ExchangeDefender Frequently Asked Questions

ExchangeDefender FAQ's

Below are some frequently asked questions that we have compiled from our partners about our ExchangeDefender offering. We hope that these questions will assist you with any issues surrounding ExchangeDefender. If you still have questions after reading through the FAQ's, please feel free to open up a support request within our Support Portal.

Does ExchangeDefender work with Dynamic IP addresses?

  • No, well maybe. There are no intentions to ever bring this feature to a supported ExchangeDefender configuration.
  • The complete answer is a little more technical and a little more involved than meets the eye. ExchangeDefender has full support for multi-homed environments, be it over BGP4 routing or just multiple IP ranges with a load balancing or failover router. Truth is, we can route to a hostname or we can route to a static IP address, which you can manually change using the control panel and have it propagate in less than 30 minutes.
  • The situation is a little more involved than that. Because of the amount of traffic, ExchangeDefender automatically catches name lookups and assigns them an hour long TTL (3600 seconds)- meaning that if we were to route to a dynamic hostname, that lookup would expire in an hour automatically, even if your IP changed more often than that and even if you had a lower TTL than that.
  • This is where the Dynamic DNS solution falls apart. When there are problems, there exists an inverse relationship between the importance of email and the amount of money the company is willing to spend to obtain a static IP address. When the setup happens, email is not critical and a business line connection with a static IP allocation is out of the question. When the email stops, for whatever reason, the company calls with $8.3 billion on the line threatening to sue if the mail is not restored 5 minutes before they noticed it went down.
  • This is the reason why ExchangeDefender officially does not support Dynamic DNS routing. Will it, technically, work without a problem? Perhaps, but we will not offer support or assistance if it does not.

Can I only have specific users within my domain use ExchangeDefender?

  • ExchangeDefender is a server wide solution that protects you from junk mail (SPAM), viruses, trojans, malware, spyware and adware. In order to keep your entire server secure, ExchangeDefender requires that all email accounts on our exchange server be part of the ExchangeDefender program.

I am unable to receive Out of Office responses from Exchange 2007 since we installed ExchangeDefender, what can I do?

  • In order to follow RFC 2298 guidelines for Message Disposition Notification (MDN) in Exchange 2007, Microsoft removed email address use in their automated OOF and NDR messages. Since spammers often use blank sender fields as a common practice ExchangeDefender will flag these messages as SPAM as well.
  • In order to ensure that you receive your OOF messages please whitelist the IP address of your Exchange 2007 server. You can do this by adding this IP address in the same field as you would when adding an email address to your whitelist.

I am not receiving some emails that are showing up in LiveArchive, what can I do?

  • All emails are first scanned, then archived, and then delivered to your exchange server at the same time. If you're seeing an email in LiveArchive that you did not receive in your mailbox, the cause is an additional SPAM scanner is in place. These SPAM scanners may be embedded in desktop antivirus programs, Microsoft Exchange IMF, a firewall with an anti SPAM solution.
  • In order to further troubleshoot please ensure that no other anti-SPAM solution exists in your network and turn on your Exchange server's message tracking and turn on logs. If you need assistance enabling message tracking please view the Microsoft TechNet article below:

Will ExchangeDefender be affected if the alias hierarchy is changed within the clients Exchange Server?

  • No, ExchangeDefender does not assign a "primary" domain account between aliases. Thus, all aliases are treated as main accounts and only the ID is actually inherited from the parent domain. Therefore, no changes or notifications need to be made to ExchangeDefender in this scenario.

Where can I get some documentation on ExchangeDefender Deployment?

Where can I get some documentation on ExchangeDefender Troubleshooting?

What are my MX and outbound settings for ExchangeDefender?

  • The MX record for ExchangeDefender is always:
  • Please remove all other MX records from the list, only leaving in the listing. Please do not attempt to mask this URL, point a CNAME to it, replicate the IP allocation list or in any way type in anything other than Because of many DNS complications over the years, our support staff is instructed not to offer support if the above DNS configuration is not in place.
  • The outbound smarthost for ExchangeDefender is always:
  • The server authentication is IP based, allowing relay permissions based on the IP address assigned to your mail server. There is no additional authentication required.

Why are my ExchangeDefender email reports not arriving at the time I set in the control panel?

  • ExchangeDefender can optionally send two reports per day: the Daily report and the Intraday report. The Daily report includes the past 24 hours worth of SPAM that was identified by ExchangeDefender. The Intraday report only includes the SPAM that was identified since the last Daily report.
  • You should never set your Intraday report to run before your Daily report.
  • It is important to note that the times that you configure in the ExchangeDefender administrative portal are the times for which the report is to be generated. For example, if you select to receive a report generated for 4:00 AM, you will receive the past 24 hours worth of email, from 4:00 AM from the previous day to the 4:00 AM today. The report will be generated and sent to you. It can take an hour or more for reports to get generated, so if you are trying to receive a report at a certain time, make sure you set the interval at least a few hours in advance.
  • If you continue to experience problems with SPAM reports, please switch to the ExchangeDefender Client Sotware Suite or use the real-time Admin Portal.

How can I add an alias domain to an existing ExchangeDefender account?

  • In order to add an additional "alias" domain to ExchangeDefender for an existing ExchangeDefender account, please open up a support ticket in our Support Portal. We will add your domain as soon as possible.
  • If you have a ExchangeDefender Service Provider account, you can add alias domains without contacting OWN - just select add alias under Management in your control panel.
  • Note: This is not a technical limitation of the product. It is a limitation we were forced to put in place in order to protect partners that were not reading the prompts. We experienced so many cases in which people tried to use a single ExchangeDefender account to serve multiple customers and in turn caused huge privacy and legal issues for their customers (each ExchangeDefender account is mapped to a single IP or single MX record), that we were forced to pull the feature from the product to protect our customers.

Why is rejecting messages with random errors?

  • ExchangeDefender designates an outbound smarthost or, in other words, a mail server that you relay all your outbound messages through in order to reach remote recipients. This not only serves as an additional layer of security that checks for virus and SPAM content that may have inadvertently left your network, but it also takes over the task of delivering your message to the target recipient. For an average mail server, this task can take up a lot of resources with more and more overloaded servers issuing temporary failure codes, greylisting, etc.
  • Because ExchangeDefender is the delivery agent, it will be the one to echo back any errors it sees during the SMTP conversation. For example, you may see an error message such as this:
    • < # 5.5.2 SMTP; 500 Unable to relay > OR
    • < # 5.5.2 SMTP; 500 User not found >
  • If you receive errors such as this one, please keep in mind that it is not ExchangeDefender that is causing these problems. It is simply echoing back the response got when it connected to the remote server to deliver the message.
  • Note: Because these response codes are issued by the remote mail servers that we have no control over, we do not offer assistance or technical support when these issues come up. If you do experience the error, contact the remote mail server administrator.

How do I get ExchangeDefender to deliver inbound mail to multiple IP addresses?

  • Please first consider looking over the ExchangeDefender Deployment Guide.
  • ExchangeDefender can deliver inbound mail to a static IP address or perform an MX lookup and deliver to the first available server. We support secure TLS delivery to both IPv4 and IPv6 addresses.
  • If you have multiple static IP addresses to which you'd like to deliver inbound messages, ExchangeDefender can perform an MX lookup in order to deliver mail to one or more mail servers. Larger clients tend to have multiple Internet providers on multiple IP ranges and use them to provide failover service or load balancing. ExchangeDefender fully supports this configuration.
  • In order to get ExchangeDefender to deliver messages to either a failover or load balanced connection that has multiple external IP addresses, you need to create another MX record in your domain and add the hostnames of the IP addresses to that MX list. Your default @ MX record for the domain will still point to, but ExchangeDefender will deliver to your new MX record. Here is an example:
    • # Primary/default MX record
      @ in mx 10
      # Host records for individual mail servers
      mail1 in a
      mail2 in a
      # MX record for direct load balanced/failover access
      directmail in mx 10
      directmail in mx 20
  • In the example above, your default/primary MX record for is You have defined a hostname on each IP range you own as and Finally, you have created a new MX record that will resolve to and
  • Under this example, external mail for would be sent to ExchangeDefender would then route the message according to the MX lookup for which goes to or, if unavailable, to This is the failover configuration. If you set the weights on directmail MX record to 10/10 (or any other numbers, so long as they are equal) then ExchangeDefender would deliver mail in a round robin fashion allowing for load balancing.
  • This configuration is independent of router choice because it does not require the router to fail over the link. You could just have multiple routers with multiple gateways on your network. This configuration will work with virtually all routers and load balancers on the market because it uses DNS to route mail, not a hardware switch.
  • Click on Advanced Settings in the Inbound Mail section. This will allow you to provide an MX record that ExchangeDefender will resolve to deliver your email.

***Important Notes***

*Make sure you check that the MX record exist, nslookup -q=mx should return two or more mail servers. If it returns "invalid domain", something went wrong.

*There is a difference between a host (A) record and a mail exchanger (MX) record - if you point ExchangeDefender at a host, the message will bounce.

*This is an advanced network topic and we strongly advise it be done by a competent IT Solution Provider. Please contact us for a reference.

I am having trouble with inbound/outbound delivery. Can you help figure out what is going on?

  • Please follow the instructions in this document:Troubleshooting ExchangeDefender Delivery.
  • If you are having problems with outbound delivery, please follow the steps on pages 3-6 from your mail server. If you need our assistance, please paste in the contents of the telnet session from page 4-5 into a support request in our Support Portal.
  • If you are having problems with inbound delivery, please consult the sending party to follow the steps on pages 7-11. If you need our assistance, please paste in the contents of the telnet session from page 5 into a support request in our Support Portal.
  • Important Notes:
    • Make sure you replace all email addresses with your own email addresses. The ones used in the document are for illustration purposes only.
    • Please provide output of the telnet sessions within 24 hours of opening the support request. Because the issues tend to be intermittent, and because the support team only has access to the logs over the past 24 hours, it is imperative that we receive the telnet session contents as soon as possible.
    • Without telnet session contents we are unable to provide assistance.
    • Widespread problems, outages and maintenance cycles are announced on our NOC site.

How do I create a desktop shortcut that automatically logs me into the ExchangeDefender portal?

  • Right click anywhere on your desktop and select New > Shortcut.
  • For the location of the item type in:
  • Replace MYEMAIL with your email address and MYPASSWORD with your password. **Click Next**.
  • You will be prompted for the name of the shortcut. This can be anything, for example, **My SPAM**. **Click Finish**.
  • You are done. This shortcut will now automatically log you into the ExchangeDefender portal at any time for real-time, searchable and manageable SPAM quarantine and protection service. The same process can be followed for LiveArchive business continuity.

How do I submit an activation request if the mail server is not exchange or I do not use SMTP dump?

  • The best way is to provide the list of email addresses that you want protected with the following syntax:
    • cn: Joe User
  • Just provide all the users and we can activate them all automatically, create their accounts and send them welcome emails.
  • If you just type random text in the SMTP dump text area to bypass the form validation, your domain name will be locked to valid recipients only. In that case, we will only relay users and SMTP aliases known to ExchangeDefender or, in other words, ones that you have explicitly added to ExchangeDefender as users and aliases.

The Exportadresses.vbs import didn't work and I don't see the accounts, what now?

  • As the welcome message you received when you created the account indicated, welcome messages and account activations can take up to 24 hours to be processed and sent to your users. We use a manual verification process to strip out the vanity/general system accounts that do not need to be activated or billed to assure the proper import takes place. When the addresses are added to the system, you will be copied on the welcome messages that are sent to your users on your behalf.
  • During this time period, you should point the MX record at anyway, so all of the mail sent to the domain will be delivered to the target mail server. (Even though the accounts don't technically exist yet, all of the mail sent through the system is logged and available to the users once the accounts are created. Even if the mail was received before the user account was created, they will be able to see/audit/review/deliver the message).

Some SPAM is getting through, where can I report it?

  • Every now and then, a piece of junk mail will get through. It is just the nature of junk mail- it is always being changed to get by SPAM filters, and SPAM filters are always being changed to compensate for SPAM trends, advertised web sites, viruses and more.
  • If a piece of email you feel is SPAM ever makes it into your inbox, make sure your ExchangeDefender profile is set to quarantine junk mail and that you have IP restrictions enabled as per ExchangeDefender documentation.
  • You can forward your received SPAM messages to ****. Our team will review it and eliminate the message from coming to your inbox in the future.
  • Please do not forward multiple messages or forward as attachments, as those are automatically deleted. To increase the likelihood that the message gets processed, also include the SMTP headers in the email report.

We are not receiving SPAM and email reports. They either don't arrive or don't arrive for everyone.

  • Part of a proper ExchangeDefender deployment is to remove all antiSPAM software between your user and ExchangeDefender. As many appliances, antivirus packages, servers and even client email software now scan for SPAM and malware content, it is important to trust mail from Because your Daily and Intraday SPAM reports contain the full subject of all your quarantined junk mail, even the weakest of SPAM filters will typically move your SPAM reports to junk.
  • We often see Microsoft IMF (Microsoft Exchange component) either bouncing or discarding reports and even Microsoft Outlook moving our SPAM reports directly to junk. If you have IMF running, please disable it. If you have Outlook on your desktop, please to your Safe Senders list. To do so, click on Tools > Options > Junk E-mail > Safe Senders > Add and enter our email address.
  • If none of the above works, check your ExchangeDefender configuration and make sure that the SPAM settings are configured to Quarantine and the reports are sent to send Daily report. If your mail rules are to "deliver" or "delete" SPAM messages, you will not be receiving a report because no email was quarantined so there is no SPAM to report.

Why am I unable to send an email to a user with an @yahoo email address, it says it's being delayed by 3 hours?

  • has employed a "greylisting" style security system. This system works off the total number of emails Yahoo receives from a specific domain within a specified time frame. Since all email delivered by ExchangeDefender comes from the same domain their thresholds are surpassed by us every once in a while.
  • A sample rejection would look like this:
    • From: Mail Delivery Subsystem
      Sent: Wednesday, September 16, 2009 2:07 PM
      To: Your Client
      Subject: Warning: could not send message for past 3 hours
      The original message was received at Wed, 16 Sep 2009 13:07:09 -0400 from [IP ADDRESS]
      ----- Transcript of session follows ----- ... Deferred
  • Since this is an automated system, Yahoo does not offer a system to "delist" a domain from this feature. This system works under the assumption that a legitimate sender (like us) will reattempt delivery and a spammer will not. Therefore, please rest assured that your email will be delivered as soon as Yahoo allows it.
  • To review's help topic on this issue please click on this link:
  • If you'd like additional information about "greylisting" please click on this wlink:

I accidently deleted some messages, it is possible to re-deliver messages from ExchangeDefender?

  • Unfortunately, it is not possible to re-deliver messages that have passed through ExchangeDefender. Once messages have been processed by the ExchangeDefender SMTP Security engine, they are handed off to the delivery process which destroys the messages upon delivery.
  • If you have ExchangeDefender LiveArchive enabled on your account you can retrieve your messages through
  • Note: Sometimes we may be able to deliver the message that was released from the SPAM quarantine. Doing so requires a lot of work and permissions to break encryption for your company. This process requires paperwork, legal approval and at least 2 hours of engineers' time so, unless the message was absolutely critical, it tends not to be financially worthwhile.

I just enabled LiveArchive but it does not have any of my old mail in it. Why?

  • ExchangeDefender LiveArchive is a proxy system that collects mail going into and out of your mail server.
  • You will only see messages sent or received by your email address after the LiveArchive feature has been enabled.

I've released a SPAM message from quarantine and it hasn't arrived in my inbox. Where is it?

  • If you have released a SPAM message from the quarantine and it has not been received within 2 minutes, please consult your system administrator. In all our experience, we have been able to narrow down the issue to AntiSPAM software on the server, on the desktop and even on the firewalls that the IT staff was not aware of.
  • The requirement for the deployment of ExchangeDefender is that all AntiSPAM tools be shut off. Otherwise, messages that we have quarantined will likely end up in the third party filters as well. Unlike antivirus, a layered AntiSPAM approach does not work.

An email addressed to multiple users within an company wasn't delivered to all recipients.

  • If you have received an email but other people in the To or CC list within your domain have not, please contact your system administrator. ExchangeDefender does not split recipients. It delivers the entire message intact to the target mail server so, if it got to you, it would have gotten to the other recipients as well.
  • In Exchange and other SMTP environments, it is the recipient's server that splits the recipients and delivers messages and alerts to their target users. Furthermore, Exchange implements a process called "Single Instance Storage" where a message is stored once in the email database even if it is being sent to multiple users (in order to conserve space).
  • Note: In almost all instances, the Outlook 2003/2007 client had moved the message to junk. In other instances, users actually deleted the message accidentally and didn't want to admit to it.

Can ExchangeDefender deliver emails for a specific email address to multiple servers/IP addresses?

  • Unfortunately, ExchangeDefender can only route mail on the domain-wide basis. All mail will either go to a single IP or to an MX record.
  • This business request is made by customers who wish to implement split/domain policies where mail for certain groups of users goes to one server and others to another.
  • Split domains are implemented at the mail server level, not at the proxy/ExchangeDefender SMTP security level.
  • You can still have split domains, but one of your mail servers will have to be the bridgehead.

ExchangeDefender outbound is on an RBL. Can you remove it?

  • We constantly monitor all RBL listings and remove our systems from RBLs immediately. As a responsible Internet Service Provider we also directly manage all SPAM complaints and regularly disconnect abusers.
  • There are instances in which we will not be able to remove the email address from an RBL. Our policy on RBL removals is that we will make the best attempt to delist the account, but we cannot guarantee that the removal will take place nor do we have any timeline.
  • Sometimes cable and DSL providers have issues with their RBL/DNS systems. Sometimes the client side uses an RBL that is not recognized as legitimate (UCE Protect/BLARS), and the only recommendation we can make is that you advise your recipients that timely delivery of mail to their system cannot be made if they do not subscribe to the legitimate RBL providers such as SPAMCOP and SpamHaus.

My mail server went down, is my mail lost?

  • No, your email is not lost.
  • ExchangeDefender offers two mechanisms for email delivery if your server is down.
  • By default, ExchangeDefender spools deferred/delayed/timed out messages and attempts delivery at preset intervals. So long as your mail server is not down for more than 5 days, your messages will be delivered.
  • ExchangeDefender automatically delivers spooled mail at a preset interval. Messages that have been received within the last hour will be retried every 5 minutes. Messages that are older than 1 day will be retried every 20 minutes. You should expect all your mail to be delivered within 1 hour at the most.
  • If your messages have not been delivered within 1 hour, you likely bounced them already. In our experience this happens when a configuration on the server or on the firewall is not correct and the server accepts and bounces the messages immediately.
  • ExchangeDefender LiveArchive is a free (but optional) service designed for business continuity. LiveArchive captures all inbound and outbound mail from your network and allows you to resume operations by using Outlook Web Access 2007 on our network to communicate with your clients while your systems are down.
  • Note: ExchangeDefender does not compensate for misconfiguration or permanent failures/bounces caused by your mail servers. Frequently, clients will bring the server online without checking the recipient's policies and other security software. If your server comes online and does not properly start or does not properly accept messages, it may bounce them back to the sender, and ExchangeDefender spooling will not be able to help because it was removed from the loop.

My mail server's IP address changed. How do I update ExchangeDefender?

  • If your IP address has changed, please first confirm that the IP address is not blocked on port 25 and is able to send/receive mail.
  • Once that has been done, go to the ExchangeDefender Administrative Portal at and login as the domain administrator.
  • You can change your IP address under the Configuration tab.
  • It takes approximately 1 hour for the new routing to be accepted and for your mail to route. In the meantime, your outbound mail will not be accepted by ExchangeDefender because it is not aware of the new IP address yet (Frequent Error: "Relaying Denied").

How long does it take for changes to ExchangeDefender to take effect?

  • ExchangeDefender configuration and policy changes take approximately 1 hour.
  • ExchangeDefender whitelist modifications and blacklist changes take approximately 2 hours.
  • ExchangeDefender LiveArchive account modifications, ExchangeDefender password changes and searches are instant (or less than 60 seconds).

Why am I unable to whitelist/trust or null senders on my own address?

  • ExchangeDefender does not allow whitelisting of null senders nor do we allow mirror rules (from me to me). Due to the level of abuse and email address spoofing, we have had to enforce this rule.
  • Note: This should not be a great concern. If you are seeing your own email address in the SPAM reports, you are almost guaranteed to be looking at the spoofed message. Messages sent to yourself generally do not leave your mail server and are routed and delivered locally.

Why do I keep receiving SURESPAM mail even though I have my SPAM quarantine set to delete?

  • Check your whitelist entries or your domain whitelist entries.
  • In our experience, we have found that users will frequently whitelist their own domain. This is not recommended as it presents an easy way for spammers to target you and bypass ExchangeDefender.
  • Please remove the email or domain address from ExchangeDefender whitelist and wait approximately 2 hours for the change to take place.

I have a requirement to send a large amount of bulk messages to legitimate opt-in recipients. Can I do that with ExchangeDefender?

  • Using ExchangeDefender to relay massive amounts of bulk or identical mail is not permitted.
  • Clients caught abusing our system to conduct this kind of activity will be removed from the outbound service and may even have their entire ExchangeDefender service cancelled.
  • Please see our Acceptable Use Policy, #21:
  • Broadcast mail use of ExchangeDefender's networks to distribute or mass mail identical messages is strictly prohibited, regardless of validity of recipients. Our network is not designed to support nor distribute mass mailings. Users with a business requirement to distribute legitimate mass mailings may use their own mail servers to relay mail directly or subscribe to a third party service designed for broadcast activity (ConstantContact, MailChimp).
  • Distinction between legitimate, legal, illegal or illegitimate mailings is not relevant to this policy. Our service is not designed to distribute bulk messages or large distribution lists, and we have agreements in place with large service providers promising that we will not allow bulk content from our network.
  • You can, however, use your own mail server to send legitimate bulk mail, though it must not involve the ExchangeDefender network in any way.

I am unable to add an email address and the system tells me that the email address already exists in the system.

  • The email address you are trying to protect already exists as an account or as an alias in ExchangeDefender.
  • Please search for it under your Administrator domain login.
  • If you are still unable to locate the message please contact us via the Support Portal and we will assist you.

Inbound messages (to the client) are bouncing with the error: ExchangeDefender does not protect this email address.

  • ExchangeDefender only processes messages for email addresses that it is aware of.
  • If you do not have your email address added as either a user or a user alias, ExchangeDefender will reject it with the error message, "ExchangeDefender does not protect this email address".
  • Once you have added your email address to ExchangeDefender it can still take up to 1 hour for the new address to be allowed through our network.

Message sent to the XYZ email address worked last week, all of a sudden they're getting an error : ExchangeDefender does not pr (I'm assuming this is supposed to be process?)

  • In order to most efficiently protect ExchangeDefender client's servers, ExchangeDefender no longer processes or otherwise wastes client's servers resources by acknowledging non-existent email addresses.
  • Email address (SMTP) dumps are required for activation of ExchangeDefender servers. This way we can reject all unknown addresses within ExchangeDefender on your behalf. You can provide an address when you setup a new domain, add them manually through the web interface at any time or setup LDAP sync with our friendly ExchangeDefender agent software.
  • In addition, in ExchangeDefender we have an easy method for automatically provisioning accounts based on the Active Directory listing of the Exchange server.
  • Please log into the exchange server for the above domain and run the following VBS file ( After the file has been run, there will be a text file on the root of the C drive titled "EmailAddresses.txt" please open that file and send me the contents.

When I click trust sender or deliver link in the older email report I receive an error. Why?

  • ExchangeDefender only keeps the last 7 days worth of SPAM messages. If you are looking at an older SPAM report, or the message was sent to you more than 7 days ago, it has already been destroyed.
  • If you are trying to Trust Sender for a message that does not have an email address (null sender) the system will throw an alert letting you know that spoofed NDRs are not allowed in the whitelists.
  • You can still attempt to deliver the message, however we do not recommend it.

Email messages are returned or delayed with the following subject: Undeliverable: Delivery status Notification (failure). Why?

  • You have received a message similar to the one below:
    • From: "System Administrator"
      Date: February 6, 2009 11:46:53 AM EST
      To: "Mr Client"
      Subject: Undeliverable: Delivery Status Notification (Failure)
      Your message
      To: Your Recipient
      Subject: Sample Subject did not reach the following recipient(s): on Fri, 6 Feb 2009 11:46:52 -0500
      Could not deliver the message in the time limit specified. Please retry or contact your administrator.
  • Notice that this is a permanent failure of the recipient's mail server and you should contact them directly through other means. It is very likely that all the other mail you have sent them or will send them in the future will bounce as well.
  • This feature is built into ExchangeDefender to alert the sender that the message has not been accepted by the recipient's mail server. ExchangeDefender has attempted to continuously deliver this message for 1 day. The error is not on your end or on ExchangeDefender's network. It is on the recipient's server.
  • Tech Note: This usually indicates a graylisting process or a malfunctioning blacklist on the recipient's server. If you can reach a technical representative for the recipient's mail server, please advise them that their SMTP server is not properly processing SMTP connections from or In case this is a permanent failure and a problem on the recipients side that cannot be addressed, consider creating an SMTP connector between the two organizations if the direct connections work (process for this is beyond the scope of ExchangeDefender support and requires advanced understanding of mail systems configuration).

Email messages are delayed with the following subject: Warning: could not send message for past 3 hours. Why?

  • You have received a message similar to the one below:
    • From: Mail Delivery Subsystem
      Sent: Tuesday, January 27, 2009 1:41 PM
      To: User
      Subject: Warning: could not send message for past 3 hours
      The original message was received at Tue, 27 Jan 2009 10:37:35 -0500 from []
      ----- Transcript of session follows ----- ...
      Deferred: Connection timed out with []
      Warning: message still undelivered after 3 hours Will keep trying until message is 1 day old
  • Notice that this is not a permanent failure but only a notice that your message has not been delivered to your recipient yet ("This is a warning message only, you do not need to resend your message").
  • This feature is built into ExchangeDefender to alert the sender that the message has not yet been processed by the recipient's mail server. This typically indicates severe problems on the recipient's mail server. ExchangeDefender offers this alert so you can contact your recipient through alternate means if the message contents require urgent response.
  • While ExchangeDefender will continue to attempt delivery for one full day, this initial alert is in place to allow you to seek other means of communication. Attempting to resend the message will not work because the problem is on the recipient's mail server, not yours or ExchangeDefender's.
  • Tech Note: This usually indicates a graylisting process or a malfunctioning blacklist on the recipient's server. If you can reach a technical representative for the recipient's mail server, please advise them that their SMTP server is not properly processing SMTP connections from or In case this is a permanent failure and a problem on the recipients side that cannot be addressed, consider creating an SMTP connector between the two organizations if the direct connections work (process for this is beyond the scope of Own Web Now support and requires advanced understanding of mail systems configuration).

What attachments/extensions does ExchangeDefender block?

  • ExchangeDefender blocks a variety of files that can potentially cause problems within corporate networks. Aside from checking the extension of a file, ExchangeDefender will check a files MIME type and contents, where a failure in the check will result in the attachment being stripped and replaced by "exchangedefender-attachment-warning.txt"
  • Renaming a files extension will result in the file being stripped for trying to hide its file type.
  • Zipped/Archived files will be checked for their compression rating (for mail bombs) and then deflated for its files to be checked.
  • ExchangeDefender will block the following extensions/file types:
    • .its Dangerous Internet Document Set
      .mau Dangerous attachment type
      .md[az] Dangerous attachment type
      .prf Dangerous Outlook Profile Settings
      .pst Dangerous Office Data File
      .vsmacros Dangerous Visual Studio Macros
      .vs Dangerous attachment type
      .ws Dangerous Windows Script
      .com Windows/DOS Executable
      .exe Windows/DOS Executable
      .scr Possible virus hidden in a screensaver
      .bat Possible malicious batch file script
      .cmd Possible malicious batch file script
      .cpl Possible malicious control panel item
      .mhtml Possible Eudora meta-refresh attack
  • Currently there is no way to allow these attachments via custom policy. This is not subject to change because ExchangeDefender cannot assume the risk these files present. If you trust the source, please use a file sharing protocol to obtain the files and scan them correctly. Because it is so easy to forge (spoof) an email address to the one you and your clients or employees trust, it is impossible to whitelist executable content through our network.

What should I do if the domain alias is showing as the primary?

  • Nothing, ExchangeDefender treats all domains listed equally. Currently, the hierarchy of the domain listing within the Service Provider level of the portal is merely based on the order the domains were added. Even though this issue is only cosmetic, we plan on adding functionality to customize this hierarchy in the near future.
  • In addition, the domain level authentication is shared by the domains that are connected. This means that if is an alias of The admin portal will allow access with both of those as usernames, with the same password. Whichever domain is used to login, will be listed as the primary domain during that session.

How do I upload multiple whitelist entries?

  • To use our interface to add multiple whitelist entries at once, the system is set up to use CSV (Comma Separated Values) formatting. Thus the file can look like:,,, or,,

ExchangeDefender SPF Records

  • If you are using SPF records as a part of your domain name to limit joe-job's and spoofing you're probably aware of having to manually add IP addresses to it when a new ExchangeDefender outbound network is created. Good news - you don't have to do it manually any more! Just add the following directive to your SPF record (in bold):
  • "v=spf1 - all":
  • Adding the include: to your SPF TXT field will include all of the defined outbound SMTP servers used by ExchangeDefender so you don't have to manage them manually. Naturally, you should also list all of your other SMTP servers that relay mail for your domain.
  • Note: ExchangeDefender does not offer technical support for SPF records as they are not a part of our service. However, if you wish to use them and know how to implement them, ExchangeDefender is making it easier to track our records.