and phone. Emergency, mission-critical support is available 24/7/365. (See more about LuxSci Support.)

In addition to SecureLineTM for email encryption, LuxSci provides a range of security features including two-factor login, password expiration, opportunistic and forced TLS for inbound and outbound email, email header scrubbing, login auditing, custom firewalls, customizable session timeouts, and more. (Read more about LuxSci's security and privacy focus.)

LuxSci email works with any email program on any computer or mobile device, including Outlook, Mac Mail, Thunderbird, and the default email programs in iOS and Android. LuxSci email and SecureLineTM email encryption work through secure IMAP, SMTP, POP connections. There is never any need to download special programs, apps, or plugins. Additionally, LuxSci provides an option for using ActiveSync for real-time synchronization of email, contacts and calendars with your mobile devices and recent versions of Outlook for Windows.

LuxSci includes 7x daily on-site and 4x weekly off-site backups of all of your email, web, and other data. You can request free restores as needed, although very frequent or very complex restore requests may incur a surcharge. (Read more about backups at LuxSci.)

Daily and weekly snapshots also protect your sensitive data against server failure, and we can always restore all your data. (Read more on LuxSci infrastructure and reliability). Dedicated server customers can request special/custom backup schedules.

LuxSci also offers Email Archival for saving copies of all inbound and outbound email. These copies cannot be edited or deleted by anyone and they do not expire.

A shared Business Class email hosting account comes with 100 GB of disk space that you share among all your users (we do not limit space on a per-user basis although you can opt to impose such limits). If you exceed your limit or want to buy more space, we charge an overage fee. (Read more at Business Class vs. Enterprise Class and Standard Shared Hosting: Disk space limits.)

Dedicated server customers can get from 10 GB up to 10 TB of space per server. Dedicated is the way to go if you have large-scale storage needs.

LuxSci permits you to send and receive email messages that are up to 200 MB each (for customers with Email Archival, the limit is 50 MB/message).

Email hosting customers can send up to 300 email messages/day; customers can send each message to up to 1000 recipients. These messages are not for use with bulk emailing of any kind.

For email marketing and large-scale sending needs, we offer a separate High Volume Secure Sending service. We can add this additional service (and the associated cost) to your email hosting account.

There's no explicit limit on the number of messages that you can receive. However, the receipt of large quantities of messages all at once (many 100s or 1000s of messages at a time, for example) can cause your inbound email to suspend automatically to protect our servers from inbound email abuse and "mail bombs." If you need to receive large numbers of messages in a short time, LuxSci provides dedicated inbound email processing servers.

There are no limits on the number of users who can be in your account or the number of addresses you can have in your address book.

We don't limit the number of messages you can store in your email folder. It's important to note, however, that larger folders are slower to use than smaller folders (more than 100,000 messages would be extremely slow) and no email folder can contain more than 1 million messages.

The majority of our servers are located in USA. Customers ordering Business class dedicated servers can request that their servers be in specific areas of the USA, London, Sydney, or Hong Kong.

LuxSci has an automated email migration service for transferring the email folders for all your users. (For more details, see Migrate Your Data to LuxSci.)

Yes. LuxSci SecureLineTM enables you to send compliant email to anyone with an email address. Your recipients do not need to use LuxSci themselves.

Yes. Recipients of your secure email messages can reply to you.

Yes. HIPAA customers get a trustmark that looks like this:

LuxSci helps ensure HIPAA-Compliance for email and web services.

In addition to email encryption, HIPAA-compliant email hosting accounts include email access and sending from email programs (e.g. using IMAP, POP, and SMTP) and from our Web interface. LuxSci also highly recommends use of our Email Archival and Premium Email Filtering.

If some messages do not include ePHI, you can choose to opt out of using encryption for them. LuxSci does not support opt-in encryption (where you manually specify which messages need encryption) for HIPAA-compliant accounts, because it's too risky for HIPAA compliance. We do support Opt-In encryption if you do not need HIPAA compliance.

If only some people need to send ePHI, we can segregate your users into two (or more) domains. For example, users who must be fully compliant can have addresses in "" Users who do not need HIPAA-compliant email can have addresses in "" and can send and receive without any encryption at all. (We call this per-domain HIPAA compliance.) Users can have addresses in both domains, if needed.

When you send an email message through WebMail, from either your mobile device or your email program, that message is transmitted securely to LuxSci's servers using TLS. Once the message arrives, LuxSci encrypts the message for each of your recipients and then delivers the encrypted message to the recipient's email servers. Based on your account preferences, who the recipients are, where their email host is, and settings in your account, the encryption used can take the form of: SMTP TLS, Secure Message Pick Up (Escrow), PGP, or S/MIME. The type of encryption used is dynamically determined at send time.

Yes, it can be. It depends on your choice of account settings. See Ensuring all data is encrypted at rest with LuxSci.

It depends. Messages sent using SMTP TLS do not require anything special to open them since they're encrypted only during transmission. Messages sent using Escrow (Secure Portal Pick Up) do require the recipients to authenticate themselves to our secure web site in order to access their secure messages. You can do this either (a) by using a username/password for a free account to access any received message, or (b) by providing an answer to a custom question designated by the message sender. See: SecureLineTM Escrow and SMTP TLS.

Other questions? Call Sales


LuxSci's secure email hosting was specifically designed to satisfy all HIPAA rules and security requirements. With the implementation and utilization of the following features, and after review and lock down by LuxSci Support, we will confirm your account as being HIPAA compliant in terms of our HIPAA Business Associate Agreement.

Account Feature Included
Signed HIPAA Business Associate Agreement

LuxSci provides a Business Associate Agreement compatible with the HITECH amendments of HIPAA. This defines LuxSci's role in maintaining the Privacy of Protected Health Information (PHI) for you as you seek to be HIPAA-compliant. A document like this is required by HIPAA of any vendor that you use.

HIPAA Compliance Seal / Trust Mark

Once your account is certified by LuxSci as meeting its HIPAA Security Requirements, you can use a LuxSci HIPAA Compliance Seal on your web site or in your HTML Email Signatures, Taglines, or Disclaimers.

A sample HIPAA Seal looks like this (click on it to see an example certification page):

LuxSci helps ensure HIPAA-Compliance for email and web services.
LuxSci helps ensure HIPAA-Compliance for email and web services.
Accounts with Mixed HIPAA and non-HIPAA Domains

HIPAA accounts can be either globally secure, so all users are compliant and encryption and security are fully-enforced for all messages, or they can be secured on a per-domain basis. In the per-domain case, only users in specified "HIPAA Domains" are required to send all email securely; users in other domains can send insecure email messages but cannot deal with ePHI at all. All users in these accounts share certain basic security considerations such as strong passwords, required use of SSL and TLS for server access, etc.

Use of per-domain HIPAA allows organizations to easily manage their compliant and non-compliant domains in a single account and also permits limited collaboration and sharing between non-HIPAA and HIPAA user logins.

Customers can select account-wide or per-domain HIPAA accounts during the ordering process.

ePHI Safeguarded

As required by the HITECH amendment to HIPAA, LuxSci follows the HIPAA Security and Privacy Rules with respect to all ePHI in your HIPAA-enabled accounts. This means that LuxSci actively ensures that the privacy of all electronic health information is safeguarded while it is stored on our servers, passing through our servers, or on our backups. It also means that LuxSci staff comply with all HIPAA Security and Privacy requirements:

  • Physical safeguards and data access control for ePHI
  • Staff training and administrative policies
  • Facility access control and security for ePHI
  • Contingency plans, backups plans, and disaster recovery for ePHI
  • Workstation security and usage lock down with respect to ePHI

I.e. LuxSci staff themselves obey all of the same HIPAA Security and Privacy requirements that our customers face when dealing with ePHI.

Secure CalDAV and CardDAV Synchronization

CalDAV and CardDAV and standard prorocols for synchronizing calendars and contact lists with desktop and mobile devices. macOS and iOS devices, in particular, and excellent support for synchronization using these protocols. For Android and Windows, third-party applications (including Mozilla Thunderbird) also support them. CalDAV and CardDAV access is included at no additional fee for all email customers; MobileSync is not required.

Secure Mobile Email, Calendar, Contact, Task, and Notes Access

MobileSync is an optional Exchange ActiveSync service that enables you to synchronize email, calendars, contacts, tasks, and notes on your mobile devices automatically and in real time. Mobile Sync is HIPAA-compliant and provides "Remote Wipe", so you can delete ePHI from your mobile device should it become lost or stolen -- preventing possible HIPAA breaches.

Even without Mobile Sync, LuxSci's IMAP, POP, and SMTP services can be used to securely send and receive email on most mobile devices.

Email Archival

LuxSci can offer you an archival solution that is comprehensive, cost-effective, and compliant with most current federal regulations including:

  • Permanent single-instance storage on Write-Once Read-Many (WORM) media
  • Redundant storage in 2 different locations.
  • Powerful full-content search with immediate results
  • Message export and import
  • Unlimited storage capacity included
  • Retention of email for 30-days to 10-years.
Data Transmission Security & Encryption

In addition to enforced use of SSL and TLS for all connections to our servers, all users automatically send and receive email securely using our SecureLineTM end-to-end encryption service. All outbound messages sent via SMTP, WebMail, or Premium Mobile Sync will be automatically encrypted. Additionally, SecureLineTM allows your users to send secured messages to anyone with any valid email address, even if they do not have TLS or S/MIME or PGP support. Those recipients can easily reply back securely or use our SecureSend portal to register for free and initiate secure messages to your SecureLineTM users.

To provide a user-friendly environment, certain work-arounds are possible, such as the use of TLS transmission for certain recipients instead of end-to-end encryption. See Restrictions to HIPAA Accounts at LuxSci.

Message Integrity Controls

LuxSci's SecureLineTM and enforced connection encryption (SSL & TLS) ensures that the messages cannot be modified while in transit. Message integrity is assured. Additionally, LuxSci's SecureLineTM permits the addition of digital signatures to encrypted messages to further ensure the message integrity and prove the identity of the sender.

Unique User Identification & Authentication

LuxSci requires that user names and passwords be entered for access to any of its services. The system recognizes users based on their login information, and controls access based on their identity. HIPAA-compliant accounts are required to utilize a high level of password complexity: 8 characters consisting of letters and numbers or symbols. The password must have "high entropy" and not be easily guessable. Automatic auditing of password changes and password resets is required and performed for HIPAA accounts.

Emergency Access to Email
LuxSci provides a facility for securely archiving copies of all inbound and/or outbound messages for backup and auditing purposes. Administrators thus have secure access to copies of all message content for emergency or other reasons. LuxSci also provides other optional features such as Message Continuity that is used to ensure access to email messages in the event of LuxSci server or data center failure.
Automatic System Logoff

HIPAA compliant accounts have a 20 minute default idle period to web-based interfaces (WebMail). The system will automatically log users off after 20 minutes of inactivity; this can be increased to 3 hours by account administrators. Other services such as POP, IMAP, SMTP and Mobile Sync also have automatic idle timeouts.

Access Audit Controls

LuxSci provides comprehensive security auditing for all accounts. Included in the security audits are password changes, resets, and lookups by LuxSci staff; user access to services such as WebMail, Email Sending (SMTP), POP, IMAP, Mobile Sync, and more; changes to any of the specific "Maximal Security" settings, as well as changes to the "Maximal Security" lock down status. These reports enable verification of user, administrator, and LuxSci Support staff activity on access and security specific changes to the account.

Data Backups & Data Disposal

LuxSci automatically makes backup copies of all data on our servers, including all customer ePHI. Daily backup copies are kept on-site for 2 days and Weekly backup copies are kept off-site for 4 weeks. All data is transmitted securely to the backup servers and stored there in a HIPAA-compliant way. After 4 weeks, all backup copies are destroyed. Accounts can ask for data to be restored from backup for free once/month. LuxSci's Email Archival provides permanent, immutable email storage on servers in multiple geographic locations, updated in real-time, with weekly backups made to optical media. See our complete backup and restore statement for additional information.

Maximal Security Enforcement

The LuxSci "Maximal Security" setting provides individual accounts with the highest level of email security. Security includes implementing the 20 minute WebMail timeout maximum, forcing appropriate outbound encryption, setting password strength requirements, and forcing secure logins. LuxSci support manually reviews any account needing to be HIPAA compliant and ensures that the Maximal Security setting is locked down so these security settings cannot be altered.

Optional Encryption Opt Out on a Per-Message Basis

Though disabled by default, administrators can choose to allow users the option to opt out of SecureLineTM encryption for a particular message. However, the user must explicitly agree that the message they are sending does not contain any ePHI. All messages sent without SecureLineTM encryption are logged for auditing purposes, and copies of them can be sent to an auditor email address for review.

Opt Out is available both in WebMail and for messages sent via email programs using our SecureLineTM Outlook Plugin or via adding opt out content to the email subject line.

Optional VPN Access for Enhanced Security

LuxSci can provide a Virtual Private Network (VPN) connection to further secure access to our email, web, and database servers.

General Features

SecureLineTM: Encryption
Email Archival
Email Filtering
WebAidesTM App Collaboration: Calendars, Contacts, Tasks, File Storage, and more
CalDAV and CardDAV Synchronization

CalDAV and CardDAV and standard prorocols for synchronizing calendars and contact lists with desktop and mobile devices. macOS and iOS devices, in particular, and excellent support for synchronization using these protocols. For Android and Windows, third-party applications (including Mozilla Thunderbird) also support them. CalDAV and CardDAV access is included at no additional fee for all email customers; MobileSync is not required.

Compatible with All Major Email Programs

LuxSci supports many versions of all popular email clients (though we recommend using the latest version of each product if possible), both licensed and shareware. If you use a lesser known email client, we should be able to help you configure it as long as the program supports either IMAP or POP, plus SMTP.

Mobile Access (iPhone, Android, iPad, etc.)

Blackberries, iPhones, iPod Touches, iPads, Android and Windows Mobile are some of the more popular mobile devices available to professionals. LuxSci supports all of these phones, as well as any other phone that properly supports the IMAP, POP and SMTP protocols. If your phone doesn't support these protocols but does have a mobile web browser, you have the option to access your email using LuxSci's Mobile Site.

Mobile Push Email

LuxSci's Mobile Sync service includes "Push Email" for email viewing, real-time pushing of new email to your device, as well as for sending of outbound email from your device through LuxSci's servers.

Push email is good for mobile battery longevity and for getting notifications of new email messages as fast as possible.

POP with secure access over SSL/TLS
IMAP with secure access over SSL/TLS
SMTP with secure sending over SSL/TLS
Anonymous SMTP (hide your IP)
Custom Email Filters
VPN Access

WebMail Features

Robust, Fast, Automated WebMail

WebMail is designed to work much like a desktop email program.

  • Web 2.0 / AJAX
  • Automated checking for new email and folder changes every 30s
  • Automatic loading and display of new email
  • Drag and drop attachments
  • Drag and drop copy and move of messages
  • Lots of customization preferences
  • View shared email from multiple accounts in one screen
  • Automatic concurrent checking for new email in multiple folders
Internet Explorer v10+, Edge, FireFox, Safari, Opera, Chrome
Secure Access From Anywhere

LuxSci's WebMail interface ALWAYS gives you secure access to your email from any computer or mobile device with Internet access (via SSL with Extended Validation) unless you specify otherwise. WebMail is fully supported in Internet Explorer, FireFox, Opera, Safari, and Chrome. Our Mobile Site, which is a lightweight version of WebMail, is ideal for accessing email using the browser in your mobile phone or for extra security, privacy and simplicity.

WebMail supports Two-Factor authentication (simple via a Google Authenticator, text message, email, or advanced via integration with, IP access restrictions, and more.

Mobile Version of WebMail

LuxSci provides a standard, full-featured, Web 2.0 WebMail interface (a.k.a the "Full Site"). For the sake of usability and feature richness, this full-featured portal makes extensive use of graphics, cookies, JavaScript, HTML5 and some features of modern web browsers to enhance the user experience. It is also designed for a wide screen viewing area.

The software requirements that make the full-featured portal good-looking and easy to use also have their down sides. The "Mobile Site" is the solution to these concerns:

Access the Mobile Site automatically with a mobile browser by visiting:

  • Blazing Speed: If you have a slow Internet connection or limited bandwidth, the Mobile Site offers faster service. It has been optimized to use less bandwidth, which makes the pages smaller in size, faster to download, and easier to read on your mobile device.
  • Mobile Devices and Narrow Screens: The Mobile Site will work with almost any mobile device, tablet, or PDA that has a web browser. We work tirelessly to ensure the quality of Mobile site pages, especially on smaller screens.
WebMail with secure access over TLS
WebMail via optional easy one touch/click password-less logins
Private Labeled Branded WebMail
Email Folder Management Tools

We provide you with online tools for creating, deleting, renaming, managing, and searching your email folders.

  • Supports any number of folders
  • Folders can contain messages and/or other folders
  • Folders are accessible via WebMail and IMAP
  • Remove Duplicates: Configure removal of duplicate messages in any folder based on message ID, subject, sender address and size. Message removal can run automatically on a nightly basis or manually at any time at the push of a button.
  • Auto-deletion: Configuration options allow you to automatically remove "old" messages in any folder to: 1. Reduce the folder size to some fixed maximum 2. Reduce the number of messages in the folder to some fixed maximum 3. Eliminate messages older than a specified number of days.
  • Auto-Archival: Archival options can be designed to your specific needs. The function can occur as you prefer; daily, weekly, monthly, bi-monthly, yearly or when YOU feel the folder has exceeded desired storage size of message allotment. You can even have a folder auto-archived; which will move messages to a new dated subfolder at your convenience.
  • Offline Storage: Download your email folders as ZIP-compressed archive in UNIX- or EML-format for offline storage.
  • Create, rename, move, and delete folders and directories.
  • Concurrent Access: Makes it easy to share access to email by allowing multiple users, using different email clients, access to the same email folders concurrently without issue.
Email Folder Sharing
Email Message Tagging & Adding Keywords
Automated Suggestions from your Address Books

When composing email messages, WebMail will automatically give you recipient suggestions by searching all of your address books for matches; in the name, company, email and nickname fields. You can alter, eliminate or add to these suggestions via keyboard or mouse. This WebMail feature makes it quick and easy to enter recipient email addresses and avoid making errors.

Annotating Email Messages
Signatures: Custom Reply-To/From

WebMail signatures allow you to add personality to your email. In addition to adding a signature to the end of your messages, you can customize the sending name and address. This is ideal if you have many different email addresses [not all of which are hosted at LuxSci] and need to send email (from a single WebMail application) that appears to come from any one of them.

  • Unique signature technology; similar to other services' "personalities".
  • Support for unlimited signatures.
  • Each signature has independent HTML and plain text versions.
  • HTML signatures support embedded images
  • With Signatures you can include files that will attach to all messages sent using those signatures (e.g. add a vCard or a PDF with all messages).
  • Determine whom your email appears to be from (you specify the From address and name; From name can be in any language).
  • Determine to whom replies to your email will be sent (you specify the Reply-to address).
  • If you reply to an email, WebMail will try to match the recipient address of the email to one of your signatures so that you automatically use the right signature for the right email -- no mistakes.
  • Change your signature "on the fly" in WebMail and have the signature content automatically updated in the message.
  • Use signatures either at the top of or at the bottom of replies and forwards.

Use of signatures to send emails forged with addresses that you do not have permission to use is a violation of our Acceptable Use Policy.

International Locale and Language Support

LuxSci's WebMail interface fully supports sending and receiving email messages in any language or multiple languages:

  • View messages encoded in any language or languages.
  • Compose messages in any language or languages.
  • Configure default encodings to use when none are specified.
  • Support for encoded content in subject and sender name fields.
  • UTF-8 Unicode is used throughout our site.
  • Our user interface is translated into many different languages.

LuxSci WebMail is designed for optimized work with dozens of languages such as: English, Spanish, French, German, Russian, Chinese, Japanese, Korean, Swedish, Hebrew, Portuguese, and many more.

Additionally, WebMail allows you to configure:

  • Preferred time zone
  • Preferred date and time format
  • Week start day
Drag and Drop Attachment Uploads
Many Other Features (click to see the list!)

WebMail's feature-rich options include:

  • International Email Support: Send and receive secure email in any language or character encoding. Support for multiple character encodings in one message.
  • Security: WebMail is fully integrated with our SecureLineTM end-to-end email encryption service.
  • Full, robust HTML email composition supported in Internet Explorer v9+, FireFox, Opera, and Safari
  • Automatically checks for new email in multiple folders.
  • Spell checking in real time as you type. This feature supports multiple languages and customized user dictionaries. (Uses the SCAYT Text and HTML spell checking technology from
  • Defer email messages: hide messages in any folder and have them re-appear at later scheduled times for action.
  • WebMail composition: Auto-save your work so you never lose a message in progress.
  • Full screen viewing mode
  • Automatic checking of your INBOX for new email
  • Plain Text and HTML Email Templates
  • Send any number of attachments
  • Forward messages inline or as attachments
  • Delete attachments from messages
  • Save/resume compositions using a Drafts folder
  • Request and respond to Read Receipts
  • Set and view importance-level and flags on messages
  • View images and HTML attached to your messages inline
  • View/download attachments
  • View complete email message headers
  • View complete message source
  • Download individual messages
  • Sort messages by date, sender, subject, size, and more
  • Address Books, personal and shared, are integrated with WebMail.
  • A large number of personal preferences allow you to tweak WebMail to behave just the way you want it to. Some of these include:
    • Six different selectable layouts of the folder tree, message list, and message display areas
    • Choose destination of deleted messages: remove, mark as deleted and/or save to a trash folder
    • Customize both the information that displays in your message list and the order in which the information is displayed
    • Customize if message previews are used and if HTML and image content is displayed automatically inline
    • Many, many more -- get a Free Trial and see them all.

Outbound Email Features

Reporting: Messages Sent
Searchable, sortable, and downloadable reports of messages sent.
Reporting: Tracking and Deliverability
Searchable, sortable, and downloadable reports of the state of delivery of every message to every recipient. You can see what has been sent, what is still queued, what has been delivered successfully, what has failed ... and exactly why. Reports include the reasons messages may be delayed, exactly why they bounced, and what the recipient servers said when they were delivered. Aggregate reports give you overall delivery statistics on a daily and monthly basis.
SMTP Relaying with security access over TLS/SSL

LuxSci provides SMTP Relaying so that you can send email from email programs (WebMail does not require "SMTP" service to send email).

  • Secure SMTP via TLS and SSL
  • Alternate Ports for secure and insecure SMTP -- including port 80 -- which is open in most firewalls.
  • All of our email servers support TLS and will talk securely with other servers whenever possible (opportunistic TLS).
  • Anonymous SMTP: Remove all information about your sending computer (its IP address) and email client when sending messages. This feature is available over SSL and TLS as well for email security. It is available to all clients who subscribe to SMTP services. More about Anonymous SMTP
  • More about SMTP
DKIM - Sign outbound messages
[Optional] Configure DKIM for the domains from which you are sending and get information to add to their DNS so that your recipients can verify your messages and improve their deliverability.
Large Email Messages: up to 200 MB
Security: Email Encryption (via SecureLineTM)
Anonymous Email (Hide your IP)
High VolumeTM Outbound Email Sending
Outbound Email Forwarding

Users can:

  • Send copies of all outbound email to a designated email address
  • Send copies of all outbound email messages to a server-side sent email folder (without IMAP)

Domain administrators can:

  • Send copies of all outbound emails, from all users, to a designated email address. Certain users can be exempted from this process.

Global taglines or disclaimers in text and/or HTML cab be configured to appear at the end of all messages sent by your users.

  • Applies to messages sent via WebMail and from email programs using SMTP.
  • Configurable on a per-domain basis
  • Taglines/disclaimers can be added as attachments or added as part of the message content itself.
Bounce Processing
Open Tracking
URL Click Tracking
Outbound Email Content Monitoring

Monitor the content of all messages sent from WebMail or from email programs using SMTP.

  • Search for keywords or key phrases
  • Use regular expressions
  • Searches all HTML and plain text message parts
  • Search your choice of the message subject, message body content, or both
  • Can block messages, send copies of matching messages to an auditor email address, or auto-encrypt matching messages
Smart hosting

LuxSci's authenticated SMTP services can be used as a "smart host", which allows users to relay all email from your internal server though our servers for processing before being sent out into the Internet.

With smart hosting, you can take advantage of all of LuxSci's SMTP features, such as automatic outbound email encryption, anonymization, taglines and content monitoring.

Our "Intelligent" Smart host feature treats your email as if it were sent by your individual users. It looks at the "From" address on each message, rather than the single user connecting to LuxSci's SMTP services. This permits enforcement of per-user SMTP limits, per-user reporting on SMTP usage, per-user customization of taglines, per-user exemptions from some tools, and full support SecureLineTM automatic end-to-end outbound email encryption.

Intelligent smarthost is included with our standard SMTP service.

Smart hosting for Office365 and G Suite is also supported.

Other Features

Filtering: Spam, Virus, Content and Attachments
Archival: Inbound and Outbound Email
Collaboration Apps: Shared Address Books, Calendars and Tasks
User Login Auditing and Tracking

View your own plus your users' IMAP, POP, SMTP, and WebMail login and connection histories for up to 30 days if you have administrative access.

Email Auto-Responders / Vacation Notices

Email auto-responders let you setup pre-defined responses to email messages that you receive while you are away -- out of the office, on vacation, or otherwise unavailable. They also allow for the configuration of complex automated response rules.

Features include:

  • Automatic response to incoming email messages.
  • Different responses based on to which of your email addresses or domains the message is addressed
  • Configure responses based on arbitrary criteria such as: sender address, subject content, body content, email header content, etc.
  • Sign the replies with your signatures.
  • Specify the subject line and body of each reply.
  • Activate and deactivate the auto-responders manually or set a scheduled time window for activation and de-activation.
  • Enable "nags" to notify you that your responder is still enabled after a specified date.
  • HTML-formatted or plain text-formatted response content.
  • Configurable time window during which senders will not get duplicate responses for multiple messages sent.
  • Rate limits so that the same sender does not receive too many responses from you and so that your responders cannot be used to create denial of service situations.
  • Customer-accessible audit trails of all responses sent. Includes when, to whom, for what responder, and what the subject of the original message was.
Email Forwarding and Email Aliases

An email alias is not an actual user, but rather a rule that indicates to whom the email should be delivered. Individual users can also configure email forwarding for their inbound email.

Features include:

  • Catch-all aliases to capture email to non-existent address at your domain.
  • Redirect email to any address at your domain to one or multiple real local or remote email address(es).
  • Redirect email to multiple addresses at once. (Limit: 25 addresses or the number of users in your account, whichever is larger).
  • Lots of aliases; change them anytime you wish via our secure online tools or our API.
  • Domain Forwarding Catch All Aliases allow you to forward any address at one domain, "", to the same user at a second domain, "".
  • Powerful Alias Manager has search features that allow easy management and reporting on thousands of aliases across hundreds of domains.
  • Aliases can: forward email to one or more recipient addresses, send custom email bounce messages, and automatically delete all incoming email.
  • User Groups WebAidesTM can be used to create and manage distribution lists to selected groups of users in your account.
Auto-Download POP Email from Other Accounts

If you have other email accounts with POP access, you can download messages from these remote accounts to your LuxSci email folders.

Features Include:

  • Store information for an unlimited number of remote POP email accounts
  • Download mail from each account to any email folder
  • Have your email downloaded automatically every 20 minutes
  • Use your inbound email, anti-Spam, and anti-Virus filters, including Premium Email Filtering to filter downloaded messages before forwarding to your LuxSci account. This is a great solution when your remote email account doesn't permit email forwarding but you want to download and filter those messages.
  • Delete or leave the remote email on the remote server when downloading manually. Messages are deleted from the server with automatic message downloads.
  • Optionally preview messages before downloading: select what to download or delete.
  • Download email from one or ALL remote accounts individually or at once.
  • Secure POP (SSL) connections to remote POP servers.
  • Use "Signatures" to manage multiple email accounts.
  • Full support of previewed email messages with text in most languages.
Receive automated email alerts (of an email address or list of your choice at a frequency of your choice) which list all email delivery failures including:
  • When the message was sent
  • Who sent it and from what address
  • What the subject was
  • The address of the recipient that failed
  • Exactly why the delivery failed

These email alerts are HTML for easy reading and include a CSV (Excel) file with all of the data for easy analysis. With these reports you can always be aware of failed deliveries and do not have to worry about getting and reading bounce messages. You can configure these reports so that managers can get copies of the failure reports for users and thus can ensure that important messages are all properly delivered.

Feedback Loops with Major ISPs
We collect spam complaint reports via agreements with major ISPs to detect spamming and other issues quickly and to help keep our servers off of black lists. Users and administrators can see reports of SPAM complaints in our web interface. Users and administrators can also have digests of their received SPAM complaints automatically emailed to them (with detailed information in attached CSV files) so that they are made aware of issues as soon as possible and to make opting complaining recipients out of mailing lists quick and easy.

Learn More