ExchangeDefender Blog

Everyone on record by December 31st, 2019 will be grandfathered into the service.

You’ve got 45 more days to sign up for ExchangeDefender Essentials and Exchange Hosting Essentials in their current form with all the current benefits and features.

In 2020, we will start offering a new Essentials service that is more competitive with the entry level offerings from Microsoft, Google, etc.

New accounts will not be compatible with Office 365, Gmail, or other cloud based email services, a territory that ExchangeDefender Pro is far better suited for.

The service will be slightly more affordable but will no longer have options to add on Encryption, Web File Sharing, LiveArchive, Compliance Archive, corporate & MSP branding, and other enterprise-ish features. If these features are important to you and you have open leads, please make sure the orders are placed by Christmas.

Between the lines:

ExchangeDefender Essentials line has had a great run but over the past two years we’ve noticed a trend – clients are either going for the cheapest option, or they are signing up for all the bells and whistles that come with the Exchange and ExchangeDefender Pro line of services. The original intent behind Essentials was to create a “make it your own” version where companies that didn’t need Encryption or LiveArchive could save a few bucks and get an enterprise product that scaled with the organization as it’s demands grew.

We’re hoping that announcing the phasing out of the current licensing will give existing leads an incentive to get signed up and grandfather in the features at a discount.


At ExchangeDefender we want you to be safe online. One of the biggest and best steps you can take towards that goal is to both protect your domain from being “spoofed” (forged by a spammer) and to block any such forgeries from arriving into your mailbox. 

About Spoofing  

Spammers and hackers routinely abuse domains that do not have a SPF or DKIM record. They configure their email software to use your domain name for a SPAM campaign or to launch sophisticated phishing attacks. If you’ve ever received an email from yourself, or from a forged government or corporate entity, you’ve been a victim of spoofing. If you’ve ever received thousands of rejections and delivery receipts for messages you never sent, you’ve been a victim of spoofing. Because so many domain owners do not take responsibility for their DNS configuration, this is the most widely abused mechanism.

Good news is, ExchangeDefender can help protect you from these attacks and brand misuse through implementation of SPF, DKIM, and our corporate policies.   

SPF (Sender Policy Framework)

ExchangeDefender uses SPF to verify that the email is coming from a source that your organization trusts to send messages. This is typically your email server, our email server, and sometimes a business application (like a hosted CRM) that sends email using your domain name. All others get rejected as forgeries. 

How do you setup your SPF record? Simply go to wherever your domain name is hosted (your name server) and add this TXT field to your zone. You may need assistance from your ISP, domain registrar, or whoever is actually running your name servers. If you don’t know who that is, or they are too difficult to use, ExchangeDefender will host your domain free of charge. The TXT record will not have a  hostname and the value should be set to the following:

Hostname: 

Record type: TXT

Value: v=spf1 include:proxy.exchangedefender.com -all

DKIM (Domain Keys)

ExchangeDefender uses DKIM to validate automated digital signatures. We also sign messages for all customers that rely on ExchangeDefender to send outbound mail (pretty much everyone). This is a 2 step process similar to SPF. 

Step 1: Request public key

Go to https://support.ownwebnow.com and open a ticket requesting signatures of your outbound mail. Please specify which domains you wish to sign because each domain must have its own set of keys.

Step 2: Create a DKIM public record

Go to wherever your DNS is hosted and just like in SPF, create a DKIM record:

Hostname: default._domainkey

Record type: TXT

Value: v=DKIM1; k=rsa; s=email;  p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0SXzBGHoJcBVKyNEntvTiMtoSIH4uiuY6i5hzF47
A2eYb4pB/gtsHpP1vpDgzZvwVLz65nQwnm4wvSFsarKwCyWYyvGwPvBd9+v2Jcrk5dsfHioUDZo5oSvbRY
+e8AD7eo42A/pYdgZxL9KRyZbMsCtHJrAqvYB6LZP0SFVvkYQIDAQAB


Important: This is just an example. You will need to use your own public key generated in Step 1 and provided by us. Also, the value of the TXT record has to be on the same line, if there are any line breaks (if you copy it from an email or web page) please remove them.


Step 3: Update the ticket with us to test deployment

After the DNS record has been created for your domain, we will validate it and if configuration is valid we will start signing your outbound messages going through ExchangeDefender. 

After the DNS record has been created for your domain, we will validate it and if configuration is valid we will start signing your outbound messages going through ExchangeDefender. 

ExchangeDefender Policy 

While we encourage all of our clients to implement both SPF and DKIM, we understand that there are sometimes business scenario cases under which this is impossible. If you find yourself in this predicament you should immediately change where your name servers are hosted and take full control of your organizations identity online. But if that is still something you may not be able to do, ExchangeDefender can still protect you from phishing attacks and spoofing launched using your own domain name. If you’ve ever received email from yourself or from a colleague (but the email actually came from a server in Poland) then this setting will help you.

Go to https://admin.exchangedefender.com and login as the domain administrator (username is your domain name). 

Click on Security Settings > Phishing
Under “Flag External Emails” click on Enable and then Save.

After this setting is applied, all messages from your domain that were sent from outside of the ExchangeDefender network will go into the SureSPAM quarantine. Just tell users not to trust, whitelist, or release messages that are coming from your own domain because they are certainly not legitimate.Note: This is the option of last resort and will not stop hackers or spammers from abusing your domain for phishing, spamming, or hacking. However, it will stop those messages from arriving directly into your users mailbox. If you already have a valid SPF record (with -all, not ~all) and DKIM in production, this setting is not necessary as ExchangeDefender will automatically reject messages that fail SPF/DKIM validation.

If you have any questions or concerns about ExchangeDefender and implementation of SPF, DKIM, or phishing policies please feel free to contact us.


ExchangeDefender has been seeing an elevated amount of malware originating from hacked Exim mail servers. While we tend to score those messages higher by default to keep our clients protected, one of our clients discovered a scenario in which a user could get a dangerous payload through our scanners (requires multiple manual steps and a sophisticated recipient with imaging software willing to go through multiple hoops). Which this is exceptionally unlikely, we wanted to address a few of the topics anyhow.

1. CIOs, MSPs, and Domain Administrators can manage attachment policies

If you go to https://admin.exchangedefender.com and login as the Domain Administrator, you can manage attachment policies under Configuration > Attachments. You can find more about ExchangeDefender configuration at https://www.exchangedefender.com/docs/domain#configuration

2. We do not deep-scan file system images (.iso/.img)

As a policy we do not deep scan .iso or .img file system images. The files themselves are scanned for both malware, viruses, and other parameters (for example, if someone renames a .exe to .img, or embeds malware in one we will still filter it out) but we will not mount file system images and go through each file inside. This is not a popular attack vector (requires multiple actions by the user and most will require Administrative access and specialized software) but it is technically possible.

3. You should implicitly distrust anyone on hacked Exim servers

ExchangeDefender cannot globally block Exim servers (because there is always going to be that one “business case scenario!!! we cannot block our $2 cPanel VPS!”) but if you can possibly block them – by all means do. While this is generally not necessary (ExchangeDefender maintains a proprietary list of pwn3d Exim servers and routinely moves them to SPAM or SureSPAM), it’s a good idea not to accept any mail from these servers at all.

4. You should implicitly junk SPF failures

Same as #3, it’s a really good idea if you have the luxury of not dealing with people that shouldn’t be running an email server. ExchangeDefender tracks SPF failures and notes them in the headers that can be used to aggressively filter out messages sent out from invalid ranges. Just look for a “Received-SPF: softfail” in the message headers.

Received-SPF: softfail (inboundXX.exchangedefender.com: domain of transitioning postmaster@gmail.com does not designate 67.82.55.11 as permitted sender)

What this means is that the organization has designated an IP range that legitimately relays messages, and this message came from an IP address outside of that range. 99.99999% of the time it’s a spammer. 0.00001% of the time it’s just a poorly configured server. It’s your choice to assess the risk and implement this if possible and we recommend it.

Finally, if you are actively monitoring security and communicating with your clients, we do manage a NOC site that logs major issues at https://www.anythingdown.com. If you’re one of our MSP or enterprise clients, you also have a branded version of this software free of charge at https://www.xdnoc.com that you can attach your domain name to and offer these alerts to your clients without copying and pasting around.We hope this helps and we appreciate your trust in keeping you safe online.

For more information, please see our ExchangeDefender Guide for Domain.

Last week we launched our new UI framework that will soon drive the primary user experience for all ExchangeDefender applications. The admin portal as a series of web pages that post to one another and remain in constant state of refresh is a thing of the past.

The new user interface is meant to deliver the full power of ExchangeDefender through a browser no matter what device you’re on. To say the new UI has been a hit would be a massive understatement. What we’ve heard the most is: “I love it, but…” and this post is here to give you a little tease about what is coming up next.

Saved, customized views

There are power users that want every bit of data and then there are basic users that are just trying to find a message – and we’ve gotten feedback from both. Good news, everyone will be happy with the addition of customized views:

The new SPAM quarantine interface will soon give you the ability to display only the columns you want, show you messages you’ve previously released, as well as showing you only the new messages. Everyone has a preference, and once you set it ExchangeDefender will remember it. Next time you come to the quarantine view, your settings will be automatically saved.

Send emails without having email open

We’ve covered the details of the product road map in our previous webinar but to put it succinctly, not everyone in the organization needs a full 50GB mailbox, and most people rarely use more than 10% of their Outlook – definitely not something worth $180/year. When we designed the new UI we did so with full confidence that one day soon ExchangeDefender will entirely replace fat client apps, and here is a little preview of that: you can now send messages directly from ExchangeDefender:

This “Send Mail” and “Send Encrypted Email” (for ExchangeDefender Encryption subscribers) shortcut will be available across the entire service because virtually every interaction ends up in a creation of something – an email response, a task (Hello Wrkoo!), a ticket, maybe even a calendar appointment – ExchangeDefender will be streamlining all of that and don’t worry, a copy of the message will be delivered to your mail server for compliance reasons.

Respond to email in real-time

One of the advantages you get with ExchangeDefender is the embedded phishing protection and security – things that would be designed to attack your Outlook or Gmail for example – will not be active in ExchangeDefender and will keep you safer by default. So if you got a sketchy message and you aren’t sure if it’s legitimate – or you no longer want the message sitting in your mailbox — you can reply directly from the ExchangeDefender message view.

You can also forward and print the message as well, eliminating the need to release or trust a sender that may not be reputable.

Goodbye tabs & sites

We want you to do what you have to do, but faster and without a ton of open tabs. The new Dashboard look is still evolving but here is a sneak peek:

The idea is to present everything you may want to see as far as your activity and the service metrics, but not forgetting what you actually come to ExchangeDefender to do – to communicate and collaborate securely. With that in mind, we’re adding “action tiles” throughout our services that highlight the most popular feature or two. If this was your first time using ExchangeDefender, what would you likely want to do? Check SPAM? Send an Encrypted message? Share a document library? Go through your archives or rely on business continuity because your server or email cloud went down?

We’ve got you covered.

P.S. 100% of these features have come to us by the means of the Feedback link from awesome users such as yourself. We’re a little different in the way we design software, Steve Jobs is long gone and we like to rely on our users and respond to the way you work rather than dictate how you should work.  So please, tell us what more we can do and our marketing team will make a pitch to the product teams on your behalf.  

Join us 11/13 for our New UI Upgrades & New Features webinar. Get exclusive access to the full design and functionality of the new admin user interface – register here: https://register.gotowebinar.com/register/6850325080298120461

We will be moving new outbound infrastructure into production. The new infrastructure will be used as the platform to provide ExchangeDefender NextGen services.Our outbound network is massively redundant and there will be no outages. If you are currently scoping to individual servers, please remember that we do not support that configuration and that you must use outbound(-jr, -xd, -corporate, -auth).exchangedefender.com as your smarthost.

Time:
Wednesday & Thursday
October 23-24, 2019
10PM – 2AM EST

Impact:
No impact on SLA or performance

Scope:
Outbound network Dallas
Outbound network Los AngelesServices affected:
outbound, outbound-jr, outbound-corporate, outbound-auth

Description of work:
Migration of mail queues to new infrastructure, announcing new servers from the outbound IP ranges.

We are thrilled to announce the launch of our new ExchangeDefender admin user interface, going live on Thursday, October 24th. Check it out:



Faster. New ExchangeDefender UI loads exponentially faster than the previous version and feels more like a desktop application than a constantly refreshing web page.

More intuitive. We’ve looked at how our clients actually use the product and we’ve made it much easier to get to the features that users utilize often. We’ve also placed the content front and center while placing all the controls on the same page, so ExchangeDefender will be a breeze to use even for someone that’s seeing it for the first time.

More mobile. No more apps, no more installations, no more add-in’s – we’ve built an application that works anywhere and exposes all the ExchangeDefender functionality on a single panel of glass.

Extensive. Our mission is to help our clients build an office that is secure first. To make that possible, the new UI is actually a framework that makes it easy for users to communicate and collaborate more securely. It also enables our partners to plug their apps into ExchangeDefender and deliver a more complete solution.  

No operational change. New ExchangeDefender UI behaves and functions the same way as the old one, making it easier for those that don’t like change to seamlessly continue working in the new UI. We didn’t move your cheese. But we’ve made it much smoother and faster to access so we’re sure you’ll love saving time while you enjoy enhanced security.

Initially the user experience will not change at all – we intend to “soft launch” the new user interface and allow anyone that wants to check out the new stuff in production to do so on demand. We did not want to surprise/shock any of our users with a brand-new look and interface, not to mention without an extended production testing schedule. After about a month (tentatively scheduled for Thanksgiving) the new interface will replace the old one as the default. On Thursday, October 24th you’ll be able to check it out in production:

We’ll have a lot more on the new UI shortly.

Stay tuned for all the details, videos, documentation and so on becoming available soon!

If you’ve attended our more recent webinars, you’re aware of our wider strategy to help businesses build a more secure office. In fact, this UI framework is already in production on the next generation products we launched recently. We would urge everyone to attend our webinar on Wednesday, November 13th where we’ll showcase even more details about our aggressive road-map and all the new features that immediately enable users to communicate and work more efficiently and more securely.

ExchangeDefender UI Upgrades & New Features
Wednesday, Nov 13, Noon

https://attendee.gotowebinar.com/register/6850325080298120461

ExchangeDefender Introduces Password Vault

It’s my pleasure to introduce you to the most significant expansion of ExchangeDefender Security services in years: ExchangeDefender Password Vault. We have designed a user-friendly product that delivers military grade encryption, provides a layered authentication model, and ties into your business process for sharing and auditing – completely free for all ExchangeDefender Pro clients.

As explained in an earlier post the task of securing a business or any other organization is getting more complex with a new variety of hack attempts as well as an increasing demand from regulatory compliance standards that touch virtually every business in the world. It is no wonder that overwhelmed workers typically use the same password, that they rarely change it, and that storage of those passwords is negligent for the sole reason that “it works” and doesn’t create additional complexity. Unfortunately, that convenience leads to security compromises.

At ExchangeDefender, our mission is to keep you secure, and we’ve taken every advantage we get with Wrkoo to bring you a password solution that not only keeps you secure but helps you work better, smarter, and more efficiently. And, yes, we’ve made it free. You can expect to pay $50/user/year for consumer level protection and well over $100/user/year for business level password management – and we’ve made it free for a very simple reason. If you get compromised and hacked because Excel/SharePoint/Word “works”, your odds of staying in business are virtually zero (and our revenues depend on you staying in business). So yes, we’re highly motivated to keep you secure.

Getting started with ExchangeDefender and Password Vault is super simple: Login to https://admin.exchangedefender.com as you usually do to manage your SPAM and click on Quick Launch > Password Vault.

From there you will be redirected to your organization’s Wrkoo portal. The first step will be to create a master password to protect the vault and encrypt the keys needed to unlock your passwords. Literally everything is encrypted, end-to-end, so you’ll want to pick something you can remember. Just don’t write it down on a post it.

The system will then walk you through setting up your first password. This is also exceptionally simple:
Set up your first password.

Wrkoo and ExchangeDefender already provide enterprise-grade one time password / multi factor authentication but if you really want to lock things down there is a second level of authentication that can be enabled – turning either your cell phone or email address into an additional authentication device.

Congratulations, it took five (5) clicks for you to take advantage of an enterprise password management solution with military grade encryption that nobody but you can get into. Here is what it looks like live:

This is the initial release and it allows you to create new passwords and perform usual maintenance and audit steps, but we’ve made certain to start implementing business intelligence immediately. You will know when the password was created, and when it was updated. The system will also let you know when the password should expire – so you can handle password resets and updates on important sites at your own schedule and pace – not when you really need to get into your checking account or loyalty card or reservation that forces you through the dreaded password reset process.

We’re busy at work with additional business features such as sharing, team lock boxes, audits, dark web searches, and tons of other functions. But what we have available right now – for free – is so important and so powerful that I am ending this blog post right now and begging you to go get enrolled and started with Password Vault right now. Let’s go to https://admin.exchangedefender.com

Our last webinar announced our strategy for expanding the level of protection we offer to our ExchangeDefender users that goes far beyond just email. Our three-pronged approach will now include software, services, and training. We are best known for our email security service “ExchangeDefender” but as the email threats escalate in frequency and evolve in complexity, it is time to add a software component.

Over the past decade we have been developing Wrkoo (codename: “Shockey Monkey”), a business management solution centered around helpdesk and service delivery. As that product has grown to better manage accountability and task tracking, it became a perfect solution for us to use to help our ExchangeDefender users be more secure. Specifically, ExchangeDefender knows about your preferences and security policies – Wrkoo has the capabilities to help your entire organization work better together to create a more secure environment. You will see this distinction and the advantage in action later this week when we announce the Password Vault.

Our implementation is very simple and straight-forward. Every ExchangeDefender Pro protected organization will get it’s own Wrkoo portal (ex: https://exchangedefendercom.wrkoo.com) absolutely free of charge. All the users in ExchangeDefender will automatically be added to the Wrkoo portal and same login credentials will work on both sites.

As we add business-level features that help improve user security, they will be available via https://admin.exchangedefender.com portal under the Shortcuts dropdown (same place you find your Web File Server, LiveArchive, ComplianceArchive, Encryption, etc) as well as via direct login to the Wrkoo portal. This will help our clients quickly navigate between their files, passwords, archives, and all other services.

ExchangeDefender admin portal has been designed from the standpoint of email security and corporate policy enforcement and it is very quick, efficient, and easy to use. Once you look at securing your business beyond just SPAM filtering, things get complex and importance shifts to communication, training, and overall awareness. These are the areas that Wrkoo shines at through its calendars, tasks, tickets/cases/issues, knowledge base, and the ability to help the entire organization communicate and be on the same page. It really is a perfect medium to help everyone in your business manage their information in a more secure and practical user -friendly way.

Our mission remains the same: to keep you safe online. As the threats evolve and management of compliance, reporting, audits, and training becomes more complicated – our solution is there to help you scale and address those issues without spending more money. ExchangeDefender and Wrkoo are here to make that possible.

We have listened to our partners and decided to redesign our invoicing system so it works better for our partners. One of the many benefits of having both Wrkoo and ExchangeDefender teams working together, (more details in our next webinar on September 10th, 2019) is that we can take great ideas from all sorts of businesses and adapt them to serve our IT partners better. Specifically, new ExchangeDefender invoices will be grouped by client:

This will give you a clear indication of how many services each client is subscribed to, what type, amount, etc. For deeper dives by your CPA, you can filter and group by service and client so you can get exactly what you’re looking for (by default everything is sorted alphabetically, by the client):


And for the full details, just tap the title:

We’ll shortly be adding the ability to move services around, adjust titles, and for even more functionality as well as branding options you will have the ability to customize literally everything in your own Wrkoo portal.

Wrkoo and ExchangeDefender teams have been rolling out new features, listening to our partners needs, and you’re going to start seeing a lot of new features that result from that one-of-a-kind collaborative effort.

The best news though – as this is just a taste of what is coming – you’ll have to tune into our webinar on September 10th at NOON EDT. Trust us, you’re going to love what we’ve got coming!