ExchangeDefender Phishing Firewall is Live!
As mentioned previously our new ExchangeDefender Phishing Firewall went live in production at noon EST today (March 3rd, 2023) and is already rewriting URLs unique to service provider that manages the domain.
A little bit about the technology
URL / link rewriting is an industry standard used by biggest email providers to rewrite potentially dangerous URLs. When the user clicks on the link they are redirected to a Phishing Firewall site instead of the direct web site address that was in the email. The phishing firewall looks at all the domain policies, allow/block lists, exceptions, and determines if the user should be allowed to proceed to the web site.
When the messages arrive into your organization, instead of https://www.yahoo.com the URL is rewritten to something like https://exchangedefender.xdref.com/url=hash. These masked URLs are only visible to our clients, when they reply to an email the outbound network reverses the process. Outbound network replaces https://exchangedefender.xdref.com/url=hashwith the original URL.
This technology eliminates the possibility that a random hacker can deliver a payload that is one click away from the user. Additionally, it gives the user the ability to check the site reputation, check for viruses, and clearly see the URL they are going (instead of a squashed little tooltip with a 200+ character URL). Essentially, we study how people get hacked with phishing and try to eliminate those issues.
All the sites and services are fully encrypted and partners/clients do not need to worry about certificate renewals, site mappings, etc – everything is automatic and done for you. Set it and forget it just keep an eye on the logs.
Going Forward
As of March 3rd, 2023 all the URLs will be rewritten using service providers id. Main benefit of this upgrade is that it reduces the scope and likelihood that the URL gets inadvertently reported or picked up by another security service that may deem xdref.com to be a masking site for dangerous content.
Additionally, you can configure your firewall to only accept unapproved URLs after a hop through <yourspid>.xdref.com. It also gives you full visibility into everything that happens with the URL, who clicks on it, where they go, etc which is something we do for our clients to address cybersecurity compromise and trace back how it happened (very lucrative service for partners that may be interested in deploying that level of protection.