March 2023

Dude, where’s my SPAM?

ExchangeDefender protects you from dangerous email by blocking their delivery directly into your Inbox. Sometimes the way your IT admin has configured ExchangeDefender (security policies, admin policies, business restrictions) can become more aggressive and quarantine legitimate email messages. Other times the email sent by a legitimate sender is so misconfigured (broken DNS, email structure, RBLs, etc).

ExchangeDefender makes it easy to secure your Inbox and easy to get to messages that it’s been told to block.

If you’re expecting an important email and it hasn’t arrived read on for how to access it.

ExchangeDefender Quarantine

ExchangeDefender Quarantine is a web app accessible from any modern web browser, desktop and mobile. Not only will it show you everything we’ve kept from your Inbox, you’ll also be able to read/reply/forward/print the messages immediately and make sure they never end up in the SPAM.

First, open a browser and go to

Click on Quarantine and we’ll show you all the messages that are currently waiting. Note that the from address is the real/machine email address, not a fake/forged one you see in Outlook. This will make it easy to tell who is just spoofing and who is legitimate.

If you click on the subject, your message will open and you will able to act on it just like you do from any other email client right there in the same browser window.

If you click on the icon to the right of that (user with a checkmark) the system will create an Allow policy to let messages from this sender skip SPAM checks next time and arrive directly in your Inbox.

Option 2: ExchangeDefender Inbox

Sometimes the message isn’t in the Quarantine and it isn’t in your inbox. So where did it go?

99.9% of the time, the message has been miscategorized by your email infrastructure. This happens often when [relay permissions aren’t configured correctly] or the email itself triggers some other internal security process (desktop AV, firewall, etc) that blocks you from accessing it.

Solution: The best hack to employ here is to rely on the ExchangeDefender Inbox. We cache all the messages going to your server and if you click on Inbox you’ll be able to see messages we sent to your mailbox.

To sum it up

The easiest way to access all the messages ExchangeDefender is keeping from your mailbox is to go to and click on Quarantine. For messages that don’t get delivered after they’ve been processed by ExchangeDefender stay on and click on Inbox.

For more information about ExchangeDefender web app

Still can’t find the message? Tune in next week to see how your [domain admin] or [service provider] can help.

Laptop with hands

ExchangeDefender has been holding Service Provider (MSP/VAR) Focus Group meetings this week and we’re beyond excited to hear what we can build to make your and your clients lives easier with ExchangeDefender.

One of the most common pieces of feedback from the *Service Provider crowd so far has to do with log access and particularly low-level log access that can give further insight into problems and message routing.

Allow us to introduce you to Raw SMTP Mail Logs which will give our partners direct access to the low-level SMTP transaction and error logs. It’s located in the same location where you currently have service provider logs at

In addition to the live search which will give you an interactive access to our logs, you can see the button to Download raw logs.

Set your search criteria (at the very least a domain name and the direction of the search: inbound/outbound) and click on the button.

Logs will get pulled from all our services and will be available for download within 24 hours. Don’t let the boilerplate distract you, almost all of our clients will get their logs within the hour.

From there you can load the logs into your favorite analytics tool and dig for the errors and problems in the mail flow.

P.S. If you’re interested in contributing to our Service Provider Focus Groups please let us know!

Q: What is the difference between “Download raw logs” and “Download .csv”?

A: .csv export will save the current search results in a .csv file that can be used with Excel and other spreadsheet products. Search logs include to/from/subject/date/score/status only and are great for centralized analysis of messages that ExchangeDefender processed. By comparison, raw logs include SMTP protocol-level transactions/errors/notices that can help diagnose delivery and routing errors. So – .csv for Excel view for business analytics, raw log SMTP transactions for technical troubleshooting.

As mentioned previously our new ExchangeDefender Phishing Firewall went live in production at noon EST today (March 3rd, 2023) and is already rewriting URLs unique to service provider that manages the domain.

A little bit about the technology

URL / link rewriting is an industry standard used by biggest email providers to rewrite potentially dangerous URLs. When the user clicks on the link they are redirected to a Phishing Firewall site instead of the direct web site address that was in the email. The phishing firewall looks at all the domain policies, allow/block lists, exceptions, and determines if the user should be allowed to proceed to the web site.

When the messages arrive into your organization, instead of the URL is rewritten to something like These masked URLs are only visible to our clients, when they reply to an email the outbound network reverses the process. Outbound network replaces the original URL.

This technology eliminates the possibility that a random hacker can deliver a payload that is one click away from the user. Additionally, it gives the user the ability to check the site reputation, check for viruses, and clearly see the URL they are going (instead of a squashed little tooltip with a 200+ character URL). Essentially, we study how people get hacked with phishing and try to eliminate those issues.

All the sites and services are fully encrypted and partners/clients do not need to worry about certificate renewals, site mappings, etc – everything is automatic and done for you. Set it and forget it just keep an eye on the logs.

Going Forward

As of March 3rd, 2023 all the URLs will be rewritten using service providers id. Main benefit of this upgrade is that it reduces the scope and likelihood that the URL gets inadvertently reported or picked up by another security service that may deem to be a masking site for dangerous content.

Additionally, you can configure your firewall to only accept unapproved URLs after a hop through <yourspid> It also gives you full visibility into everything that happens with the URL, who clicks on it, where they go, etc which is something we do for our clients to address cybersecurity compromise and trace back how it happened (very lucrative service for partners that may be interested in deploying that level of protection.