February 2018

ExchangeDefender
ExchangeDefender: Keep your email, and company data safe and secure.
ExchangeDefender PRO Multi-layered email security suite protects against SPAM, viruses, phishing attacks and more.

Corporate Encryption Send and receive encrypted messages by email, url, or sms.

Compliance Archive Assures full archiving of all inbound, outbound, and internal email for regulatory compliance.

Web File Server Unlimited document sharing and secure file storage.

Business Continuity Enables organizations access to email during unexpected service outages.

Password Vault Securely store, manage and share passwords with a centralized management system.
GET STARTED NOW

Enable secure communication of sensitive information.
Schedule a demo Get a quote See it live
Looking for ExchangeDefender for home/hobby/small team?
Solutions
Solutions: Solve IT problems with our email & cloud expertise.
Exchange Hosting Microsoft Exchange mailbox for secure business communication.

SMS Proxy Virtual number that forwards text messages to email, web, Slack & Teams.

Exchange Essentials Our Microsoft Exchange mailbox service for home and small offices.

Web Hosting Custom web site and web application hosting services.

Cloud Service Management Management & support of Amazon AWS & Microsoft Azure cloud services.

Wrkoo Service and support portal solution that helps manage business & clients.
5 reasons why MSPs use our support software Wrkoo In our fast-pace world full of technology, customers want you to deliver impeccable customer service online…
Can't find what you're looking for? Contact our customer service at (877) 546-0316
Partners
Partners: Make better profits, join our industry-leading partner program today!
Marketing Marketing collateral and sales documentation to help you close deals.

Support Need help? We offer an industry leading SLA with 24/7 support here.

Managed Services for Legal Services

Support Portal

Managed Healthcare

Webinar Library

ExchangeDefender Threat Protection

Contact us

More

More
Become a partner Add our email and cloud expertise to your portfolio and profit from it.
See why MSPs love working with us
Company
Company: Learn more about our company, get the latest news, or contact us.
About Us Learn more about ExchangeDefender and our 20+ year journey in email.

Contact Us All the ways you can get in touch with us.

Blog The latest news, releases, and service updates from our team.

Regulatory Compliance ExchangeDefender compliance audits and security collateral.

NOC Network Operations Center advisories and current network events.

3rd Party Support Technical support for our platform if you're not a client.
5 reasons why MSPs use our support software Wrkoo In our fast-pace world full of technology, customers want you to deliver impeccable customer service online…
Can't find what you're looking for? Contact our customer service at (877) 546-0316
Docs
Login
ExchangeDefender Admin

Compliance Archive

ExchangeDefender Support

Encryption

Web File Sharing

Live Archive
Premium Support
US: +1(877)546-0316 INT: +1(407)465-6800 UK: 0800 8620149 AU: +61 0390010641

February 28, 2018

ExchangeDefender

ExchangeDefender Address Book Lockdowns

Effective March 1st, ExchangeDefender will only allow delivery to email addresses that exist in our Service Manager or ExchangeDefender Admin Portal. This is a non-event for 99.999% of our clients (it’s only being mentioned because it’s a refresh of the AUP/TOS policy) and it is intended as a security precaution against threats we’re seeing in the wild and on our honeypot networks.

The Problem

ExchangeDefender as an SMTP proxy will scan and deliver any email targeted at a protected domain. Even though we sanitize each message and do not permit dangerous content through, if the email address does not exist on the clients server, the message will bounce to the sender. Now, imagine that sender doesn’t have an SPF/DMARC, and imagine that the address itself is spoofed – now send that message a few thousand times and an attacker can destroy a mailbox simply by overloading with non-delivery receipts and bounce messages.

Why this happened in the first place

Bad automation. It happens, and when it happens on a scale of ExchangeDefender, it creates an issue. So to minimize complaints, we just stopped actively enforcing address book validation. To those of you protecting servers on networks outside of ExchangeDefender’s control (think Google, Office 365, etc) the management and addition of new addresses will become automatic. Here is a peak at our new support portal. It should make a lot of you very happy.

Figure 1: Service Manager. Instead of having a ton of accounts in the listing, everything is now logically grouped by a Company. This way whenever you go to manage one client you only see the users belonging to that client and any addition or modification will pull pricing, configuration and meta data from that organization’s settings. This should virtually eliminate mistakes, billing issues and configuration problems.

Figure 2: Adding a new mailbox. The process is streamlined, clean and remarkably simple. The reality is that IT departments are no longer in charge of this anyhow, neither are our MSP partners. Businesses want the ability to control memberships, configurations, distribution lists, permissions and everything in between.

Figure 3: Mailbox permissions, settings, etc. There are several screens for this but needless to say we’re looking to expose a lot of the features that can be managed granularly in a way that businesses expect them to. Let’s face it, your average office manager dealing with the new hire isn’t about to fire up remote PowerShell; Strong passwords, additional features, granular control, public folder and distribution group membership templates, etc are all coming soon.

Other really cool stuff is coming very soon as well, we’re pretty excited with what we’re building and delivering… but the focus for us always remains on the security and safe communication – and everything that supports it goes hand in hand.

February 14, 2018

Hosted Services

ExchangeDefender Account Lockouts

We live in interesting times. With over 1.4 billion compromised accounts and users relying on the same password for every site, it’s nearly impossible to secure users that don’t want to set strong passwords. Nevertheless, that’s what you pay us for and we’re doing our best.

Until the new Service Manager is in and automatic service policies with full compliance are added in, we’ve been forced to institute lockouts on accounts that are being compromised or have suspicious activity. Unfortunately, when an attack on a mailbox is launched it doesn’t come from one IP address, it comes from hundreds, and blocking them is impossible.

But locking the account and making the client change the password to something that isn’t on the dark web.. that’s simpler. This is something that absolutely has to get done, if the account is used for spamming purposes it can blacklist that address, domain or worse.

If your account gets locked out due to a security compromise, you can now unlock them and restore service automatically.

Just go to the Service Manager, find the user, reset the password and you should be all set.

P.S. In the event that you aren’t regularly changing your clients passwords, or you have ridiculously simple ones, we need to talk. Part of the issue is that your clients, regardless of size location or industry, are just SPAM zombies waiting to happen if you don’t set long and complex passwords that aren’t used anywhere else. If you don’t want to do that, we need to talk about two factor authentication. ExchangeDefender network has never been compromised – but individual accounts get popped all the time and it’s generally with a password that is well known and available in a simple Google search.

GET STARTED NOW

Premium Support

February 2018

ExchangeDefender Address Book Lockdowns

ExchangeDefender Account Lockouts