Friendly Names, Finally.
You’ve only been waiting 20 years for this feature and we’re happy to finally deliver it: ExchangeDefender will now show friendly display names and email addresses, giving you a better idea of who the email sender is.
This is a slightly technical pragraph that we encourage you to skip. Every email you receive has two From: addresses. One is a “friendly from” or “header from” address that prints the name of the sender as the user configured it inside their mail software such as Outlook or Gmail. The other is an “envelope from” or “mail from / return path from” address that is used for mailer/postmaster reasons to bounce and process messages. As an email security solution, ExchangeDefender only looks at and reports envelope addressing as the friendly from can easily be spoofed and faked and generally has no impact on the underlying SPAM filtering technology, message routing, SPF/DKIM, and a myriad of other technical reasons. Two decades ago, when ExchangeDefender was first and foremost meant to be a front line defense on the edge/perimeter before allowing traffic to get to the firewall, envelope from was what I went with.
What made sense two decades ago, which is centuries in IT terms, doesn’t make sense in 2018. Today ExchangeDefender is no longer primarily an edge security service, it is prime real estate in which end users and business employees spend a considerable amount of their time managing their mail, sending documents, sending encrypted attachments, assuring compliance, collaborating, and as such the design and the content needs to show something relevant to the user (not the IT administrator power user that is likely managing things through our powerful Domain Administrator section).
Oh, and by the way, it’s also going to show up like this in our updated SPAM Reports starting in October for our ExchangeDefender Pro subscribers:
P.S. Please tune into our new feature webinar on Wednesday, October 17th, 2018 at noon EST. Lot’s of new features are coming in ExchangeDefender as we transform the product to better serve the compliance and security needs of our clients. Register Now!
ExchangeDefender Encryption Enrollment Account Reset
Encryption is hot – with daily news of hackers breaking in or compromising one system after another, taking that extra step to make sure your information is safe and secure has never been on the minds of business owners more. We may sound like a broken record when it comes to encryption but it is one of our more popular products and today we’re happy to announce another quick feature that is coming.
October 1st: You can now reset your recipients accounts (PIN+Password) in Corporate Encryption.
ExchangeDefender Corporate Encryption has an alternate [ENCRYPT] flag that can allow the users to encrypt messages on demand and require the recipient to enroll in the ExchangeDefender Corporate Encryption in order to access the message. Enrollment process is quick and simple and requires the recipient to provide their name and phone number along with a selection of a password and a 4 digit PIN. This additional security step is put in place to eliminate man in the middle attacks where a hacker may have compromised the firewall, disgruntled employee is trying to spy on inbound mail, or a variety of other threatening issues. It is the ultimate layer of protection because PIN is only known to the user.
If you support ExchangeDefender Corporate Encryption, you’re going to like this feature a lot because you’ve likely had to deal with the inevitable case of a recipient forgetting both their password and their PIN. Since we have no way to verify the users identity, we’ve always processed reset requests manually. Now, this process is automated.
Just go to admin.exchangedefender.com and login as the domain administrator. If you subscribe to Corporate Encryption you will see it under the Configuration menu. Simply type in the recipients email address and their account at ExchangeDefender will be reset allowing them to enroll again.
As a security precaution, they will not be able to see emails sent to them prior to the enrollment period – only new messages after they have created their account. On the backend, there are additional checks in order to make sure that this is actually a user that receives email from your domain, etc, etc so we don’t open the door to a malicious ExchangeDefender client attempting to reset accounts of unknown contacts. Obviously there is far more going on in the background that we cannot disclose in a blog post but if you’re interested in the technology, we have patents pending on several of these and would be happy to discuss privately.
There you have it, October 1st. Another cool feature that will save a lot of time for our users while keeping everyone just a little bit safer. We’re adding more features all over the place so please stay tuned to our blog and our Facebook page.
ExchangeDefender Encryption (Corporate Encryption) has been one of our hottest products for years, the demand for it is fueled by daily news of exploits, hacking, data theft and so on. Just last night, one of the largest retailers in the world was exploited and for over a month hackers stole credit cards and client information. This sort of daily reporting is creating an unprecedented demand for encryption products, with Let’s Encrypt becoming the largest SSL certificate issuer on the planet.
One thing remains, if the data you are sending or receiving is sensitive to you it’s your responsibility and best interest to assure it is protected.
When it comes to email encryption things get a bit more confusing, complicated, fragmented and unclear. One thing remains, if the data you are sending or receiving is sensitive to you it’s your responsibility and best interest to assure it is protected. Whether you’re the sender or the recipient. Unfortunately, email alone isn’t secure enough by design and <big deal>it is the most exploited and hacked medium available.</bigdeal> . Why hack a bank when I can hack your mailbox and get all your accounts, credentials, reset mechanisms, notes, private information and more?
This is where ExchangeDefender, and ExchangeDefender Encryption, become such a big deal and such a valuable <i>service</i> for your business. You can exchange emails back and forth securely, without installing any software, without requiring the recipient to install any software. Your still use your same email program, desktop, mobile phone, tablet – but your information goes from point to point in an encrypted and protected process. Not just that but you get things you typically can’t get from IT – knowing when the message was was received, when it was read, how many times it’s been read, and you get a reply in the same secure way.
It’s clear to see how easy and essential selling ExchangeDefender Encryption is: but you can’t show up empty handed. We have marketing collateral available for our partners – Click on the PDF to download.
SPAM Email Reports
ExchangeDefender SPAM Email Reports remain one of our most popular features and after nearly 6 years since the last major revision we’re looking to improve both the value and the functionality. For many of our end users, ExchangeDefender is the sole provider of cyber security training and information – so the responsibility of better educating our clients on the threats they are likely to face via email and web is crucial.
Then there is the look and feel of it. White collar workforce has largely gone away from dual monitor configurations to smaller portable devices on which users don’t spend the whole day in Outlook – so our email reports that were designed for the Microsoft desktop era needed a little face lift.
New ExchangeDefender SPAM Email Reports are launching on October 1st 2018 and we’ve made several significant changes to the look and feel based on user feedback.
– New reports feature “friendly” From addresses, instead of the actual From: line we’ve always used.
– Contrast has been improved as well as spacing, so finding information in the email is much simpler.
– Font size, padding, colors, etc has been modernized as well, allowing the report to look amazing on both small phone screens and large wide-screen computer displays.
On the backend, our reports and email release requests are starting to embed our support at the point of release, making sure our end users get exactly what they are expecting right away. If the message isn’t displaying correctly, or if it cannot be located, or if the message is continuously ending up in the SPAM quarantine even though the user believes they whitelisted it (99.999999999% they whitelist the disposable from tracking email which changes every time a message is sent, instead of whitelisting the domain) – our support will be there to assist them immediately without picking up a phone, without opening up a support ticket, without escalating it to the office manager or creating additional work. On demand service #ftw.
Our mission to help protect our clients from dangerous and malicious content also has to account for threats before they become problems – which is why we’re investing in training and info collateral aimed at the users so they are aware of new ways hackers are trying to exploit them. This info will be featured prominently in the service and we will cover it in detail as we ramp up production but for the time being we understand our end users have limited time and limited interest in what is going on in the world of cyber crime – so we will limit our content to 140 characters and feature relevant stuff only, nothing commercial.
If you have any suggestions or ideas for our Email SPAM Reports, please do not hesitate to let us know.
ExchangeDefender Corporate Encryption
ExchangeDefender Corporate Encryption now allows you to send encrypted attachments and share files securely from any device, even many of you that aren’t on Microsoft Outlook/Exchange. It was one of the more popular parts of the webinar we held yesterday (hope you had a chance to attend it, you can watch it anytime in our secure portal at https://support.ownwebnow.com)
ExchangeDefender Corporate Encryption was designed to eliminate the pain point of traditional key-based email encryption: too much software, too much management, exchange of public keys, software deployment, and more. It also eliminates the complaints about cloud based solutions that are often clunky, unfriendly, not to mention expensive. ExchangeDefender Corporate Encryption is none of those: it is friendly, affordable, requires no additional software or hardware.
And as of this week, it allows the sender and the recipient to exchange attachments so that the content is encrypted in both directions. Furthermore, because it is cloud based, you can resume work when you get back to your desk. The upgrades to the UI allow you to quickly see new messages, respond to them, or forward them elsewhere. It is truly turning into a highly secure, policy-based, email solution for businesses that require compliance and content security.
We’ve also made the UI more friendly by putting actions on top of the page so that it resembles popular webmail products end users have gotten used to for over a decade. Attachments are a lot more prominent and go both ways: not only can you send them, but when the recipient logs into our portal to reply they can attach anything they want to in response as well – assuring that content is protected and encrypted at all times.
ExchangeDefender mail flow and email analysis troubleshooting is at times a long and difficult process that has been automated through our admin portal at https://admin.exchangedefender.com. We realize that it’s not an option for some of our end users and new MSPs so we often get tickets in our support portal asking us why a certain message got delayed, rejected, classified as SPAM or allowed to get through if it had SPAM content, etc.
In order to troubleshoot an issue with a specific message we always ask for SMTP headers. The following blog post will help you find them in Outlook Web App, Outlook 2013 and Outlook 2016.
Outlook Web App
You will see Message details screen. Copy and paste it in the ticket and we can help you with the rest.
Outlook 2013 / Outlook 2016
From the message listing double click on the message so it pops up in it’s own Outlook window.
Then click on File and you will be shown the message file options:
Click on Properties and you will see the SMTP headers. Copy and paste it in the ticket and we can help you with the rest.
Important: Please copy and paste the contents of the screen into our support ticket instead of taking a screenshot. Sometimes the SMTP headers contain characters that are very similar (qf9mfIlI1IlI) and it can take a lot longer to locate the message rather than having a specific text search.
What happens next is that our team is able to locate the specific message in our database and then with that data do further analysis using the node that processed the message and look at all the logs generated by hundreds of different services that are analyzing every message for dangerous content.