ExchangeDefender User Guide
ExchangeDefender Admin Portal gives users central access to all mail policies, SPAM quarantines, web file sharing, business continuity, and compliance archiving. From this secure site, accessible via desktop and mobile, you can manage your entire email experience and tailor it to your needs. The login credentials or password reset link will be sent to you by your IT team and you can access all services here:
Login credentials and an invitation will be sent by your Domain Administrator automatically when your account is provisioned. If your service provider has automatic enrollment enabled, your account will be automatically created the first time you send an email to someone outside of your organization.
Navigating around ExchangeDefender's User Interface (UI) is simple, with a tool bar across the top for most common tasks, and management sections (links) on the left. The rest of the UI contains the main functionality for whichever section you're currently managing. Almost all pages will also have a tabbed interface for additional settings, ability to export the current view into a csv/pdf, and search/paging functions. When you are in sections that require your full attention and you want them to take up most of the screen (for going through SPAM messages, auditing access logs, etc) you can also click on the << icon next to shrink all the navigation and menu displays and focus on the content of the section you are working on.
Users - Dashboard
ExchangeDefender Dashboard makes it easy to quickly get to all the features that help secure your email and collaboration.
Navigation - Across the top of the screen you will see the most frequently accessed items by our users. Next to the logo is a slider << icon which allows you to hide the side navigation and have more screen space for whatever you're looking at. Next are Quick Actions which enable you to quickly create a new email alias, send an email, or send an encrypted email. Next is a link to the User Guide which links to a downloadable/printable quick start guide and a video to get you started with ExchangeDefender quickly. Our Feedback link enables you to communicate directly with the developers of ExchangeDefender, if there is something you'd like us to do or know this is the best way to reach us.
Quick Access - Across the top right of the screen you will see power user shortcuts. Quick Launch enables you to access all of the ExchangeDefender applications without logging into separate sites. Click on Settings and you'll have immediate access to your email SPAM policies, trusted devices, and security settings. If you click on your icon or avatar you'll be able to upload your photo that will personalize many areas of ExchangeDefender, as well as give you quick access to some of our clients frequently accessed resources.
Side Menu -On the left of the screen you will see all the services, settings, logs, and security configuration tabs that help you customize ExchangeDefender to your liking.
Main Screen - Most of the application for any section of ExchangeDefender will have items relevant to it. On the dashboard, across the top you will see quick links to most popular functions, followed by statistics and charts. Keep in mind that << icon allows you to expand the main screen and compress down all the icons so you can focus on what you're trying to do.
ExchangeDefender session starts with the Dashboard by default but your domain administrator may have configured you to go to Quarantine view by default. You can always access the dashboard by clicking on the Dashboard menu on the left.
Users - Managing Aliases & SPAM Policies
ExchangeDefender uses thousands of pattern recognition algorithms, proprietary antivirus and malware detection engines, real-time blacklists, and artificial intelligence/machine learning to categorize email contents. Each time we encounter something suspicious, a score is assigned to the match and after the message has been scanned by everything the total score is calculated. Depending on how high scoring the SPAM contents of the message are, the message can be categorized as SPAM or SureSPAM.
Based on that score, if the message is 90% likely to be SPAM we flag it as SPAM. If the message is 99.9% likely to be SPAM, we flag it as SureSPAM.
Depending on how your IT department configured ExchangeDefender, you may have the ability to customize how ExchangeDefender delivers your SPAM and SureSPAM messages.
On this screen you also have the ability to add email aliases you wish to manage by clicking on New Alias.
Email addresses are listed on this screen along with current policies for SPAM and SureSPAM. Clicking on the actions next to the SPAM/SureSPAM policy will offer you several customization options:
- Deliver SPAM - SPAM messages will have [SPAM] appended to the subject and then delivered to the user.
- Deliver SureSPAM - SureSPAM messages will have [SURESPAM] appended to the subject and then delivered to the user.
- Quarantine SPAM- SPAM messages will be quarantined on the ExchangeDefender web site and can be reviewed & managed using the email reports, web site, or client tools (Outlook, Desktop, Mobile).
- Quarantine SureSPAM - SureSPAM messages will be quarantined on the ExchangeDefender web site and can be reviewed & managed using the email reports, web site, or client tools (Outlook, Desktop, Mobile). ExchangeDefender recommends this setting.
- Delete - Delete will remove the email address from your profile.
- Delete SPAM - SPAM messages will be permanently deleted. Not recommended.
- Delete SureSPAM - SureSPAM messages will be permanently deleted.
Users - SPAM Settings Recommendations
ExchangeDefender recommends Quarantine SPAM and Quarantine SureSPAM options, but you should choose in accordance to your own personal preferences and your IT departments requirements. While an overwhelming majority of ExchangeDefender users has the Delete SureSPAM setting enabled, we do not recommend it because there is no way to undo a delete. Messages are simply discarded at the edge and if you ever need to troubleshoot missing delivery that could be a problem. ExchangeDefender, and the intelligence feeds we use to categorize SPAM, can occasionally make a mistake because they are automated statistical models - but ultimately it is up to you.
ExchangeDefender recommends Deliver SPAM setting for personnel that requires real-time access to their email and should not be required to wait for a Daily or Intraday SPAM report, and for personnel that is not tech friendly. By setting your SPAM to deliver, messages are delivered to the clients Inbox in real-time and if they handle sales, quotes, or other near real-time communications it's best to leave their SPAM sorting to them (additionally, because [SPAM] will be in the subject they can just move SPAM messages using an Inbox rule).
Users - Accessing SPAM Quarantines
ExchangeDefender Admin Portal is accessible for all ExchangeDefender users from all modern desktop and mobile browsers.
ExchangeDefender Pro subscribers can access their SPAM quarantines, can use the ExchangeDefender Admin Portal, and can also access their SPAM quarantines, whitelists, blacklists, and stats via:
Daily SPAM Report (email digest with links to SPAM release and whitelist)
Deliver SureSPAM - SureSPAM messages will have [SURESPAM] appended to the subject and then delivered to the user.
Intraday SPAM Report (email digest with links to SPAM release and whitelist)
Outlook add-in (Outlook 2010 - 2019)
Chrome, Safari, and Firefox browsers on iOS and Android (tested)
Users - Managing SPAM Quarantines
ExchangeDefender Admin Portal SPAM Quarantines are accessed by selecting Quarantine from the navigation menu. You will only see SPAM counts if ExchangeDefender is configured to quarantine SPAM and/or SureSPAM messages and you can see how many new SPAM messages are waiting by the number next to each category across the top. All the views are completely configurable, so when you set your view just the way you like it you can Save Settings so ExchangeDefender remembers how you like to review your SPAM.
- ExchangeDefender shows all of your quarantined mail on the same screen. Just click on the address selector and check the email addresses you want to review.
- ExchangeDefender Search enables you to quickly locate messages that you're expecting.
- Filter by SPAM or SureSPAM gives you the ability to only see SPAM, SureSPAM, or both. This is helpful if you have a lot of email aliases and are only concerned with stuff that may have been accidentally quarantined.
- Show released enables you to see messages in the quarantine view even after you've released them. This feature is helpful when multiple users are managing the mailbox or you're looking for a specific message.
- Show unread messages only enables you to only see messages that you have not previously clicked on.
- Activities toolbar: When you select a message (or several) a new button bar will show up with Release, Trust Sender, and Review. Release simply delivers the message to your Inbox within a few minutes. Trust Sender delivers the message to your inbox and whitelists/trusts the sender so that messages from them no longer get quarantined by ExchangeDefender. Review only marks the messages as read so you don't have to see them again.
- Toggle column visibility enables you to show only the information you care about. For most users, just the Subject, From, and Received will be sufficient.
- Message listing shows the content of the quarantine and most of the items are actionable. For example, Release/Trusted Sender/Review icons are next to each message. If you click on the Subject, message will be loaded from Quarantine giving you the ability to respond or manage it. SPAM Score is also clickable, giving you the ability to see SMTP headers that explain the score.
The listing itself supports sorting across all columns and if you've got a lot of SPAM messages you can go through them page by page.
There are additional controls on the ExchangeDefender Admin Portal that make it more useful for email power users. You can export the Quarantine to PDF/CSV format for processing, or you can print it for your records.You can also see the IP address the message originated from, as well as the SPAM score which is useful for troubleshooting. Severity is calculated based on how many SPAM criteria searches the message matched.
Clicking on the subject of the message will actually load it from the quarantine and displayed so you can act on it right away:
You can quickly reply from this screen instead of releasing the message and waiting for it to show up in your Inbox. Additional actions are available under the More Actions button, enabling you to Release,Whitelist , and Print the message. SMTP Headers are also available here, giving you full details of how the message got to ExchangeDefender.
Users - Trusted Senders (Whitelist)
ExchangeDefender supports user defined whitelist, a list of email addresses to be treated as trusted senders whose emails should bypass some SPAM checks and get delivered to the Inbox.
ExchangeDefender supports trusted senders as users (by email address) or by domain (entire web sites and organizations). Simply click on +Add New and provide the sender address you wish to exclude from some SPAM checks.
ExchangeDefender whitelist / trusted sender database also contains addresses that we've confirmed to be legitimate, as well as trusted databases from your IT department and domain / organization administrators.
Users - Blacklists (Blocked Senders)
ExchangeDefender supports user defined blacklist, a list of email addresses to be treated as junk mail senders whose emails should always be categorized as SureSPAM. We discourage our users from using blacklists unless you absolutely know the email address and the domain of the sender. Simply blacklisting email addresses, you find in your SPAM quarantine is not effective, as most email addresses used by spammers are disposable and unlikely to send mail again.
Using a blacklist in combination with Delete SureSPAM action will automatically delete messages from those senders before it is processed by ExchangeDefender. This configuration, while supported, eliminates our ability to do effective support troubleshooting for missing messages.
Users - Phishing Policies
ExchangeDefender Phishing Firewall (EPF) automatically secures inbound mail by rewriting HTML links so they are forced through our firewall when you click on them in Outlook, Gmail, or any web-enabled email application.
To add a new web site to the Whitelist or Blacklist click on the + Add New button.
Phishing Whitelist policies allow you to configure sites which should always bypass the ExchangeDefender Security Center (https://r.xdref.com). While this setting will not prevent URL rewriting, when you click on the link the system will recognize you, check your whitelist, and automatically send you to the web site.
Phishing Blacklist policies allow you to configure sites which should always be blocked. When you click on a link that sends you to a web site on the blacklist, you will be redirected to the ExchangeDefender Security Center (https://r.xdref.com) and the threat will end there.
Users - Security Log
ExchangeDefender extensively logs all security activity on the admin portal and official applications that leverage our API. In the security log you will find authentication success and failures so you can identify when a hack attempt is under way. ExchangeDefender Security personnel is also auditing these logs on an ongoing basis and sending alerts to users who experience frequent password failures.
Users - Phishing Log
ExchangeDefender Phishing logs contain activity from ExchangeDefender Security Center (https://r.xdref.com) and give users the ability to see which links were clicked on.
This information is provided for security audit purposes and for tracking which sites may have led to a security breach/compromise. Because dangerous malware distributed through phishing often results in destruction of a PC and/or network, ExchangeDefender as an external resource can help you determine which links may have been involved in distributing dangerous payload.
Users - Settings
ExchangeDefender Settings section contains all the configurable settings and preferences you can set with ExchangeDefender and make it act the way you want.
Disable email reports - Turns off email notices about quarantined SPAM.
Enable daily email report - Sends a daily SPAM report with messages that were classified as SPAM or SureSPAM during the past 24 hours.
Enable daily and intraday email reports - Sends the daily report, and another report later in the day with the messages that were classified as SPAM or SureSPAM since the last daily report was generated.
Report Schedule allows you to configure when the SPAM report should be generated. Keep in mind that it takes 15-45 minutes to generate the report, so if you absolutely need to have the report in your inbox by certain time, set the generation time an hour in advance.
Region: ExchangeDefender allows you to pick your time zone, according to which reports will be generated and timestamps displayed in the Admin Portal.
Password: ExchangeDefender Password tab gives you the ability to update your account credentials. ExchangeDefender recommends changing your password every 90 days, or enabling OTP/2FA to improve your account security.
Alternate Email: ExchangeDefender can send password reset links to your alternate email if you forget your password, PIN, or get locked out of your ExchangeDefender account. If you lose access to all three, the only way to reset your credentials will be through your IT department.
One Time Passwords (OTP) - ExchangeDefender supports OTP/2FA (two factor authentication) to improve account security and we encourage all users to enable it whenever possible. Users that provide a mobile phone on this page will receive a confirmation text/SMS message with a short code to enroll the device.
Once enrolled, every login to the ExchangeDefender Admin Portal will require the users email address and once provided, text/SMS message or email will be sent to the device on record instantaneously. While your passwords can be compromised/hacked/sniffed/stolen, it's extremely difficult for someone to have a hold of your phone and alternate email addresses as well.
Known Devices - ExchangeDefender allows you to remember known/trusted devices. When you login to ExchangeDefender Admin Portal, your device information will be saved and tracked in order to isolate unauthorized access to your account.
If you check the Notifications box, our system will email you whenever access is granted to a new device, which could alert you to a possible service compromise.
ExchangeDefender Feedback Loop - SPAM Reporting
ExchangeDefender SPAM Reporting (Feedback Loop) is a simple way for users to report SPAM messages that get delivered to their Inbox. This is a user-level feature in ExchangeDefender that inserts a link at the bottom of each processed email and gives users one-click reporting and blacklist management.
How to enable the Feedback Loop Reporting feature
Login to the ExchangeDefender Admin portal, click on Settings > Settings > and click on the SPAM Feedback Loop to enable signatures for email addresses associated with this user.
How it works
The signature designed on the Domain level will appear at the bottom of every HTML/text message that arrives in your Inbox. When you click on the link it will open a web browser and take you to your ExchangeDefender account (if you are not logged in, you will see the login screen).
Once you’ve authenticated, you can review the message, confirm that's something you don't want to see again, and we'll look into it and make sure messages similar to the one you are reporting is not delivered to the Inbox.
Users also have an option of providing feedback, uploading a copy of .msg file, as well as a checkbox that will automatically place the sender domain on a blacklist.
Bypass Email Addresses
A bypass email address is a disposable email that is used for specific communication purposes. They are free, simple to setup, mask your real email address, and they bypass all security policies.
Most common scenarios in which to use a bypass email address:
- You need to receive an email from someone on a compromise/spam network
- Your organization's corporate policy wont allow certain attachments
- A domain has a misconfigured SPF/DKIM domain
Free - You can setup as many disposable addresses as you wish, they can be created and deleted at any time.
Simple - Just go to https://admin.exchangedefender.com, login and click on Bypass Addresses .
Private - Bypass Addresses mask your entire address and domain (unlike less secure systems that just append + or . to the real address, that is easy to strip and spam)
Bypass - Mail sent to bypass addresses isn't checked for SPF, DKIM, spam content, infections, GeoIP, or other typical security restrictions.
Secure - Each email subject is modified to start with [WARNING! | BYPASS.XD External Message] so you don't inadvertently open an email you were not expecting.
Bypass Addresses are available to all ExchangeDefender Pro clients at https://admin.exchangedefender.com.
Simply login with your credentials for ExchangeDefender Admin portal, select “Bypass Addresses” under My Account, and click on the ” + Add New” button.
The system will generate a random disposable email address and any mail delivered to it will automatically be passed on to the real address you select. It takes less than a minute for it to go live!
Once you’ve gotten the email you’re expecting, you can return to the admin portal and delete the address. If you’ve created an email address for an e-commerce site or something that will likely generate a lot of SPAM, you can deactivate the email address and mail sent to it will not be delivered to your inbox. If at some point in the future you need to get email at that address again (forgotten password, two factor authentication, etc) your address is permanently attached to your account and can be reactivated in less than one minute.
If you subscribe to ExchangeDefender Pro you can receive two SPAM email reports delivered to your Inbox with a listing of all SPAM messages that have been captured in the past 24 hours (daily report) or since the last report was generated (intraday report).
This is a convenient feature for busy people and workers on the go because it does not require you to login to the ExchangeDefender Admin Portal in order to access SPAM messages, you just get a report of messages that you didn't have to deal with. You can then check the report occasionally and make sure nothing important got classified as SPAM due to its contents.
There are two links next to each email that give you the ability to retrieve the message:
Deliver Email - Message will be released from ExchangeDefender Quarantine and delivered to your Inbox within one minute.
Trust Sender - Message will be released and the sender's email will be added to the trusted senders list / whitelist.