ExchangeDefender Blog

Most Popular Products

EMAIL SECURITY

Services that protects your mail from spam, viruses, and malware.

ARCHIVING

Secure long term message storage and ediscovery reporting.

BUSINESS CONTINUITY

Constantly archiving your sent and received mail.

SPAM Email Reports

ExchangeDefender SPAM Email Reports remain one of our most popular features and after nearly 6 years since the last major revision we’re looking to improve both the value and the functionality. For many of our end users, ExchangeDefender is the sole provider of cyber security training and information – so the responsibility of better educating our clients on the threats they are likely to face via email and web is crucial.
Then there is the look and feel of it. White collar workforce has largely gone away from dual monitor configurations to smaller portable devices on which users don’t spend the whole day in Outlook – so our email reports that were designed for the Microsoft desktop era needed a little face lift.

New ExchangeDefender SPAM Email Reports are launching on October 1st 2018 and we’ve made several significant changes to the look and feel based on user feedback.

– New reports feature “friendly” From addresses, instead of the actual From: line we’ve always used.
– Contrast has been improved as well as spacing, so finding information in the email is much simpler.
– Font size, padding, colors, etc has been modernized as well, allowing the report to look amazing on both small phone screens and large wide-screen computer displays.

On the backend, our reports and email release requests are starting to embed our support at the point of release, making sure our end users get exactly what they are expecting right away. If the message isn’t displaying correctly, or if it cannot be located, or if the message is continuously ending up in the SPAM quarantine even though the user believes they whitelisted it (99.999999999% they whitelist the disposable from tracking email which changes every time a message is sent, instead of whitelisting the domain) – our support will be there to assist them immediately without picking up a phone, without opening up a support ticket, without escalating it to the office manager or creating additional work. On demand service #ftw.

Our mission to help protect our clients from dangerous and malicious content also has to account for threats before they become problems – which is why we’re investing in training and info collateral aimed at the users so they are aware of new ways hackers are trying to exploit them. This info will be featured prominently in the service and we will cover it in detail as we ramp up production but for the time being we understand our end users have limited time and limited interest in what is going on in the world of cyber crime – so we will limit our content to 140 characters and feature relevant stuff only, nothing commercial.

If you have any suggestions or ideas for our Email SPAM Reports, please do not hesitate to let us know.

 

ExchangeDefender Corporate Encryption
ExchangeDefender Corporate Encryption

ExchangeDefender Corporate Encryption now allows you to send encrypted attachments and share files securely from any device, even many of you that aren’t on Microsoft Outlook/Exchange. It was one of the more popular parts of the webinar we held yesterday (hope you had a chance to attend it, you can watch it anytime in our secure portal at https://support.ownwebnow.com)

ExchangeDefender Corporate Encryption was designed to eliminate the pain point of traditional key-based email encryption: too much software, too much management, exchange of public keys, software deployment, and more. It also eliminates the complaints about cloud based solutions that are often clunky, unfriendly, not to mention expensive. ExchangeDefender Corporate Encryption is none of those: it is friendly, affordable, requires no additional software or hardware.

And as of this week, it allows the sender and the recipient to exchange attachments so that the content is encrypted in both directions. Furthermore, because it is cloud based, you can resume work when you get back to your desk. The upgrades to the UI allow you to quickly see new messages, respond to them, or forward them elsewhere. It is truly turning into a highly secure, policy-based, email solution for businesses that require compliance and content security.

We’ve also made the UI more friendly by putting actions on top of the page so that it resembles popular webmail products end users have gotten used to for over a decade. Attachments are a lot more prominent and go both ways: not only can you send them, but when the recipient logs into our portal to reply they can attach anything they want to in response as well – assuring that content is protected and encrypted at all times.

 

ExchangeDefender mail flow and email analysis troubleshooting is at times a long and difficult process that has been automated through our admin portal at  https://admin.exchangedefender.com. We realize that it’s not an option for some of our end users and new MSPs so we often get tickets in our support portal asking us why a certain message got delayed, rejected, classified as SPAM or allowed to get through if it had SPAM content, etc.

In order to troubleshoot an issue with a specific message we always ask for SMTP headers. The following blog post will help you find them in Outlook Web App, Outlook 2013 and Outlook 2016.

Outlook Web App

From the message listing, right click on the message and select “View Message Details”:

 

 

 

 

 

 

 

 

You will see Message details screen. Copy and paste it in the ticket and we can help you with the rest.

 

 

 

 

 

 

 

 

 

Outlook 2013 / Outlook 2016

From the message listing double click on the message so it pops up in it’s own Outlook window.

 

 

 

 

 

 

 

 

 

 

 

Then click on File and you will be shown the message file options:

 

 

 

 

 

 

 

 

Click on Properties and you will see the SMTP headers. Copy and paste it in the ticket and we can help you with the rest.

 

 

 

 

 

 

 

 

Important: Please copy and paste the contents of the screen into our support ticket instead of taking a screenshot. Sometimes the SMTP headers contain characters that are very similar (qf9mfIlI1IlI) and it can take a lot longer to locate the message rather than having a specific text search.

What happens next is that our team is able to locate the specific message in our database and then with that data do further analysis using the node that processed the message and look at all the logs generated by hundreds of different services that are analyzing every message for dangerous content.

Partner to Retail Transfers

After nearly 21 years in business, we have seen just about everything, from partners dying to companies disappearing overnight. More often than not, they leave businesses they served stranded and ExchangeDefender has to pick up the pieces. As each case is different, we’ve always handled every issue delicately with great care from a dedicated employee at ExchangeDefender to handle the issue.

While that sounds nice on the surface, it’s actually a horrific mess with a point person playing coordinator, negotiator, project manager, liason, unofficial legal advisor and more often than not wasting more time than neccessary.

As a result, there is now a 3 month initiative at ExchangeDefender to streamline and automate most of our processes that involve external parties. The honor of the first such automated process is the “Transfer of Services”:

Transfer of Service

ExchangeDefender is exclusively sold through our IT Solution Partners. However, when one partner disappears (death, bankruptcy, laziness, poor customer service) we do not have the means to refer them to a new partner. Often, even if we can find someone local, partner may not have an incentive or business case to sell them ExchangeDefender if the client will not sign up for other support services that are required by our partners to deliver XD. Sometimes, clients get bought/sold, hire their own IT staff, or move to a new provider and want to keep ExchangeDefender. All of these scenarios create a massive mess for ExchangeDefender, for the client, and ultimately for the partner.

The site is designed to create a process-oriented survey that ties in all the parties involved in service delivery – the client requesting the transfer, the existing partner, and if applicable the new IT Solution Provider. This way we have the contact information about everyone, we have set milestones in the process, we have everyone moving along the project and we have deadlines so nobody is left stuck or forgotten. The same ExchangeDefender SLA for support applies to the transfer process but it makes ExchangeDefender handle it.

That is the key part and perhaps the most valuable one for our existing partners that may be worried about account transfers. From our experience, when a client decides they want to leave the service (be it ours, or our partners) there is little that will stand in their way of either moving to another ExchangeDefender partner or another service. This can be painful, awkward, and at times emotional as a loss of business can be stressful. This is where ExchangeDefender can help as well – instead of having to deal with asset control, configuration, transferring credentials and doing support and the work of the new IT Service Provider, our partner can just sign a waiver and from that point on anything regarding the old client and ExchangeDefender will be handled by our team. This way the current partner that is losing the service isn’t stuck with an uncomfortable process of dealing with a client that fired them or training their competitor how to manage the service – it’s simply all on us.

We had to do something. All our future transfers will happen through the “Partner To Retail” web site at https://exchangedefender.com/transfer

Our mantra remains the same, we are still very much a partner-channel based organization. These process automation projects are meant to give our partners and clients a more predictable, measurable, and accountable system backed by an SLA rather than a single point person. If there are processes that you’ve found frustrating, unpredictable, difficult, or frustrating please let us know by contacting your account manager and we’ll put some priority on those. Otherwise, we look forward to serving you better.

 

 

About the PIN requests

Several years ago we introduced the ExchangeDefender Phone PIN support to enable our clients and partners to obtain full support over the phone as if they were in our support portal. Being able to talk to someone that can directly make any change you need to make on the go is incredibly valuable for on-the-go business manager that is typical in SMB.

Our implementation left a lot to be desired. We put the PIN in the area where few people looked. We had no system to quickly retrieve your PIN. Some of our support techs took advantage of the system to avoid helping clients. All these issues have been addressed so we wanted to go over our phone support process again.

Our Support Process

We have a typical 3 tier support system – people on the phones (Level 1), people in the support portal (Level 2), and people managing network services and software that approve overrides and make changes manually (Level 3).
When you call 877-546-0316, you will always be speaking to a Level 1 person. Their job is to be friendly and help you figure out how to get things done. In general, they will walk you through the portal, provide our manuals and walk through guides, open a ticket on your behalf, and sometimes even provide additional information about services. Their goal is to eliminate the clutter, the transfers, the “not my department, not my job” you often get when you call a company for help.

If you call our support and are active, in good standing (no late or past due invoices), with proper credentials – our team will greet you with “Thank you for calling ExchangeDefender, whom do I have the pleasure of speaking” and will try to locate your profile and your PIN. From there, we’ll take good care of you. If you don’t know your pin, or if we cannot locate you in the portal, our support will still provide basic public information about our services but is prohibited from discussing pricing, settings, passwords, company data and so on. This is for your security and protection – we’ve all experienced identity theft, people pretending to be someone else, people that have been terminated looking to sabotage their employer, etc – the PIN removes that from being an issue.

What requires a PIN?

Anything that is not public or available on our web site will require you to provide an email address and a PIN. Things that don’t require a PIN are basic answers about how our products work, where to find documentation, if there are any issues with services at the moment, how to become a partner, marketing collateral requests, etc.
Everything else that is account-confidential will require a PIN, for example:

– Getting a copy of the invoice, pricing information
– Account modification, service change, settings change
– Opening a new support ticket on your behalf
– Adding a new service or subscription
– Modifying service settings (passwords, IP addresses, credentials)

There are only two things that our support on the phone will not do regardless of whether you know your PIN or not: add a new contact to the support portal and delete any service/subscription. For legal, compliance, and past experience reasons that is a red line we cannot cross.
OK so how do I get my PIN?
You can find it in your Contact information at https://support.ownwebnow.com
If you don’t know your PIN or support password, you can request a new PIN at https://exchangedefender.com/pin
If you don’t have a contact in our portal at all, you will be provided with a PDF to provide to whoever manages the ExchangeDefender relationship in your organization.

We hope that as we introduce chat and more phone support you can still get everything you want done much faster and more efficiently – but most of all: securely.

 

 

Billing Compliance Enforcement

September marks another huge month in which we’re cleaning up some of our old “small business ways and means” and replacing them with industry standards, in every facet of our business. But before we get into that, as the changes are both service related and product related, we would again like to remind you to sign up for the big webinar we have on September 5th:

ExchangeDefender New Stuff Webinar
Wednesday, September 5th. Noon EST
https://attendee.gotowebinar.com/register/1810967512151336450

“I cannot urge you enough to attend the webinar and see the changes and improvements that are coming to our products and services. You truly need to understand the structure and the vision behind it because we’re doing the same thing we’ve always done: respond to client requests and how the marketplace dictates what people will pay for and how. So I urge you to please attend the webinar and hear directly from me what we’re up to and how you can run into fewer issues and make more money with us.”

-Vlad Mazek
CEO, ExchangeDefender

Billing Policies

None of the following policies are new or designed to impact our clients in good standing.
Our billing policy has not changed in 20+ years, but we’ve never enforced it fully, and we believe it won’t be an issue for anyone. So for the record:
– We need a 30 day notice on any services you wish to remove from ExchangeDefender (and any of our products, sites and services). We tend to be fairly flexible with this and will continue to do so.
– Any services cancelled within the last 2-3 business days of the 1st of the month will be billed on the 1st and there will be no refunds. See the 30 day policy above.
– Service cancellations will be disabled within the last 12 hours of the month. Our staff will not be able to process them via phone/tickets, they will be locked out as well.

The reason we are suddenly enforcing this policy is because we’ve noticed a significant amount of fraud related to people gaming first/last of the month (where you cancel the service on the last of the month, skip the billing cycle that runs on the 1st, then setup the new service on the 1st and get a free month). If our enforcement of our billing policies seems unfair please keep in mind that we do give you free service from the moment you sign up for the service until the 1st of the month. The other reason is that we cannot process changes and update invoices within hours of the amounts being submitted to the credit card processor.

 Late Fees

Late fees will also affect a small but persistent contingent of our client base that is trying to game and hide from what are fair business practices of paying the vendor. Because we’ve never charged late fees we have a few dozen clients that hide, provide fake credit card numbers or otherwise try to get as much free service as possible. Payment for all services is due on the 1st. If the invoice isn’t paid by the 5th (12:01 AM) invoice will automatically get a $39 late fee. If the invoice remains unpaid by the 15th (12:01 AM) the services will be suspended and subject to other legal remedies, along with an additional $69 re-connection fee.

These policies have not been enforced as a matter of personal courtesy we extended to our partners during the economic collapse of 2006-2009. Today, they require personal interaction and activity by a member of our staff, and every unpaid invoice and billing ticket about not cancelling the service in a timely manner is costing us (and our partners) which isn’t fair.

As mentioned above, these policies will not be an issue for anyone but a small handful that has been abusing the system. As a security company we are constantly being audited and leaving open invoices, not charging, late fees, policies that aren’t being enforced and so on are constantly flagged by our accounting, legal and even compliance auditors so we’re being forced to get a grip on everything. Thankfully, it won’t be much of an issue and we look forward to using freed up resources to deliver a better service to all of our clients.

Development and service improvement around ExchangeDefender is really in a different gear now and we have a huge webinar to discuss all the new stuff that you will start seeing in September:

–  New Shockey Monkey Service Manager UI (for private portals)
–  Exchange 2016 rollout for SMB clients
–  Upgrades to IoT for CAN-SPAM tracking/issues
–  Allowing threaded conversations in Web File Sharing
–  Allowing file exchange through Corporate Encryption
–  ExchangeDefender Pro UI changes
–  and much more.

It’s a LOT of stuff with HUGE improvements all around so if you work with us you’ll really want to attend:

ExchangeDefender New Stuff Webinar
Wednesday, September 5th. Noon EST
https://attendee.gotowebinar.com/register/1810967512151336450

Since February of 2017 we’ve been working on core infrastructure updates to address major weaknesses in the previous infrastructure model and have embraced rapid development, regulatory compliance requirements, different laws and regulations impacting our clients all over the world, and major needs our clients expressed that required development at a different scale. This again puts us (and you) ahead of the competition and we look forward to helping you gain more business.

Tune in!

Email Security

We’ve had the opportunity to spend quite a bit of time with our top small business partners over the summer as they hold meet & greets / lunch & learns while kids are out of school and staff takes vacations. We got to see firsthand how the features and the problems are both the same as they have always been (budget, buy-in) and completely different in a way that technology solves business problems – cloud compliance, vendor/mobility management. One of the businesses that moved to ExchangeDefender was able to get rid of 7 (seven!!) different vendors involved in email & mobility solutions alone.

   It’s all about the Story.

ExchangeDefender is increasingly becoming the modular security solution that can help service your mobile & security needs end to end. From email hosting to support for everything that entails, from managing mobile devices to assuring their compliance, archiving, business continuity and data management – ExchangeDefender does it all from a single pane of glass. All you have to do is change the way you tell the story.

   Product vs. Service

Typically, small business partners follow the same “vendor” approach to positioning ExchangeDefender “we kill SPAM for a living” and then mention the other nice “bonus” features we offer. While that may work on larger companies with CIOs where a point solution is necessary (or required for redundancy), in small business you need more finesse as you introduce our solution as the Swiss knife for typical SMB problems. Small business decision makers typically aren’t that interested in technology specs, even if they are familiar with the problems, they are looking at the price and at the time this the solution is going to take away.

   So here is what works for us:

We position ExchangeDefender as a service (not even mentioning the cloud) that takes care of keeping junk out of the mailbox, keeping people productive and safe, making sure any outages have a workaround and as needed we also do encryption to protect data automatically and compliance archiving to help meet regulatory requirements and keep fines away – and we build, manage and support 100% of it end to end. In a way, we’re the last security product you need to look at and the only one you need to contact when there is a problem.

Give it a shot – this is fully compliant with the Elevator Pitch™ guerrilla marketing and truly disarms the most common objection in SMB which is “we already have something” – everyone has something, they just don’t know where it is, who does it, how it’s used and what it does – and that’s the biggest selling point of ExchangeDefender. You don’t have a dozen vendors for email, mobile, security, archiving, compliance, encryption, DDoS protection, business continuity, mobile device wipes, etc, etc you get the picture. Instead of going in and trying to sell yourself, you’re going in and looking at ways to save them money “Well, you won’t need to renew this product, or this service, your old firewall won’t have to be upgraded, you now get all the additional features, etc”

In a way, our go to market has been the same as it’s always been – but with the cloud you’re dealing with small businesses with data all over the place and providing security to a mobile organization with decentralized storage is no longer a “security” pitch, it’s a management pitch that gives them back their time.


ExchangeDefender 9 is off to a fantastic start, as mentioned in the previous post we’ll keep you up to date with any new bugs and fixes as we find and fix them here (http://www.exchangedefender.com/blog/2018/08/exchangedefender-9-launch-bugfix/). Great news on that front is that the entire codebase is new and thanks to new development methodology fixes for minor issues won’t take long. Neither will the addition of the new features: which is what we’d like to discuss today.

The following big features are coming in September and we’ll cover them in detail leading up to the release: ExchangeDefender encryption is getting a major upgrade in threaded conversations and ability to include attachments both ways, our support portal will begin mixing in live chat and status updates so you know immediately where your ticket is in our system and who is working on it, and we’re taking a major step forward to help you manage your security credentials.

      ExchangeDefender Encryption Upgrade

ExchangeDefender Encryption is getting a major expansion of features when it comes to handling files and conversations. Specifically, we never want you to have to leave the ExchangeDefender web site in order to communicate effectively and securely. Starting in September, we’re adding two major features to enhance our clients ability to exchange secure content with remote recipients: threaded views and attachment uploads.

Presently, only our clients (protected by ExchangeDefender) can send encrypted attachments. Soon, senders and recipients will be able to work through our portal to send encrypted contents back and forth. The way we’ll present the entire conversation will really take our clients productivity to the next level.

     Support / Ticket Live Chat

We’ve been testing a live chat/alert/popup functionality in our support portal where we can huddle up and work on the ticket in realtime with the entire team. This is a far cry from the traditional model where a ticket is accepted, assigned, worked on and completed by a single tech within a SLA mandated period of time.

In the new model, we all have the ability to work on every issue at once and quickly add relevant resources to the conversation: which is effectively what the new support is going to look like. So instead of a ticket being a single monolith of a problem that is handed from one person to the next in it’s entirety, we can now break it down into manageable pieces and a senior engineer can quickly pinpoint, triage and offer guidance that would let other technicians that are available assist the client far faster.

You will also be able to see who is viewing and working on your ticket and where/when the next update will come – this will eliminate the need for phone calls, escalation/status update requests and so on because the system is 100% reactive to what is going on – if the engineer is looking at the ticket they have a counter and they are printed on the ticket. We look forward to extending this functionality to our clients in September, we’ve been using it internally to raving reviews by our staff.

    Password Policy Enforcement

ExchangeDefender is a security product – one whose origins and some features trace back to the 90s. In the past 15 months the product has been rewritten entirely, giving us far more flexibility to help you manage your users and their passwords. In September we will start storing passwords with irreversible encryption and complying with many new technologies such as Magic Link that will make password tracking a thing of the past. Additionally we’re rolling out 2FA/OTP across ExchangeDefender with our own API to extend to other applications in the ExchangeDefender universe.

There will be many more features coming along as all our departments have stepped their game up – but these major ones will definitely change the way you work with ExchangeDefender and how much we’re able to do for you and your clients. Privacy, security and management are in the news every single night and we hope to give our clients and partners a level of control over their data that will make it easier for them to sleep at night.

 

ExchangeDefender 9

ExchangeDefender 9 launch has gone very smoothly and in the interest of keeping everyone on top of little bugs that may get reported over the next week we’ll keep this post pinned and updated with new bugs and ongoing fixes. So far all the issues have been minor and addressed within 24 hours of reporting.

PDF Download:  New ExchangeDefender 9 User Guide

   

Bugfix log – Monday, August 6th

Trusted sender button in Quarantine view. Messages were properly processed and email addresses added to Trusted Senders so future messages would not be categorized as SPAM by ExchangeDefender. Unfortunately, messages were never released from the quarantine and delivered to users Inbox, which is the desired outcome. This bug has been fixed on Monday, Aug 6th.

Multiple message action. New ExchangeDefender quarantine allows you to take an action on multiple messages by checking the checkbox next to the message. Unfortunately, ExchangeDefender did not properly grab all messages, only the first one. This bug has been fixed on Monday, Aug 6th.

Full email address preview in Quarantine view. New ExchangeDefender UI has removed hover functionality from the portal entirely. Vlad/CEO Note: “Sorry guys, it’s 2018. Everything is touch enabled and touch devices have a terrible hover gesture, we’re moving to actually tapping the screen for info”; Due to the volume of complaints, we have added the expansion of the email address to the UI temporarily while we think of a better way to display it. The problem is with SPAM and mailing list companies that mask/forge the sender address and embed it in the From line for tracking and bounce purposes. This makes the From line too long to display in the ExchangeDefender quarantine view so we trim it. You can now hover over the email address and see the full address in your desktop browser. This feature has been added on Monday, Aug 6th.

SPAM quarantine message counter on the dashboard displays all messages, not just new/unreviewed messages. This problem has been resolved and the counters on the dashboard now only show messages that are new and haven’t been previously reviewed. This bug has been fixed on Monday, Aug 6th. There is an outstanding feature request tied to this bugfix to have counters update in realtime.

Authentication fails when logging in to admin.exchangedefender.com from the SPAM report. This issue has to do with the change of encryption and password security in XD9. This bug has been fixed on Monday, Aug 6th.

Users login is rejected if they used certain special characters. In prior versions of ExchangeDefender, we simply stripped non-alphanumerical characters. With XD9, we use a hashed password so matching the password is only possible when it’s exactly the same as the one we are expecting. We have implemented an authentication workaround on Monday, August 6th.

Domain login failures. ExchangeDefender 9 features a domain administrator account (simply using domain.com) that gives clients the ability to manage the entire organization centrally. This bug has been fixed on Monday, Aug 6th.

    Bugfix log – Tuesday, August 7th

Quarantine message preview fails. Several bugs have been filed regarding the ExchangeDefender CAMP (Compliance Archive Message Preview engine) and how display was either off or mangled messages. This bug has been fixed on Tuesday, Aug 7th.

SPAM Czar is unable to retrieve dangerous attachments. ExchangeDefender 9 and the underlying security infrastructure does not allow dangerous content, no matter how badly you want it and have a business case scenario to support downloading a virus/malware. In order to reconcile the request with legitimate use, we’ve implemented a temporary workaround. This bug/feature was added on Tuesday, Aug 7th.

PDF Download:  New ExchangeDefender 9 User Guide

CEO’s Note

Every screen in ExchangeDefender 9 features “Give us feedback” link where every user can provide what they would like to see more/less of. As mentioned in countless blog posts and multiple webinars about ExchangeDefender 9, this is the next generation designed for mobile, for touch, for rapid development and flexibility needed to meet modern regulatory compliance requirements. Well over 90% of our features are direct result of client and partner feedback – so please keep it coming. For our part, this has been the smoothest launch we’ve ever had and we’re aggressively fixing bugs while adding new features that make a ton of sense as fast as we can. ExchangeDefender 9 has been in beta since March so our partners have had plenty of time to check it out and familiarize themselves with the new UI but just about every function in the end-user UI is exactly where it was before – so no retaining is needed and so far we’re not getting reports of users not knowing how to get basic stuff done (either directly through our reporting function or indirectly through partner feedback). Huge thanks to our partners and beta testers for making this a smooth launch, we really appreciate it and are thrilled to show you all the new stuff that will be driven by this new, modern, agile platform. I’ve personally been writing ExchangeDefender since 1999 and this is the first release in nearly 20 years to feature 0 lines of code written by me – so at least we got that!

GDPR - GET STARTED

Our readiness kit contains valuable resources designed specifically to help businesses with GDPR requirements.

DOWNLOAD OUR GDPR READINESS KIT

IoT Security Solution

Introducing our newest security solution for IoT devices. Protect and secure your IoT environment with robust built in Security.

READ MORE

Are you an MSP?

See why you should consider our partner program. Become a partner at no cost, with no annual commitment, cancel anytime.

MORE INFORMATION