At Flume Health, we're dedicated to providing all of the people we serve with straightforward and secure routes to communicate with us. We send a lot of email and we've taken steps to ensure that our email is not only compliant with the law, but is up to our Information Security standards as well.
How we secure email
1. We only communicate over encrypted connections.
On all of our web services and email we require TLS to communicate with us. TLS is a layer of encryption that gives "HTTPS" its "S." TLS is the standard used by everyone from the US Federal Government to banks to search engines to communicate securely.
- If you try to send an email to us that is not on an encrypted connection, we may still receive it. However, it will be flagged as insecure, and we will typically investigate why that happened.
- If you email us from a modern email provider that has encryption available, we will require that provider to send those emails to us over an encrypted connection. This includes gmail.com, yahoo.com, ymail.com, rocketmail.com, outlook.com, hotmail.com, live.com, msn.com, passport.com, aol.com, icloud.com, me.com, mac.com, att.net, comcast.net and protonmail.com. We also require our customers and partners to communicate with us over an encrypted connection.
- We are only able to send encrypted messages. If we try to send an email to you and your email provider does not allow for encryption, our system will hold the message and we will investigate. If this happens we will try to get you a message over another secure channel.
2. We authenticate all email in and out of Flume.
- We utilize an email standard called DMARC to ensure that only people from Flume Health can send a message from @flumehealth.com.
- If we aren't 100% sure an email came from someone who is authorized to send on behalf of that email domain, we mark it as Unverified Sender and we typically investigate why this happened.
- Note that while it's hard to spoof an email address to look like @flumehealth.com, we cannot stop something like @notquiteflumehealth.com. Please always verify that an email is coming from exactly who you expect it to be coming from. We only use @flumehealth.com. Be aware that with some email clients, it’s possible for a bad actor to make the display name look like our email address. Make sure you verify that the actual email address is from us, and not just the display name.