be Smart.
be Secure.
Phone: 800-441-6612
VPN Access

Account Administration Security Features

Account Administration Security Settings

Feature Available

Enforced use of SSL

Account administrators have the option to force their users to connect to our email and web services (i.e. WebMail, POP, IMAP, SMTP, FTP, and MySQL) exclusively over SSL. The account administrator enables this option by checking a single checkbox in his/her account. After the option is enabled, all account users will be denied access to these services unless they connect over SSL-secured channels. Thus, the administrator can enforce security policies very easily.

This policy can be configured globally, per-domain, or per-user.

Password Strength Settings

In addition to the SSL-protection of usernames and passwords, administrators can customize the required degree of complexity for user passwords. The range of complexity is manageable. It can be designed to require a very weak password or very strong passwords (16+ alphanumeric characters that pass entropy-based password guessing criteria and restrict passwords from containing parts of a user's username).

Support can also optionally enable "hacked password checking" ... where passwords are checked against a large database of passwords that have been publically exposed by breaches across the Internet.

Password Reuse Policies

LuxSci tracks previously used passwords and the time period when they were in use. We keep "hashes" of these passwords for security reasons. However, we cannot determine what these passwords actually were!

Preventing password reuse helps protect an account from unauthorized access. When a user changes his/her password, the new password must be different from any password that he/she used in the past year. It must also differ from their four previous passwords.

Account administrators can customize their password reuse requirement. It can be established weakly; requiring that new passwords merely be different from the current password. The requirement can also be established with strength; requiring that the new password differs from the user's last eight passwords and be different from any password in use over the previous two-year period.. This can be configured account-wide and/or on a per-domain basis.

Password Expiration Policies

Administrators can optionally force users to change their passwords after a certain length of time to keep them from being "too old". If a user's password expires, all services (except WebMail) are auto-disabled until the user logs in to reset his/her passwords. Administrators can configure the password expiration based on password age. The expiration can be configured from anywhere between seven days to one year. Additionally, administrators can specify when expiration warnings are sent to their users. Two such messages will be sent to all users.

Passwords Never Saved in Plain Text

LuxSci does not save plain text versions of user passwords. Rather, they are always saved as a hash (for regular login passwords) or they are encrypted with PGP (for personal certificate Password Escrow, when this feature is enabled). Translation: even senior LuxSci staff does not have access to view user passwords.

WebMail Login Lockout due to Login Failures

Users will be prohibited (locked-out) from logging into WebMail for 10 minutes after five unsuccessful login attempts. This helps prevent password guessing attempts on our WebMail login page.

Administrators can further customize lock-out parameters. They can choose how many login failures result in a lock-out (from one to twenty) and they can choose how long the lock-out window lasts (from one minute to two hours). All of these configurations help limit password guessing, especially by automated systems. However, some accounts have specific requirements in this regard.

The password lock-out feature applies "per IP address", so users cannot be locked out by another user trying to guess his/her password at another location. It is also configurable on an account-wide or per-domain basis.

Custom Lost Password Instructions

LuxSci Support Staff can typically retrieve a user's forgetten password. All the user must do is click the link on the LuxSci login page and fill out a basic form. With that information LuxSci Support Staff can verify the user's identity (manually) based on certain criteria such as pre-configured alternate email addresses, phone numbers and security questions. Support would then send the user a password reset link.

In some cases, account administrators do not want their users (or specific) users to be directed to Support, but to be given specific instructions for lost passwords.

Administrators have the option to specify "Lost Password Instructions" account-wide, per-domain and/or per-user. Any affected users who request password help from the login page will get these instructions instead of being sent to Support.

Self-Serve Secure Password Reset System

Login Session Length Enforcement

Account administrators can configure a maximum WebMail login session timeout (for all users) from anywhere from five minutes to eight hours of inactivity.

Administrative Access for Multiple Users or Accounts

Administrators can delegate administrative access to other account users on a per-domain basis as needed. Administrators can also manage multiple LuxSci accounts from a single login if needed.

SecureLine Encryption Policies

Account administrators can quickly enable SecureLine email encryption settings on an account-wide and/or domain-wide basis. This includes auto-creation of user PGP and S/MIME certificates, forced use of email encryption, inbound email auto-decryption, etc.

Successful/Failed Login Alerts

Users can receive email alerts detailing successful and/or failed logins to their accounts. These alerts can go to a custom list of email address and can be enabled/disabled per service (e.g. POP, IMAP, WebMail, SMTP, FTP).

By default, failed login alerts are enabled and successful login alerts are disabled.

Maximal Security Settings and Enforcement

LuxSci provides account administrators with a "Maximal Security" button. This feature allows them to configure all of the global or domain-wide security options to settings that ensure maximal security in one click. This configures such things as forced use of SSL, strong passwords and forced use of SecureLine (where applicable).

Account managers can also request Support "Lock Down" these settings to ensure nobody in the account can alter them without contacting support directly, getting approval and leaving an audit trail.

If you want maximum email security and the assurance that your email account is setup correctly and cannot be circumvented, this is for you.

Starting at $10/mo
Sign Up

"I am extremely satisfied with your security features and with the extent of knowledge of your support staff. You provide a solid, reliable service and also manage to continue to add more thoughtful features -- all at a reasonable price."

—Kevin Rasmussen, Co-owner, Keo Scientific Ltd.,

TRUSTe Privacy Certification Refund Policy Thawte Extended Validation SSL Certificate
McAfee Secure TRUSTe Privacy Certification Thawte Extended Validation SSL Certificate Refund Policy
• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries