LUXSCI

HIPAA-compliant Secure Email

Encryption

  • Send/receive secure email to/from anyone
  • Send secure text messages (SecureText)
  • Adaptive: TLS, portal pickup, PGP & S/MIME support
  • Dynamic TLS negotiation & fallback
  • Opt-in, Opt-out, & DLP encryption
  • Use WebMail or any email program
  • Discover: SecureLine

HIPAA-compliance

  • Meet HIPAA-compliance requirements
  • Business Associate Agreement
  • Highly-configurable email encryption
  • Access controls and login audit trails
  • Backups and email archival
  • Protecting from inbound email threats
  • Discover: HIPAA Email

High Volume Secure Sending

  • High-quantity, high-quality outbound email
  • Thousands to millions of messages/month
  • Marketing or transactional messages
  • Dedicated servers—dedicated reputation
  • Apply encryption, DLP, etc.
  • Secure bulk SMS/text messages
  • Discover: High Volume Secure Sending

Smart Hosting

  • Relay email from your servers through LuxSci
  • SMTP Relaying for GSuite and Office 365
  • Custom SMTP Relaying from any IP
  • Encryption and delivery tracking
  • Add security or HIPAA compliance to your email
  • Discover: Smart hosting

Premium Email Filtering

  • Real-time, state-of-the-art email filtering
  • Protection from malicious email
  • Scan for: Viruses, content, attachments, links, etc.
  • Quarantine & emergency Inbox
  • Spam flood protection
  • Discover: Premium Email Filtering

Email Archival

  • Tamper-proof & redundant
  • Unlimited storage; unlimited retention
  • Fast search and download
  • Encryption, annotation, automated alerts
  • Discover: Archival

MobileSync

  • Email, calendars, contacts, tasks
  • Secure, real-time synchronization
  • For any mobile device & Outlook for Windows
  • Remote device wipe for compliance
  • Discover: MobileSync

Collaborative Apps

  • Calendars, contacts, tasks
  • Online file storage
  • Secure, sharable password libraries
  • Internal blogs
  • User and group sharing

Request a demo

Enter your contact information

I accept LuxSci's privacy policy.

What is HIPAA-compliant Email?

Secure your ePHI during email communications.

Compare Plans: Shared vs. Dedicated & Business vs. Enterprise

Feature Shared Business Shared Enterprise Dedicated Business Dedicated Enterprise
HIPAA Compliance Available?
Location
USA Texas, USA USA or Custom Texas, USA
LuxSci's services are provided on servers located in USA-based data centers (RackSpace or Amazon).

*Business Class dedicated servers can be provisioned in RackSpace and Amazon data centers around the world if requested by the customer. There may be an additional setup fee for a non-standard location.

Maximum users
50 50 unlimited unlimited
Dedicated servers are required for accounts with 50+ email users.
Maximum Disk Space
500G 500G unlimited unlimited
Shared accounts support up to 500 GB of storage space, total, for all email belonging to all users in the account. Dedicated servers and clusters can have a potentially unlimited storage capacity.
Disk Space Price: per 100GB
$30/mo $60/mo $20/mo $40/mo
50 GB of disk space comes included with shared accounts. 25-100GB comes included with dedicated accounts (depending on how large/powerful the server chosen is). You can purchase additional blocks of disk space as needed.
Full Disk Encryption
*

*Business Class dedicated servers from RackSpace, used for large-scale emailing only have full disk encryption if requested by the customer. This will require ordering a separate disk.

Multiple firewalls

Enterprise class servers and Business Class servers at RackSpace enjoy software firewalls and redundant HA hardware firewalls.

Business Class servers at Amazon enjoy software firewalls and AWS Security Group logical network firewalls.

Backups Included?
Standard backups of your server data are included. These include 7 daily on-site backups and 4 weekly off-site backups.
Custom Backup/Retention Schedules?
Dedicated server customers can choose custom backup frequencies and retention schedules; this may come with an additional cost. Contact sales for more information.
Server Type
Single server Redundant Cluster Single Server Redundant Cluster
Business Class servers are single virtual servers running in the RackSpace or Amazon Public cloud. Enterprise Class servers are VMWare virtual servers running on a redundant cluster of servers in LuxSci's Private Cloud at RackSpace.
Account Isolation: No other LuxSci customers have access to your server. No shared servers.
In a shared solution, many 100s or 1000s of separate customers share the same server. Security replies on logical and software partitioning of access and resources. Shared solutions are inherently less secure, have less consistent performance, but are less expensive. Dedicated servers are recommended for when security and consistent performance are important.
Ultra-reliable: proof against hardware failure
Enterprise Class servers are virtual machines that run on a redundant VMWare cluster. If one of the underlying hypervisors should have a hardware issue, all servers running on it are immediately rebooted on another hypervisor, limiting potential downtime to seconds.

Choose Enterprise Class when server uptime is a very high priority.

Server Isolation: All servers running on the same hardware belong to LuxSci. No public cloud servers.
In the Business Class environment, your server is in a Public Cloud. This means that other servers running on the same underlying hardware (hypervisor) may be owned by organizations unrelated to LuxSci. This provides some security risk compared to use of LuxSci's Private Cloud Enterprise Class environment, where LuxSci owns the underlying hardware and is in control of all servers running on it. Additionally, the Business Class environment may have less consistent performance due to the possibility of "noisy neighbor" servers outside of LuxSci's control.
Starting Price
$10/mo $25/mo $67.50/mo $407.50/mo
Starting Price with HIPAA compliance
$40/mo $55/mo $96.25/mo $436.25/mo
HIPAA-compliant email accounts need SecureLine email encryption, email archival, and premium email filtering.
 
Order Order Order Order


Custom Large-Scale Solutions

Custom large-scale solutions

Custom solutions can be tailored for very large numbers of users, very high security, and business continuity. They can include:

  • Redundant high-availability dedicated hardware firewalls
  • Redundant high-availability dedicated load balancers
  • Network-based intrusion detection systems
  • DDOS Protection up to 100 Gbps
  • Redundant, load-balanced outbound email sending servers
  • Redundant, load-balanced inbound email processing servers
  • Dedicated databases and redundant WebMail interfaces
  • System isolation and capacity scaling
  • Encrypted SAN storage arrays
  • An additional disaster recovery footprint in a different data center

If a custom solution might be right for you, contact sales.

So far we are very happy with the HIPAA-compliant email services LuxSci provides, and our experiences with your support personnel have been very helpful."

Tara Krol, President, Managed Care Consultants, Inc. www.mccinc.biz

eBook: HIPAA-compliant Email Basics

Safeguarding your healthcare practice and protecting patient privacy

Book 1 in the LuxSci Internet Security Series.

Created by Erik Kangas, PhD

Get the HIPAA eBook

HIPAA-compliant Email

It's unfortunate that hackers can exploit online communications on the hunt for sensitive information. However, with advanced cybersecurity, you can protect your private email information from hacking and vulnerabilities. At LuxSci, we specialize in email encryption to ensure communication security. Not only are our email services encrypted, but they're also HIPAA- (Health Insurance Portability and Accountability Act) compliant for those in the medical and Healthcare fields. Medical records hold some of your and your patients' most sensitive information: Social Security numbers, insurance IDs, addresses, credit cards, medical records and scheduling details, etc. LuxSci provides the leading service in HIPAA-compliant email, which guarantees the privacy of all ePHI (electronic patient health information) sent within your organization, as well as to patients and other appropriate, outside recipients. HIPAA makes it your legal responsibility to secure your patients' ePHI, and it's our responsibility to provide those securing services.

Complying with HIPAA can overwhelm and confuse when you're trying to find a user-friendly platform. LuxSci is here to make this easy for you. We provide HIPAA-compliant email with form processing and web hosting options. We also help back up your data and offer extensive auditing capabilities. Most important, we offer forced email encryption which comes with a verified seal that links to us and allows your recipients to know that you have properly protected their information.

FAQs: Perhaps you were wondering...?

We include technical support with all accounts. LuxSci's support staff are located in the USA and are all US citizens. Standard support hours are 9am to 11pm Eastern Time, USA. During this time, our staff is standing by to answer your questions via email, support ticket, and phone. Emergency, mission-critical support is available 24/7/365. (See more about LuxSci Support.)

In addition to SecureLine for email encryption, LuxSci provides a range of security features including two-factor login, password expiration, opportunistic and forced TLS for inbound and outbound email, email header scrubbing, login auditing, custom firewalls, customizable session timeouts, and more. (Read more about LuxSci's security and privacy focus.)

LuxSci email works with any email program on any computer or mobile device, including Outlook, Mac Mail, Thunderbird, and the default email programs in iOS and Android. LuxSci email and SecureLine email encryption work through secure IMAP, SMTP, POP connections. There is never any need to download special programs, apps, or plugins. Additionally, LuxSci provides an option for using ActiveSync for real-time synchronization of email, contacts and calendars with your mobile devices and recent versions of Outlook for Windows.

LuxSci includes 7x daily on-site and 4x weekly off-site backups of all of your email, web, and other data. You can request free restores as needed, although very frequent or very complex restore requests may incur a surcharge. (Read more about backups at LuxSci.)

Daily and weekly snapshots also protect your sensitive data against server failure, and we can always restore all your data. (Read more on LuxSci infrastructure and reliability). Dedicated server customers can request special/custom backup schedules.

LuxSci also offers Email Archival for saving copies of all inbound and outbound email. These copies cannot be edited or deleted by anyone and they do not expire.

A shared Business Class email hosting account comes with 100 GB of disk space that you share among all your users (we do not limit space on a per-user basis although you can opt to impose such limits). If you exceed your limit or want to buy more space, we charge an overage fee. (Read more at Business Class vs. Enterprise Class and Standard Shared Hosting: Disk space limits.)

Dedicated server customers can get from 10 GB up to 10 TB of space per server. Dedicated is the way to go if you have large-scale storage needs.

LuxSci permits you to send and receive email messages that are up to 200 MB each (for customers with Email Archival, the limit is 50 MB/message).

Email hosting customers can send up to 300 email messages/day; customers can send each message to up to 1000 recipients. These messages are not for use with bulk emailing of any kind.

For email marketing and large-scale sending needs, we offer a separate High Volume Secure Sending service. We can add this additional service (and the associated cost) to your email hosting account.

There's no explicit limit on the number of messages that you can receive. However, the receipt of large quantities of messages all at once (many 100s or 1000s of messages at a time, for example) can cause your inbound email to suspend automatically to protect our servers from inbound email abuse and "mail bombs." If you need to receive large numbers of messages in a short time, LuxSci provides dedicated inbound email processing servers.

There are no limits on the number of users who can be in your account or the number of addresses you can have in your address book.

We don't limit the number of messages you can store in your email folder. It's important to note, however, that larger folders are slower to use than smaller folders (more than 100,000 messages would be extremely slow) and no email folder can contain more than 1 million messages.

The majority of our servers are located in the state of Texas, USA. Customers ordering Business class dedicated servers can request that their servers be in other areas of the USA, London, Sydney, or Hong Kong.

LuxSci has an automated email migration service for transferring the email folders for all your users. (For more details, see Migrate Your Data to LuxSci.)

Yes. LuxSci SecureLine enables you to send compliant email to anyone with an email address. Your recipients do not need to use LuxSci themselves.

Yes. Recipients of your secure email messages can reply to you.

Yes. HIPAA customers get a trustmark that looks like this:

LuxSci helps ensure HIPAA-Compliance for email and web services.

In addition to email encryption, HIPAA-compliant email hosting accounts include email access and sending from email programs (e.g. using IMAP, POP, and SMTP) and from our Web interface. LuxSci also highly recommends use of our Email Archival, Premium Email Filtering, and Mobile Secure Chat.

If some messages do not include ePHI, you can choose to opt out of using encryption for them. LuxSci does not support opt-in encryption (where you manually specify which messages need encryption) for HIPAA-compliant accounts, because it's too risky for HIPAA compliance. We do support Opt-In encryption if you do not need HIPAA compliance.

If only some people need to send ePHI, we can segregate your users into two (or more) domains. For example, users who must be fully compliant can have addresses in "secure.yourdomain.com." Users who do not need HIPAA-compliant email can have addresses in "yourdomain.com" and can send and receive without any encryption at all. (We call this per-domain HIPAA compliance.) Users can have addresses in both domains, if needed.

When you send an email message through WebMail, from either your mobile device or your email program, that message is transmitted securely to LuxSci's servers using TLS. Once the message arrives, LuxSci encrypts the message for each of your recipients and then delivers the encrypted message to the recipient's email servers. Based on your account preferences, who the recipients are, where their email host is, and settings in your account, the encryption used can take the form of: SMTP TLS, Secure Message Pick Up (Escrow), PGP, or S/MIME. The type of encryption used is dynamically determined at send time.

Yes, it can be. It depends on your choice of account settings. See Ensuring all data is encrypted at rest with LuxSci.

It depends. Messages sent using SMTP TLS do not require anything special to open them since they're encrypted only during transmission. Messages sent using Escrow (Secure Portal Pick Up) do require the recipients to authenticate themselves to our secure web site in order to access their secure messages. You can do this either (a) by using a username/password for a free account to access any received message, or (b) by providing an answer to a custom question designated by the message sender. See: SecureLine Escrow and SMTP TLS.

Other questions? Call Sales

How it Works

HIPAA-compliant Email at LuxSci

HIPAA compliance requires that the transfer of any sensitive or confidential patient health information (ePHI) over the Internet is done securely. Our SecureLine email encryption system is designed to do just that. SecureLine seamlessly and dynamically integrates the following modes of secure email transmission to ensure that you can securely communicate with anyone, no matter what email system they have.

  • SMTP TLS - SMTP TLS enables mail servers to transfer email between themselves in a secure manner, even if the messages themselves are not internally encrypted. TLS provides secure email delivery to recipients whose email servers support TLS (which includes about 85% of recipients). LuxSci fully supports TLS and uses only NIST-recommended protocols and ciphers.
  • SecureLine Escrow - SecureLine Escrow requires that a recipient actively verify his or her identity before s/he can access a message via a secure web portal. Escrow provides secure email delivery, authentication, storage, transmission, and auditing for messages to anyone with an email address. Which is better: TLS or Escrow?
  • SecureLine PKI - SecureLine PKI uses public key certificates (PGP and/or S/MIME) to internally encrypt email messages before sending them to the recipients. The recipients must also be using PKI for this method to be useful.

Extremely Flexible

HIPAA requirements are extremely vague and decisions on risk, security, usability and applicability are generally in the hands of each individual organization. As such, LuxSci's email security system is uniquely flexible, allowing you to "dial in" where you need to be on the spectrum from high usability to high security.

For those who wish to leverage of the easy of use offered by SMTP TLS as much as possible, LuxSci offers two very unique features:

  • Dynamic TLS: LuxSci determines dynamically, at the time of message delivery, which of your recipients support TLS and which do not. For those that do not, LuxSci automatically falls back to Escrow or PKI for secure message delivery. You do not have to pre-configure anything to use TLS to the maximum degree possible. You also do not have to worry about messages being delivered insecurely to people who do not support TLS.
  • Exclusive TLS: When the ease of opening email messages is more important than email delivery (e.g., for email marketing), TLS Exclusive is appropriate. With this technology, Dynamic TLS is used to determine which recipients will get your messages securely over TLS. Messages to everyone else will be automatically dropped. This is ideal for securing all your email using TLS, while not annoying the 10-15% of recipients using poor email systems with portal-pickup email messages.

Required Business Associate Agreement (BAA)

LuxSci requires a signed HIPAA Business Associates Agreement (BAA) and a signed Account Restrictions Agreement (ARA) in order for LuxSci to be considered your Business Associate and for us to consider your account HIPAA compliant.

SecureLine Meets Your Compliance Needs

When you sign up for HIPAA-compliant email, SecureLine ensures that all email messages sent via SMTP or through our WebMail interface are sent securely, while remaining flexible enough to allow exceptions where appropriate for usability. The chart below shows how SecureLine can be adjusted to fit the scope of your compliance.

Who sends ePHI? Is non-ePHI sending required? Solution
Everyone
Never Full account-wide lockdown. All users are required to send securely. Insecure sending is entirely prohibited.
Everyone
Occasionally for some users Account-wide lockdown with opt-out enabled. All users are required to send securely, but certain users are permitted to opt-out on an individual message basis. All opt-outs are logged.
Everyone
Occasionally for all users All users have logins to two separate domains — one for secure sending (typically a subdomain), and one for non-ePHI sending. The secure domain is completely locked down to prohibit non-ePHI sending.
Some Users
Never Majority of users have logins in a non-HIPAA domain, while the few that send ePHI have logins in a different HIPAA-secure domain (typically a subdomain). The secure domain is locked down to prohibit non-ePHI sending.
Some Users
Occasionally Majority of users have logins in a non-HIPAA domain, while the few that send ePHI have logins in a different HIPAA-secure domain (typically a subdomain). The secure domain is set to allow opt-outs. All opt-outs are logged.

Final Review

Your security settings are locked down as soon as your account is created. Once we have your signed BAA and ARA, LuxSci gives your account a final review to make sure everything is in order. At this point your account is considered HIPAA-compliant.

Users are locked down to certain security settings based on whether they will be sending ePHI or not:


Feature Sending non-ePHI Sending ePHI
Global enforcement of outbound email encryption via WebMail
Global enforcement of outbound email encryption via SMTP
Opt-out of secure sending
Forced secure logins for all services
Email forwarding only over TLS
Insecure email forwards and aliases allowed
WebAide App encryption allowed
Auditing of Blog, Document, and Password apps
Password strength requirement
Strength may vary 8+ Alphanumeric + Hard to Guess
WebMail session timeout after inactivity
Length may vary up to 3 hours


Beyond email sending, LuxSci ensures compliance of your email and other data (e.g. WebAides, Widgets, etc.) per the terms of our Business Associate Agreement with you.

HIPAA-compliance Features

LuxSci's HIPAA-compliant email was specifically designed to satisfy all HIPAA rules and security requirements. With the implementation and utilization of the following features, and after review and lock down by LuxSci Support, we will confirm your account as being HIPAA compliant in terms of our HIPAA Business Associate Agreement.

HIPAA Account Feature Included
Signed HIPAA Business Associate Agreement

LuxSci provides a Business Associate Agreement compatible with the HITECH amendments of HIPAA. This defines LuxSci's role in maintaining the Privacy of Protected Health Information (PHI) for you as you seek to be HIPAA-compliant. A document like this is required by HIPAA of any vendor that you use.

HIPAA Compliance Seal / Trust Mark

Once your account is certified by LuxSci as meeting its HIPAA Security Requirements, you can use a LuxSci HIPAA Compliance Seal on your web site or in your HTML Email Signatures, Taglines, or Disclaimers.

A sample HIPAA Seal looks like this (click on it to see an example certification page):

LuxSci helps ensure HIPAA-Compliance for email and web services.
LuxSci helps ensure HIPAA-Compliance for email and web services.
Accounts with Mixed HIPAA and non-HIPAA Domains

HIPAA accounts can be either globally secure, so all users are compliant and encryption and security are fully-enforced for all messages, or they can be secured on a per-domain basis. In the per-domain case, only users in specified "HIPAA Domains" are required to send all email securely; users in other domains can send insecure email messages but cannot deal with ePHI at all. All users in these accounts share certain basic security considerations such as strong passwords, required use of SSL and TLS for server access, etc.

Use of per-domain HIPAA allows organizations to easily manage their compliant and non-compliant domains in a single account and also permits limited collaboration and sharing between non-HIPAA and HIPAA user logins.

Customers can select account-wide or per-domain HIPAA accounts during the ordering process.

ePHI Safeguarded

As required by the HITECH amendment to HIPAA, LuxSci follows the HIPAA Security and Privacy Rules with respect to all ePHI in your HIPAA-enabled accounts. This means that LuxSci actively ensures that the privacy of all electronic health information is safeguarded while it is stored on our servers, passing through our servers, or on our backups. It also means that LuxSci staff comply with all HIPAA Security and Privacy requirements:

  • Physical safeguards and data access control for ePHI
  • Staff training and administrative policies
  • Facility access control and security for ePHI
  • Contingency plans, backups plans, and disaster recovery for ePHI
  • Workstation security and usage lock down with respect to ePHI

I.e. LuxSci staff themselves obey all of the same HIPAA Security and Privacy requirements that our customers face when dealing with ePHI.

Secure Mobile Email, Calendar, Contact, Task, and Notes Access

Mobile Sync is an optional service that enables you to synchronize email, calendars, contacts, tasks, and notes on your mobile devices automatically and in real time. Mobile Sync is HIPAA-compliant and provides "Remote Wipe", so you can delete ePHI from your mobile device should it become lost or stolen -- preventing possible HIPAA breaches.

Even without Mobile Sync, LuxSci's IMAP, POP, and SMTP services can be used to securely send and receive email on most mobile devices.

Email Archival

LuxSci can offer you an archival solution that is comprehensive, cost-effective, and compliant with most current federal regulations including:

  • Permanent single-instance storage on Write-Once Read-Many (WORM) media
  • Redundant storage in 2 different locations.
  • Powerful full-content search with immediate results
  • Message export and import
  • Unlimited storage capacity included
  • Retention of email for 30-days to 10-years.
Data Transmission Security & Encryption

In addition to enforced use of SSL and TLS for all connections to our servers, all users automatically send and receive email securely using our SecureLine end-to-end encryption service. All outbound messages sent via SMTP, WebMail, or Premium Mobile Sync will be automatically encrypted. Additionally, SecureLine allows your users to send secured messages to anyone with any valid email address, even if they do not have TLS or S/MIME or PGP support. Those recipients can easily reply back securely or use our SecureSend portal to register for free and initiate secure messages to your SecureLine users.

To provide a user-friendly environment, certain work-arounds are possible, such as the use of TLS transmission for certain recipients instead of end-to-end encryption. See Restrictions to HIPAA Accounts at LuxSci.

Message Integrity Controls

LuxSci's SecureLine and enforced connection encryption (SSL & TLS) ensures that the messages cannot be modified while in transit. Message integrity is assured. Additionally, LuxSci's SecureLine permits the addition of digital signatures to encrypted messages to further ensure the message integrity and prove the identity of the sender.

Unique User Identification & Authentication

LuxSci requires that user names and passwords be entered for access to any of its services. The system recognizes users based on their login information, and controls access based on their identity. HIPAA-compliant accounts are required to utilize a high level of password complexity: 8 characters consisting of letters and numbers or symbols. The password must have "high entropy" and not be easily guessable. Automatic auditing of password changes and password resets is required and performed for HIPAA accounts.

Emergency Access to Email
LuxSci provides a facility for securely archiving copies of all inbound and/or outbound messages for backup and auditing purposes. Administrators thus have secure access to copies of all message content for emergency or other reasons. LuxSci also provides other optional features such as Message Continuity that is used to ensure access to email messages in the event of LuxSci server or data center failure.
Automatic System Logoff

HIPAA compliant accounts have a 20 minute default idle period to web-based interfaces (WebMail). The system will automatically log users off after 20 minutes of inactivity; this can be increased to 3 hours by account administrators. Other services such as POP, IMAP, SMTP and Mobile Sync also have automatic idle timeouts.

Access Audit Controls

LuxSci provides comprehensive security auditing for all accounts. Included in the security audits are password changes, resets, and lookups by LuxSci staff; user access to services such as WebMail, Email Sending (SMTP), POP, IMAP, Mobile Sync, and more; changes to any of the specific "Maximal Security" settings, as well as changes to the "Maximal Security" lock down status. These reports enable verification of user, administrator, and LuxSci Support staff activity on access and security specific changes to the account.

Data Backups & Data Disposal

LuxSci automatically makes backup copies of all data on our servers, including all customer ePHI. Daily backup copies are kept on-site for 2 days and Weekly backup copies are kept off-site for 4 weeks. All data is transmitted securely to the backup servers and stored there in a HIPAA-compliant way. After 4 weeks, all backup copies are destroyed. Accounts can ask for data to be restored from backup for free once/month. LuxSci's Email Archival provides permanent, immutable email storage on servers in multiple geographic locations, updated in real-time, with weekly backups made to optical media. See our complete backup and restore statement for additional information.

Maximal Security Enforcement

The LuxSci "Maximal Security" setting provides individual accounts with the highest level of email security. Security includes implementing the 20 minute WebMail timeout maximum, forcing appropriate outbound encryption, setting password strength requirements, and forcing secure logins. LuxSci support manually reviews any account needing to be HIPAA compliant and ensures that the Maximal Security setting is locked down so these security settings cannot be altered.

Optional Encryption Opt Out on a Per-Message Basis

Though disabled by default, administrators can choose to allow users the option to opt out of SecureLine encryption for a particular message. However, the user must explicitly agree that the message they are sending does not contain any ePHI. All messages sent without SecureLine encryption are logged for auditing purposes, and copies of them can be sent to an auditor email address for review.

Opt Out is available both in WebMail and for messages sent via email programs using our SecureLine Outlook Plugin or via adding opt out content to the email subject line.

Optional VPN Access for Enhanced Security

LuxSci can provide a Virtual Private Network (VPN) connection to further secure access to our email, web, and database servers.

General Features

Feature
SecureLine: Encryption
Email Archival
Email Filtering
WebAides App Collaboration: Calendars, Contacts, Tasks, File Storage, and more
Compatible with All Major Email Programs

LuxSci supports many versions of all popular email clients (though we recommend using the latest version of each product if possible), both licensed and shareware. If you use a lesser known email client, we should be able to help you configure it as long as the program supports either IMAP or POP, plus SMTP.

Mobile Access (iPhone, Android, iPad, etc.)

Blackberries, iPhones, iPod Touches, iPads, Android and Windows Mobile are some of the more popular mobile devices available to professionals. LuxSci supports all of these phones, as well as any other phone that properly supports the IMAP, POP and SMTP protocols. If your phone doesn't support these protocols but does have a mobile web browser, you have the option to access your email using LuxSci's Mobile Site.

Mobile Push Email

LuxSci's Mobile Sync service includes "Push Email" for email viewing, real-time pushing of new email to your device, as well as for sending of outbound email from your device through LuxSci's servers.

Push email is good for mobile battery longevity and for getting notifications of new email messages as fast as possible.

POP with secure access over SSL/TLS
IMAP with secure access over SSL/TLS
SMTP with secure sending over SSL/TLS
Anonymous SMTP (hide your IP)
Custom Email Filters
VPN Access

WebMail Features

Feature
Robust, Fast, Automated WebMail

WebMail is designed to work much like a desktop email program.

  • Web 2.0 / AJAX
  • Automated checking for new email and folder changes every 30s
  • Automatic loading and display of new email
  • Drag and drop attachments
  • Drag and drop copy and move of messages
  • Lots of customization preferences
  • View shared email from multiple accounts in one screen
  • Automatic concurrent checking for new email in multiple folders
Internet Explorer v10+, Edge, FireFox, Safari, Opera, Chrome
Secure Access From Anywhere

LuxSci's WebMail interface ALWAYS gives you secure access to your email from any computer or mobile device with Internet access (via SSL with Extended Validation) unless you specify otherwise. WebMail is fully supported in Internet Explorer, FireFox, Opera, Safari, and Chrome. Our Mobile Site, which is a lightweight version of WebMail, is ideal for accessing email using the browser in your mobile phone or for extra security, privacy and simplicity.

WebMail supports Two-Factor authentication (simple via a Google Authenticator, text message, email, or advanced via integration with www.Duo.com), IP access restrictions, and more.

Mobile Version of WebMail

LuxSci provides a standard, full-featured, Web 2.0 WebMail interface (a.k.a the "Full Site"). For the sake of usability and feature richness, this full-featured portal makes extensive use of graphics, cookies, JavaScript, HTML5 and some features of modern web browsers to enhance the user experience. It is also designed for a wide screen viewing area.

The software requirements that make the full-featured portal good-looking and easy to use also have their down sides. The "Mobile Site" is the solution to these concerns:

Access the Mobile Site automatically with a mobile browser by visiting: https://xpress.luxsci.com

  • Blazing Speed: If you have a slow Internet connection or limited bandwidth, the Mobile Site offers faster service. It has been optimized to use less bandwidth, which makes the pages smaller in size, faster to download, and easier to read on your mobile device.
  • Mobile Devices and Narrow Screens: The Mobile Site will work with almost any mobile device, tablet, or PDA that has a web browser. We work tirelessly to ensure the quality of Mobile site pages, especially on smaller screens.
WebMail with secure access over TLS
WebMail via optional easy one touch/click password-less logins
Private Labeled Branded WebMail
Email Folder Management Tools

We provide you with online tools for creating, deleting, renaming, managing, and searching your email folders.

  • Supports any number of folders
  • Folders can contain messages and/or other folders
  • Folders are accessible via WebMail and IMAP
  • Remove Duplicates: Configure removal of duplicate messages in any folder based on message ID, subject, sender address and size. Message removal can run automatically on a nightly basis or manually at any time at the push of a button.
  • Auto-deletion: Configuration options allow you to automatically remove "old" messages in any folder to: 1. Reduce the folder size to some fixed maximum 2. Reduce the number of messages in the folder to some fixed maximum 3. Eliminate messages older than a specified number of days.
  • Auto-Archival: Archival options can be designed to your specific needs. The function can occur as you prefer; daily, weekly, monthly, bi-monthly, yearly or when YOU feel the folder has exceeded desired storage size of message allotment. You can even have a folder auto-archived; which will move messages to a new dated subfolder at your convenience.
  • Offline Storage: Download your email folders as ZIP-compressed archive in UNIX- or EML-format for offline storage.
  • Create, rename, move, and delete folders and directories.
  • Concurrent Access: Makes it easy to share access to email by allowing multiple users, using different email clients, access to the same email folders concurrently without issue.
Email Folder Sharing
Email Message Tagging & Adding Keywords
Automated Suggestions from your Address Books

When composing email messages, WebMail will automatically give you recipient suggestions by searching all of your address books for matches; in the name, company, email and nickname fields. You can alter, eliminate or add to these suggestions via keyboard or mouse. This WebMail feature makes it quick and easy to enter recipient email addresses and avoid making errors.

Annotating Email Messages
Signatures: Custom Reply-To/From

WebMail signatures allow you to add personality to your email. In addition to adding a signature to the end of your messages, you can customize the sending name and address. This is ideal if you have many different email addresses [not all of which are hosted at LuxSci] and need to send email (from a single WebMail application) that appears to come from any one of them.

  • Unique signature technology; similar to other services' "personalities".
  • Support for unlimited signatures.
  • Each signature has independent HTML and plain text versions.
  • HTML signatures support embedded images
  • With Signatures you can include files that will attach to all messages sent using those signatures (e.g. add a vCard or a PDF with all messages).
  • Determine whom your email appears to be from (you specify the From address and name; From name can be in any language).
  • Determine to whom replies to your email will be sent (you specify the Reply-to address).
  • If you reply to an email, WebMail will try to match the recipient address of the email to one of your signatures so that you automatically use the right signature for the right email -- no mistakes.
  • Change your signature "on the fly" in WebMail and have the signature content automatically updated in the message.
  • Use signatures either at the top of or at the bottom of replies and forwards.

Use of signatures to send emails forged with addresses that you do not have permission to use is a violation of our Acceptable Use Policy.

International Locale and Language Support

LuxSci's WebMail interface fully supports sending and receiving email messages in any language or multiple languages:

  • View messages encoded in any language or languages.
  • Compose messages in any language or languages.
  • Configure default encodings to use when none are specified.
  • Support for encoded content in subject and sender name fields.
  • UTF-8 Unicode is used throughout our site.
  • Our user interface is translated into many different languages.

LuxSci WebMail is designed for optimized work with dozens of languages such as: English, Spanish, French, German, Russian, Chinese, Japanese, Korean, Swedish, Hebrew, Portuguese, and many more.

Additionally, WebMail allows you to configure:

  • Preferred time zone
  • Preferred date and time format
  • Week start day
Drag and Drop Attachment Uploads
Many Other Features (click to see the list!)

WebMail's feature-rich options include:

  • International Email Support: Send and receive secure email in any language or character encoding. Support for multiple character encodings in one message.
  • Security: WebMail is fully integrated with our SecureLine end-to-end email encryption service.
  • Full, robust HTML email composition supported in Internet Explorer v9+, FireFox, Opera, and Safari
  • Automatically checks for new email in multiple folders.
  • Spell checking in real time as you type. This feature supports multiple languages and customized user dictionaries. (Uses the SCAYT Text and HTML spell checking technology from SpellChecker.net.
  • Defer email messages: hide messages in any folder and have them re-appear at later scheduled times for action.
  • WebMail composition: Auto-save your work so you never lose a message in progress.
  • Full screen viewing mode
  • Automatic checking of your INBOX for new email
  • Plain Text and HTML Email Templates
  • Send any number of attachments
  • Forward messages inline or as attachments
  • Delete attachments from messages
  • Save/resume compositions using a Drafts folder
  • Request and respond to Read Receipts
  • Set and view importance-level and flags on messages
  • View images and HTML attached to your messages inline
  • View/download attachments
  • View complete email message headers
  • View complete message source
  • Download individual messages
  • Sort messages by date, sender, subject, size, and more
  • Address Books, personal and shared, are integrated with WebMail.
  • A large number of personal preferences allow you to tweak WebMail to behave just the way you want it to. Some of these include:
    • Six different selectable layouts of the folder tree, message list, and message display areas
    • Choose destination of deleted messages: remove, mark as deleted and/or save to a trash folder
    • Customize both the information that displays in your message list and the order in which the information is displayed
    • Customize if message previews are used and if HTML and image content is displayed automatically inline
    • Many, many more -- get a Free Trial and see them all.

Outbound Email Features

Feature
Reporting: Messages Sent
Searchable, sortable, and downloadable reports of messages sent.
Reporting: Tracking and Deliverability
Searchable, sortable, and downloadable reports of the state of delivery of every message to every recipient. You can see what has been sent, what is still queued, what has been delivered successfully, what has failed ... and exactly why. Reports include the reasons messages may be delayed, exactly why they bounced, and what the recipient servers said when they were delivered. Aggregate reports give you overall delivery statistics on a daily and monthly basis.
SMTP Relaying with security access over TLS/SSL

LuxSci provides SMTP Relaying so that you can send email from email programs (WebMail does not require "SMTP" service to send email).

  • Secure SMTP via TLS and SSL
  • Alternate Ports for secure and insecure SMTP -- including port 80 -- which is open in most firewalls.
  • All of our email servers support TLS and will talk securely with other servers whenever possible (opportunistic TLS).
  • Anonymous SMTP: Remove all information about your sending computer (its IP address) and email client when sending messages. This feature is available over SSL and TLS as well for email security. It is available to all clients who subscribe to SMTP services. More about Anonymous SMTP
  • More about SMTP
DKIM - Sign outbound messages
[Optional] Configure DKIM for the domains from which you are sending and get information to add to their DNS so that your recipients can verify your messages and improve their deliverability.
Large Email Messages: up to 200 MB
Security: Email Encryption (via SecureLine)
Anonymous Email (Hide your IP)
High Volume Outbound Email Sending
Outbound Email Forwarding

Users can:

  • Send copies of all outbound email to a designated email address
  • Send copies of all outbound email messages to a server-side sent email folder (without IMAP)

Domain administrators can:

  • Send copies of all outbound emails, from all users, to a designated email address. Certain users can be exempted from this process.
Taglines/Disclaimers

Global taglines or disclaimers in text and/or HTML cab be configured to appear at the end of all messages sent by your users.

  • Applies to messages sent via WebMail and from email programs using SMTP.
  • Configurable on a per-domain basis
  • Taglines/disclaimers can be added as attachments or added as part of the message content itself.
Outbound Email Content Monitoring

Monitor the content of all messages sent from WebMail or from email programs using SMTP.

  • Search for keywords or key phrases
  • Use regular expressions
  • Searches all HTML and plain text message parts
  • Search your choice of the message subject, message body content, or both
  • Can block messages, send copies of matching messages to an auditor email address, or auto-encrypt matching messages
Smart hosting

LuxSci's authenticated SMTP services can be used as a "smart host", which allows users to relay all email from your internal server though our servers for processing before being sent out into the Internet.

With smart hosting, you can take advantage of all of LuxSci's SMTP features, such as automatic outbound email encryption, anonymization, taglines and content monitoring.

Our "Intelligent" Smart host feature treats your email as if it were sent by your individual users. It looks at the "From" address on each message, rather than the single user connecting to LuxSci's SMTP services. This permits enforcement of per-user SMTP limits, per-user reporting on SMTP usage, per-user customization of taglines, per-user exemptions from some tools, and full support SecureLine automatic end-to-end outbound email encryption.

Intelligent smarthost is included with our standard SMTP service.

Smart hosting for Office365 and G Suite is also supported.

Other Features

Feature
Filtering: Spam, Virus, Content and Attachments
Archival: Inbound and Outbound Email
Collaboration Apps: Shared Address Books, Calendars and Tasks
User Login Auditing and Tracking

View your own plus your users' IMAP, POP, SMTP, and WebMail login and connection histories for up to 30 days if you have administrative access.

Email Auto-Responders / Vacation Notices

Email auto-responders let you setup pre-defined responses to email messages that you receive while you are away -- out of the office, on vacation, or otherwise unavailable. They also allow for the configuration of complex automated response rules.

Features include:

  • Automatic response to incoming email messages.
  • Different responses based on to which of your email addresses or domains the message is addressed
  • Configure responses based on arbitrary criteria such as: sender address, subject content, body content, email header content, etc.
  • Sign the replies with your signatures.
  • Specify the subject line and body of each reply.
  • Activate and deactivate the auto-responders manually or set a scheduled time window for activation and de-activation.
  • Enable "nags" to notify you that your responder is still enabled after a specified date.
  • HTML-formatted or plain text-formatted response content.
  • Configurable time window during which senders will not get duplicate responses for multiple messages sent.
  • Rate limits so that the same sender does not receive too many responses from you and so that your responders cannot be used to create denial of service situations.
  • Customer-accessible audit trails of all responses sent. Includes when, to whom, for what responder, and what the subject of the original message was.
Email Forwarding and Email Aliases

An email alias is not an actual user, but rather a rule that indicates to whom the email should be delivered. Individual users can also configure email forwarding for their inbound email.

Features include:

  • Catch-all aliases to capture email to non-existent address at your domain.
  • Redirect email to any address at your domain to one or multiple real local or remote email address(es).
  • Redirect email to multiple addresses at once. (Limit: 25 addresses or the number of users in your account, whichever is larger).
  • Lots of aliases; change them anytime you wish via our secure online tools or our API.
  • Domain Forwarding Catch All Aliases allow you to forward any address at one domain, "domain1.com", to the same user at a second domain, "domain2.com".
  • Powerful Alias Manager has search features that allow easy management and reporting on thousands of aliases across hundreds of domains.
  • Aliases can: forward email to one or more recipient addresses, send custom email bounce messages, and automatically delete all incoming email.
  • User Groups WebAides can be used to create and manage distribution lists to selected groups of users in your account.
Auto-Download POP Email from Other Accounts

If you have other email accounts with POP access, you can download messages from these remote accounts to your LuxSci email folders.

Features Include:

  • Store information for an unlimited number of remote POP email accounts
  • Download mail from each account to any email folder
  • Have your email downloaded automatically every 20 minutes
  • Use your inbound email, anti-Spam, and anti-Virus filters, including Premium Email Filtering to filter downloaded messages before forwarding to your LuxSci account. This is a great solution when your remote email account doesn't permit email forwarding but you want to download and filter those messages.
  • Delete or leave the remote email on the remote server when downloading manually. Messages are deleted from the server with automatic message downloads.
  • Optionally preview messages before downloading: select what to download or delete.
  • Download email from one or ALL remote accounts individually or at once.
  • Secure POP (SSL) connections to remote POP servers.
  • Use "Signatures" to manage multiple email accounts.
  • Full support of previewed email messages with text in most languages.
Receive automated email alerts (of an email address or list of your choice at a frequency of your choice) which list all email delivery failures including:
  • When the message was sent
  • Who sent it and from what address
  • What the subject was
  • The address of the recipient that failed
  • Exactly why the delivery failed

These email alerts are HTML for easy reading and include a CSV (Excel) file with all of the data for easy analysis. With these reports you can always be aware of failed deliveries and do not have to worry about getting and reading bounce messages. You can configure these reports so that managers can get copies of the failure reports for users and thus can ensure that important messages are all properly delivered.

Feedback Loops with Major ISPs
We collect spam complaint reports via agreements with major ISPs to detect spamming and other issues quickly and to help keep our servers off of black lists. Users and administrators can see reports of SPAM complaints in our web interface. Users and administrators can also have digests of their received SPAM complaints automatically emailed to them (with detailed information in attached CSV files) so that they are made aware of issues as soon as possible and to make opting complaining recipients out of mailing lists quick and easy.