EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 15 May 2017, 02:21 PM   #1
elvey
The "e" in e-mail
 
Join Date: Jan 2002
Location: San Francisco
Posts: 2,458
Question Mail to kp.org, ucsf.edu,sfdph.org,dmhc.ca.gov, scriptSiteRX.com opp12y encrypted?

Updated: Title with more domains to make/keep OP current.

Mail to kp.org, ucsf.edu,sfdph.org,dmhc.ca.gov, scriptSiteRX.com domains opportunistically encrypted?


Apropos Opportunistic SSL/TLS encryption on incoming emails --https://blog.fastmail.com/2009/04/16/opportunistic-ssltls-encryption-on-incoming-emails/
IIRC, there's also Opportunistic SSL/TLS encryption on OUTGOING emails. And I vaguely recall there was a some kind of post showing the fraction of mail that is actually encrypted at some point (I haven't tried to find it...)

My question is, is outgoing mail to the kp.org domain normally encrypted? I'm considering sending email there (to the records department -- oak-roi@<that domain> ) and will not do it if it isn't, and don't have a good way to message the department if I can't email it. I've been admitted to the hospital and will be here for at least another week. (The alternative is to resort to faxing with an internet fax service, which is arguably slightly less or more secure than unencrypted email.)

I'm not worried about STARTTLS downgrade attacks
-- http://www.emaildiscussions.com/showthread.php?t=71133&highlight=smtp+encryption
.

If anyone from fastmail can check the logs to answer this question, I'd appreciate it. I suppose I can open a support request, but the answer could be generally useful, so I'm asking here.

Last edited by elvey : 25 Jan 2020 at 09:55 AM. Reason: Squeeze in other domains: ucsf, DMHC, sfdph,...
elvey is offline   Reply With Quote

Old 15 May 2017, 02:31 PM   #2
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,917
I suggest using their secure message service. See:
https://share.kaiserpermanente.org/a...-care-quality/

Bill
n5bb is offline   Reply With Quote
Old 15 May 2017, 05:29 PM   #3
elvey
The "e" in e-mail
 
Join Date: Jan 2002
Location: San Francisco
Posts: 2,458
Quote:
Originally Posted by n5bb View Post
I suggest using their secure message service. See:
https://share.kaiserpermanente.org/a...-care-quality/

Bill
It's not available to former members.

They lock you out - no access to online records. Awful if it's unexpected, as was the case with me.

But as a member, it's great to be able to email your doctors and pharmacist, etc and get replies securely!

Last edited by elvey : 16 May 2017 at 01:47 AM.
elvey is offline   Reply With Quote
Old 16 May 2017, 01:44 PM   #4
brong
The "e" in e-mail
 
Join Date: Jul 2004
Location: Melbourne, Australia
Posts: 2,696

Representative of:
Fastmail.fm
2017-05-15T03:50:24.281947-04:00 gateway1 postfix-out/smtp[2091062]: Trusted TLS connection established to mail2.kp.org[162.119.233.53]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
2017-05-15T03:50:26.208210-04:00 gateway1 postfix-out/smtp[2091062]: 789442086A: to=<oak-roi@[...]

Yes, they are.
brong is offline   Reply With Quote
Old 17 May 2017, 01:47 AM   #5
elvey
The "e" in e-mail
 
Join Date: Jan 2002
Location: San Francisco
Posts: 2,458
Thanks BronG!

Emailed 'em. Turns out they have a secure email system that kicks in when they reply.
It's separate from the usual one for current members, but lets me reply securely. It says you have a reply, click here to set up an account so you can read the message, and doing so drops me into a web app that supports replies, etc.
elvey is offline   Reply With Quote
Old 6 Jun 2017, 08:15 AM   #6
elvey
The "e" in e-mail
 
Join Date: Jan 2002
Location: San Francisco
Posts: 2,458
BronG, can you check ucsf.edu too?
elvey is offline   Reply With Quote
Old 6 Jun 2017, 08:33 AM   #7
brong
The "e" in e-mail
 
Join Date: Jul 2004
Location: Melbourne, Australia
Posts: 2,696

Representative of:
Fastmail.fm
gateway2 postfix-out/smtp[2967920]: Trusted TLS connection established to cuda.ucsf.edu[64.54.247.181]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

yep, they all look like this.
brong is offline   Reply With Quote
Old 9 Jun 2017, 04:05 AM   #8
elvey
The "e" in e-mail
 
Join Date: Jan 2002
Location: San Francisco
Posts: 2,458
Cool, thanks. Kind of a weird way to ensure security, but weirdly effective.

And for others, note that if you can look at the email headers, you can see whether the connection was encrypted. E.g. from the header of a message I received:

Received...
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
elvey is offline   Reply With Quote
Old 31 Aug 2017, 09:50 AM   #9
elvey
The "e" in e-mail
 
Join Date: Jan 2002
Location: San Francisco
Posts: 2,458
BronG, can you check dmhc.ca.gov too?
elvey is offline   Reply With Quote
Old 31 Aug 2017, 10:02 AM   #10
brong
The "e" in e-mail
 
Join Date: Jul 2004
Location: Melbourne, Australia
Posts: 2,696

Representative of:
Fastmail.fm
(Elvey - this was your email to them)

2017-08-28T21:05:01.140957-04:00 gateway2 postfix-out/smtp[1605279]: Trusted TLS connection established to dmhc-ca-gov.mail.protection.outlook.com[216.32.181.42]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)
brong is offline   Reply With Quote
Old 2 Sep 2017, 02:27 AM   #11
elvey
The "e" in e-mail
 
Join Date: Jan 2002
Location: San Francisco
Posts: 2,458
Quote:
Originally Posted by brong View Post
(Elvey - this was your email to them)

2017-08-28T21:05:01.140957-04:00 gateway2 postfix-out/smtp[1605279]: Trusted TLS connection established to dmhc-ca-gov.mail.protection.outlook.com[216.32.181.42]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)
Thanks. ( Pleasant surprise to see Microsoft got with the program on this. I would hazard a guess that all connections to MX that resolve to *.mail.protection.outlook.com are normally opportunistically encrypted. )
elvey is offline   Reply With Quote
Old 6 May 2019, 05:52 AM   #12
elvey
The "e" in e-mail
 
Join Date: Jan 2002
Location: San Francisco
Posts: 2,458
Cool Regular email is NOT prohibited by HIPAA

FYI:

Please be aware that HIPAA - regulated healthcare entities ARE allowed to send PHI via regular mail:
https://www.hhs.gov/hipaa/for-profes...x.html*states:
"...*the Privacy Rule does not prohibit the use of unencrypted e-mail ...**Note that an individual has the right under the Privacy Rule to request and have a covered health care provider communicate with him or her by alternative means or at alternative locations, if reasonable. See 45 C.F.R. § 164.522(b).*"

So regular email is generally appropriate if a patient requests it or if, because of safeguards that have been applied, such as the ones that this thread shows have been applied, normal email between identified parties is encrypted already.

Some of those HIPAA-compliant systems are much worse than others, so this can be valuable info. So I reposted this outside the FM board, here: http://www.emaildiscussions.com/showthread.php?t=74378, along with a poll: Surprised? Y/N?

Last edited by elvey : 6 May 2019 at 06:00 AM. Reason: Mention reposting.
elvey is offline   Reply With Quote
Old 6 Jun 2019, 07:35 AM   #13
elvey
The "e" in e-mail
 
Join Date: Jan 2002
Location: San Francisco
Posts: 2,458
apple.com

BronG, can you check apple.com (as in product-security@apple.com) too?
And maybe the top n destinations fastmail/ME sends mail to?
elvey is offline   Reply With Quote
Old 25 Jan 2020, 09:49 AM   #14
elvey
The "e" in e-mail
 
Join Date: Jan 2002
Location: San Francisco
Posts: 2,458
Question

Quote:
Originally Posted by elvey View Post
BronG, can you check apple.com (as in product-security@apple.com) too?
And maybe the top n destinations fastmail/ME sends mail to?
Bump. Also, scriptSiteRX.com?

Last edited by elvey : 25 Jan 2020 at 09:55 AM.
elvey is offline   Reply With Quote
Old 5 Feb 2020, 04:30 PM   #15
brong
The "e" in e-mail
 
Join Date: Jul 2004
Location: Melbourne, Australia
Posts: 2,696

Representative of:
Fastmail.fm
Obviously apple.com is fine: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

scriptsiterx.com uses Google for MX, so they're good too, though only 128 bits:


TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
brong is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 01:01 AM.

 

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy