ExchangeDefender Blog

We’ve had a very busy summer, working on all sorts of features that are helping our clients and partners run a more profitable & predictable business. All of these new features will be available through ExchangeDefender as well as Wrkoo shortly.

This post is unfortunately not about one of those features. During the implementation of full automation for service subscriptions, terminations, and billing we found several partners that were committing outright financial fraud against us. This has caused us to revise our billing process and policies so that we can continue to provide a service that is both affordable and profitable for everyone.

In 2019, we’ve spent an average of ~62 hours per month dealing with delinquent accounts.

Delinquent accounts are those that do not pay their bills by the 5th of the month. By our policy every account that does not pay their invoice in full on the 1st has a ticket generated and assigned to the Billing Contact for the company. We then follow up with an email and a phone call to the billing contact. We understand that business can be difficult and unpredictable (credit cards get compromised, it’s hard to track expirations with all the vendors, some clients pay slow, etc) and we go out of our way to make sure the business is aware of an unpaid invoice. Invoices that are not paid by the 5th (after we’ve contacted the billing contact every possible way) are charged a late fee. If the invoice is still not paid we continue to make the best effort, and if it’s still not paid after the 15th the service is disconnected.

Delinquent Account Handling

If you were seriously late paying an invoice more than twice in 2020, your account will be flagged as delinquent. If any of the future invoices are unpaid by the 5th, you will be asked to provide a secondary funding source:

If neither funding source can be charged by EOD on the 3rd (after tickets have been opened and emails sent), the services will be suspended.We are hoping that this automation helps our partners and clients avoid service interruptions and late fees.


Sincerely,
Vlad Mazek

Due to popular demand, we’ve added some new Distribution Group features to our Exchange/M365 Service Manager. The features are all about external (mail enabled) contacts that have a huge presence in the SMB/consulting organizations:

External Contacts or Mail Enabled Contacts are great when you need to give a person an email address on your domain without giving them their own mailbox. This is a very popular feature in SMB/consulting community when it comes to contractors and third parties that already have their own email infrastructure but for compliance (or vanity) purposes they need an email on your domain.

External Contacts allow you to assign an email address on your domain (vlad@ownwebnow.com) and automatically forward all their mail to their existing email address (vlad@exchangedefender.com).

Not only does this feature help save money on licensing costs, it also eliminates the need for the person to setup another account and check mail at a new place.

The upgrade we’re announcing today has to do with External or Mail Enabled contacts as a part of a Distribution Group (Exchange term for “mailing list”): You can now add external email addresses to any internal/external distribution group from the Service Manager at https://support.ownwebnow.com. Now when you try to create or modify a distribution group, your “Add a new member” screen will show your defined external contacts as well!

This is one of the most demanded features in Service Manager, and we hope it serves your business well!

But her (external) emails!

Unfortunately for some, the Internet standards still apply and most service providers are rapidly removing features that have anything to do with external mail forwarding. This is mainly due to rise of SMTP authentication/authorization protocols like SPF, DomanKeys (DKIM) that do not work with the way mail enabled external contacts are implemented in Microsoft Exchange and other email servers. When the mail is being forwarded to the external contact, the From line remains intact so that the recipient can identify the person sending the email (for example, vlad@vladville.com). But when the message is forwarded to the external contact, the receiving server will look at the from line and see that the message is from a domain hosted on Gmail but sent from the ExchangeDefender address space (that is obviously not a part of Google Gmail SPF/DKIM record) and depending on configuration might consider that message to be a forgery/spoof/SPAM.

This isn’t an ExchangeDefender issue, or a Microsoft issue, or a Gmail issue, it’s a part of the protocol specification. And while everyone else is making this feature go away (because it can affect server reputation), we’re working on rewriting/improving it. We are currently working on a feature that will rewrite the From line, so when Exchange forwards an email “From: Vlad Mazek <vlad@vladville.com>” to an external contact, the recipient will get an email that shows this on the from line: “From: Vlad Mazek <vlad=vladville-com@forward.exchangedefender.com>” that will help bypass SPF/DKIM checks on the receiving side.

ExchangeDefender has always tried to help our partners when it comes to billing management. Perhaps you’ve noticed that no matter when you sign up for the service during the month you are not charged. Not even a prorated amount.

The terms of service do require a 30 day notice, but we understand that sometimes our IT partners are too busy to remember to cancel stuff. As we’ve grown over the years, it’s become necessary to lock down our subscription management a few days before the billing cycle that runs on the 1st. Inevitably someone forgets or waits till the last moment and opens a ticket nearly at midnight making for an awkward pointing to terms of service. Worse, some partners make their staff wait till the last of the month to manage cancellations and adjustments, which stresses everyone out unnecessarily.

So we’ve got a solution. When you come to delete / cancel the service you will be given the option of selecting a cancellation date. This allows our partners to have the service scheduled for automatic deletion so you don’t have to worry or wait until the end of the month. Now that this bit is automated, our team will no longer accept cancellations of services unless they are made through the Service Manager

It’s been a year since we launched the ExchangeDefender Automatic Enrollment feature and it recently got a major upgrade to function with our new cloud infrastructure. This is our favorite way to enroll ExchangeDefender users for two reasons: it’s the simplest and the most seamless way to onboard new users.

When ExchangeDefender detects a new email, it will put it in the enrollment process which consists of the following:

– Creating an ExchangeDefender account and supporting service accounts
– Applying existing policy defaults for the organization
– Creating LiveArchive account and routing policy
– Updating administrative and licensing systems
– Generating a welcome email

On the service provider side, there is a full and searchable log of all account enrollments so everyone is kept in the loop in real-time.

As for the user experience, everything is branded and automatically taken care of. When they send an email to any external email, their address will be provisioned within 1 hour and they’ll get the following email inviting them to get started. Even if they ignore it, the ExchangeDefender auto attendant will automatically apply all the domain/organization specific policies for them automatically. And of course, if something on your network is sending email by mistake you can just block it and you won’t be billed for it.

There is a lot of work and testing currently being done on several Microsoft integrations (Azure Directory sync, Outlook/OWA addin) but more on that during our August webinar. We are also doing some very interesting integrations on the Enterprise side, and some of those features may appeal to our MSP partners (although some may be cost / infrastructure prohibitive). For example, we have a client who required accounts to be approved before they could be auto-created (even though they were synced through our Azure integration) and we were able to enable them to do that. If you’ve got feature ideas we’d love to hear them, but there is a lot we can also build with our partners.

Sincerely,
Vlad Mazek
CEO
ExchangeDefender 

At ExchangeDefender we get an over-sized serving of “weird email problems” on a daily basis, and keeping the client up and running and email flowing securely is our first priority. Trouble is, some of the issues our clients face can’t be easily replicated because they often involve a complex setup or a device that we do not have control over, naturally leaving the paying client in a position to make us prove that we aren’t causing the problem. And the customer is always right.

Today we are announcing a new service, included with ExchangeDefender Pro, that will help improve monitoring, problem detection, recovery, and diagnostics for email problems that fall in the weird category. By simulating real-world email traffic we can match up our timestamps, headers, diagnostics logs, and identify problems and their cause in real-time. Our email diagnostics service can be scheduled with preset intervals, message specifications, test parameters and more to help detect a problem with the mailbox or mail routing in general.

What kind of tests can we run? Here are a few of the top used cases:

– Email sometimes experiences a delay
– None of the emails with attachments sync with the mobile device
– Messages aren’t consistently signed with DKIM
– Messages to/from different sources cause a delay
– Messages “arrive all at once” or “never at all from 9PM to 11PM”

In the two months that we’ve been testing this new service, we have yet to find a problem that can either not be identified by this tool or that we cannot fix very quickly. This system can detect issues within the ExchangeDefender cloud, as well as any other email infrastructure out there (Office/Microsoft 365, Gmail, etc). This feature is a part of a much larger set of security enhancements we’ve been developing/testing, and would welcome any feedback and suggestions.

If you have found an issue that is causing a problem for the client, please let us know by opening a ticket. From there we can simulate the sort of traffic that is not reaching their mailbox correctly and give you tons of samples that will help identify exactly where the issue likely is.

To get started, open a ticket with “Email Diagnostics Request” and the type of problem you’re trying to solve and we’ll get right on it. This service is a part of a more elaborate mail testing package we are currently building to assure all our clients are properly setup, properly locked down, and ensure any issues are detected and addressed before they impact productivity.

Today we received word from Microsoft explaining that they are currently investigating the technical issues involving the sudden crashing of their Outlook email app. (For the record, no – it’s not us.) Their twitter confirmed later in the day with the following alert:

“We’re investigating whether a recently deployed update could be the source of this issue,” explains Microsoft… “As a workaround, users can utilize Outlook on the web or their mobile clients.”

This comes after thousands of Office 365 users reported that the email app immediately shuts down upon opening. This has come after the recent upgrade to Exchange 2016.

As for ExchangeDefender, we have not received any support requests as of yet, but we wanted to give you a heads up in the event that you experience difficulty using the app.

Our tip: Use OWA with your web browser, you should be able to login with no issue. If you are still experiencing delays, please submit a ticket via our support portal, so that we can troubleshoot your issue further.

Our Official NOC announcement is available here!

In February we released our new Exchange web management user interface. Now that everyone is on the new platform, we’re quickly moving to add new features and tweak the ones that are not as intuitive. Remember, our goal with Wrkoo and our M365 UI management is to make it as simple and user friendly that any office manager can handle what are routinely clerical tasks like distribution group memberships.

Distribution Group Management is the feature we’re launching today: a friendly way to manage distribution groups.

Organizations of all sizes use distribution groups to setup internal and external mailing lists, so that one role address like sales@ or info@ can be automatically delivered to multiple people. Distribution groups and shared mailboxes play a vital role in how entire departments communicate with internal and external parties, and ExchangeDefender makes managing them a snap.

First, go to https://support.ownwebnow.com and click on Service Manager. Select the organization you wish to manage.

To quickly create a distribution group, click on the checkbox next to the users that you want to add to the distribution group. As you check users you will see a new toolbar for mass user management: Change Password, Create new group, and Add to existing group.

To manage existing groups, click on the Distribution Groups tab. From here you can manage group members or delete distribution groups. Click on Manage Members.

From here you can just select users to add and remove.

Finally, you can also find out which groups a user belongs to. Click Manage on the user you wish to review and then select Group Memberships.

We are working really hard on new features, if there are things you would like to see in our future updates please let us know by opening a ticket at https://support.ownwebnow.com.

We’ve been running Exchange migrations to/from Microsoft 365 and Gmail since 2015 and as of this month all our users are on our latest tech (Microsoft 365 / Office 365). With all the new modern tools and Microsoft cloud tech you’ll automatically get backend updates from here on out and hopefully the words “email migration” will never come up for you.

We realize that there are some clients that would prefer to move their mail elsewhere so before we retire all our legacy infrastructure, we are making one final offer. We can manage your migration, either by just providing the pst export of data or managing the entire process end to end.

The cost for the PST export is $39/mailbox if you’d like us to handle it for you (or you can do it for free yourself), and the cost for the full migration service is $59/mailbox.

PST Export ($39/mailbox) includes exporting your data to a standard PST file and making it available on a secure web site.

Full migration ($59/mailbox) includes the export as well as the following:

– Mail proxied through ExchangeDefender delivering to current mailbox as well as the mailbox at the new location, allowing you to stay in business even while we do the mail moves.

– DNS management including configuration of the new SPF, DKIM/DMARC, and MX records.

– Current mail (pst) upload to the new mailbox

– Disconnection/removal of the existing email infrastructure

– Warranty and support for the whole process.

We recommend going with the full migration including a year of ExchangeDefender service. This option allows us to make sure the configuration is accurate on both clouds, that data is moved correctly and securely, that MX/SPF/DKIM/DMARC are operational and do not cause issues down the road, as well as LiveArchive to assure that should anything go wrong you can still send/receive email.

P.S. If you have basic IT skills, or if you work with an IT/MSP/VAR/tech provider, you can do this on your own. Simply make the following changes to your hosts file and you will be able to connect Microsoft Outlook and export mail to a pst file on your own. Our legacy systems will be permanently retired on August 1st, 2020.

#72.249.181.167 autodiscover.YOURDOMAIN_ON_SCROOGE.com
#72.249.181.162 cas.scrooge.exchangedefender.com
#65.99.255.121 autodiscover.YOURDOMAIN_ON_ROCKERDUCK.com
#65.99.255.37 cas.rockerduck.exchangedefender.com
#72.249.181.149 autodiscover.YOURDOMAIN_ON_GLADSTONE.com
#72.249.181.232 cas.gladstone.exchangedefender.com
#65.99.255.26 autodiscover.YOURDOMAIN_ON_LOUIE.com
#65.99.255.58 cas.louie.exchangedefender.com
#72.249.181.123 autodiscover.YOURDOMAIN_ON_DARKWING.com
#72.249.181.238 cas.darkwing.exchangedefender.com


If you are interested in this offering, please download the application and submit it to us via ticket at https://support.ownwebnow.com 
or call us at 877-546-0316 x720

To check ExchangeDefender Service Health, simply visit www.anythingdown.com

We wanted to offer one final update before we close the ExchangeDefender NOC covering our Exchange migration.

The past few days have been largely consumed with cleanup and misc configuration requests already covered here. By far the biggest issue has been reseeding and legacy copies of mailboxes exceeding 25GB – using nearly all internal, Microsoft/powershell, and third party tools there seems to be no predictable, foolproof, failsafe way to migrate a mailbox. The larger mailbox gets, the more difficult it seems to port (one particular user has been waiting on their mail for 2 weeks – they have a 70 GB mailbox – and it’s taken dozens of attempts of repair/recheck/export/move/seed/verify) and it has been the greatest source of frustration for us and for our clients, largely because the progress indicators are unreliable and process very prone to failure the larger the mailbox gets. This is why when we started offering 2016 years ago we set up the 50GB quota with 15GB realtime and 35GB in place archive setup so we can deliver on both service restoration and disaster recovery.

We are continuing to assist our partners in the following areas:

–       Outlook connectivity (if it keeps on prompting you for a password you need autodiscoverregistryhacks.zip)

–       Distribution Group (External) and External Forwards UI (we discovered a bug, the control panel will be back over the weekend and in meantime we’ll create it for you manually with a ticket request)

–       Cancelled services (as of yesterday 6/18 we have the ability to remove organizations from ExchangeDefender/O365, so if you client cancelled or went to another service even within O365, open a ticket and request that we delete the org. You can do so on your own as well if you’ve deleted all the mailboxes/forwards/groups.)

–       IoT/SMTP (while Exchange/O365 does support SMTP connectivity, managing it through our IoT connector is far more secure and reliable)
–       Implementation of Shared Mailboxes. Please, please, please, please DO NOT use Public Folders anymore, for any purpose. Create a Shared Mailbox instead.

At this point everyone can connect, mail delivery and legacy reseeding are in progress, all systems for Exchange, ExchangeDefender, and LiveArchive are working normally.

We’re looking forward to closing this ugly chapter. We have done everything in our power, and we couldn’t be more thankful for our partners who have helped us with the cleanup of the Microsoft disaster. Thank you. We are sorry that so many clients were inconvenienced with this, we planned and managed every step of this migration by the book with thousands of other successful migrations that happened from 2016 – Aug 2019, but when your vendor pulls the rug underneath you and damages hundreds of mailboxes unannounced… many of us will soon be enjoying the first day off in June. The only good news is, you will not have to go through this process again.

We wanted to offer a major update on the migration, specifically covering the major issues we have addressed for some clients during the cleanup phase.

Distribution groups, forwarding

We have received reports from several organizations regarding issues covering distribution groups, group members, forwarding account directions (forward vs. store & forward). If any objects failed to import due to configuration/contents/policy/etc it is in the retry queue and will be published shortly.

Add / Delete Mailbox

We have addressed a bug in the add/remove process that was prohibiting certain organizations to add/remove accounts. Originally, as noted on anythingdown.com NOC, we blocked this function entirely because users were looking at an empty list and creating mailboxes (that would cause a collision when the new mailbox was migrated from the source). This problem is fixed, if you encounter an issue please open a ticket with a screenshot and as much info as you can provide.

Add / Delete Organization/Domain

At this moment it is not possible to add/remove organizations, or those that were in the system recently. In order to finalize the migration, the routing policies are locked down (meaning if you deleted a domain, ExchangeDefender will still treat them as local). We look forward to wrapping this up shortly.

Password / Login issues

This is by far the biggest ticket group category, we are still processing double digit requests for credentials, credential resets, and credential tests. Similar to the next group:

Outlook issues

We are still spending a lot of time going through the basic Outlook configuration steps. For an overwhelming majority, this transition has been transparent. Those that did not and had to take a manual configuration route, the process has been described at anythingdown.com 1) Make sure you have an autodiscover record 2) Make sure it propagates, then run the autodiscoverregistryhacks.zip 3) If you don’t control your DNS, make adjustments to your local systems hosts file 4) Setup Outlook with autodiscover, the UPN must be used as your login address if you’ve changed it from your primary SMTP address.

Missing & Syncing Emails

Every mailbox that has been reconnected has either had all it’s mail delivered directly, delivered in a Catchall account – user@domain.com. Some users are confusing items they see in their Inbox in LiveArchive but not in their Outlook/OWA (but after extensive searching we keep on finding missing messages in folders, Deleted Items, etc). If something is missing and absolutely critical in LiveArchive just click on the message and click Forward to your email address and the message will be forwarded to your Outlook/OWA.

Store & Forward

Several users were also unfortunately caught up in a custom policy that did not get migrated to the new Exchange. These are more legacy configs we did for some users in AUDC, things like renaming the OU or primary domains. For some of those accounts, the store and forward rule because a forwarding only rule, skipping the Inbox and going straight to the person that it’s being copied to. We have fixed this issue and it should not be happening again.

Autodiscover

We have gotten several complaints about autodiscover. Microsoft has removed manual configurations in 2013 and no modern version of Microsoft Exchange supports a manual server setup. However, this is something that could be easily rectified even with minimal technical skills by modifying the local hosts file if you don’t have the credentials to do it properly by modifying the DNS. Absolutely everything in the new infrastructure relies on the autodiscover record!

iPhone / Android Setup

For the most part, we are just confirming that all mobile devices should work fine with owa.xd.email as the server name, ditto for EWS integrated applications, we have not received more than an inquiry for the server name. For Android, things get sketchier when you consider all the different vendors, apps, and configurations. Again, so long as autodiscover is present and configured properly and your device is using a modern client, it should just work. When it doesn’t, recreating it takes a few minutes.

NDR

Non delivery receipts and errors are always of high interest to our NOC team as we continue to go through cleanup and audit all the tickets and users.

These are the issues we are currently working on, in 3 shifts, and sorting them all out as fast as possible. I know that for many of our clients this transition has been messy, but you are on such a better and more secure platform that won’t require you go through this process again. While modern platforms are more secure, their recovery from a disaster or issue (as some of you unfortunately went through) is extensive and at times unpredictably slow – so you have this much of a commitment for us, we will make sure LiveArchive is able to step in on a whole new level when things like this happen.


Important links to remember

ExchangeDefender NOC
www.anythingdown.com or https://xdinternal.xdnoc.com/

ExchangeDefender Exchange Setup
https://www.exchangedefender.com/blog/2020/06/exchangedefender-exchange-setup/

Autodiscover Registry Hacks
https://www.exchangedefender.com/media/autodiscoverregistryhacks.zip

ExchangeDefender Service Documentation (Knowledgebase)
www.exchangedefender.com/documentation