ExchangeDefender has always tried to help our partners when it comes to billing management. Perhaps you’ve noticed that no matter when you sign up for the service during the month you are not charged. Not even a prorated amount.

The terms of service do require a 30 day notice, but we understand that sometimes our IT partners are too busy to remember to cancel stuff. As we’ve grown over the years, it’s become necessary to lock down our subscription management a few days before the billing cycle that runs on the 1st. Inevitably someone forgets or waits till the last moment and opens a ticket nearly at midnight making for an awkward pointing to terms of service. Worse, some partners make their staff wait till the last of the month to manage cancellations and adjustments, which stresses everyone out unnecessarily.

So we’ve got a solution. When you come to delete / cancel the service you will be given the option of selecting a cancellation date. This allows our partners to have the service scheduled for automatic deletion so you don’t have to worry or wait until the end of the month. Now that this bit is automated, our team will no longer accept cancellations of services unless they are made through the Service Manager

To check ExchangeDefender Service Health, simply visit

We wanted to offer one final update before we close the ExchangeDefender NOC covering our Exchange migration.

The past few days have been largely consumed with cleanup and misc configuration requests already covered here. By far the biggest issue has been reseeding and legacy copies of mailboxes exceeding 25GB – using nearly all internal, Microsoft/powershell, and third party tools there seems to be no predictable, foolproof, failsafe way to migrate a mailbox. The larger mailbox gets, the more difficult it seems to port (one particular user has been waiting on their mail for 2 weeks – they have a 70 GB mailbox – and it’s taken dozens of attempts of repair/recheck/export/move/seed/verify) and it has been the greatest source of frustration for us and for our clients, largely because the progress indicators are unreliable and process very prone to failure the larger the mailbox gets. This is why when we started offering 2016 years ago we set up the 50GB quota with 15GB realtime and 35GB in place archive setup so we can deliver on both service restoration and disaster recovery.

We are continuing to assist our partners in the following areas:

–       Outlook connectivity (if it keeps on prompting you for a password you need

–       Distribution Group (External) and External Forwards UI (we discovered a bug, the control panel will be back over the weekend and in meantime we’ll create it for you manually with a ticket request)

–       Cancelled services (as of yesterday 6/18 we have the ability to remove organizations from ExchangeDefender/O365, so if you client cancelled or went to another service even within O365, open a ticket and request that we delete the org. You can do so on your own as well if you’ve deleted all the mailboxes/forwards/groups.)

–       IoT/SMTP (while Exchange/O365 does support SMTP connectivity, managing it through our IoT connector is far more secure and reliable)
–       Implementation of Shared Mailboxes. Please, please, please, please DO NOT use Public Folders anymore, for any purpose. Create a Shared Mailbox instead.

At this point everyone can connect, mail delivery and legacy reseeding are in progress, all systems for Exchange, ExchangeDefender, and LiveArchive are working normally.

We’re looking forward to closing this ugly chapter. We have done everything in our power, and we couldn’t be more thankful for our partners who have helped us with the cleanup of the Microsoft disaster. Thank you. We are sorry that so many clients were inconvenienced with this, we planned and managed every step of this migration by the book with thousands of other successful migrations that happened from 2016 – Aug 2019, but when your vendor pulls the rug underneath you and damages hundreds of mailboxes unannounced… many of us will soon be enjoying the first day off in June. The only good news is, you will not have to go through this process again.

So far 2020 has been surprising on every level, and our legacy Exchange infrastructure was not going to be missing in action: As of May 31st, at 10 PM EST we have decommissioned our legacy Exchange and have moved everyone to the new Office365 SKU (Exchange2016/2019) to provide the best email experience Microsoft has to offer.

We do not anticipate any major issues. Months of engineering/testing/backups went into making this move as smooth as possible, and we really hope you like it.

If there is an issue, we can help:

We have increased staffing levels around the clock from May 31 – June 6th to help our clients and partners with any issues that may come up. If you run into any issues whatsoever, please keep in mind that there are two ways to get your mail even if Outlook is having issues:

Outlook Web App / Outlook Web Access

ExchangeDefender LiveArchive

Both of these systems will allow you to continue sending/receiving email while we we help figure out what isn’t working right. Here are the best ways to get in touch with us:

ExchangeDefender Support Portal

If you do not have an account in our support portal, please submit your issue here:

If neither works, call us*:

USA (877) 546-0316

World: +1 (407) 465-6800

Support portal is the best way to get things done, but if you call or go through the 3rd party help site, we will get your issue into our portal and will work on the issue until everything is sorted out. We thank you in advance for your patience and we look forward to having you on the newer, more reliable, email experience.

Sincerely, Vlad Mazek



Traditionally, ExchangeDefender has been an email security platform, first and foremost. In order to secure your email on its way to/from your email infrastructure, your MX records needed to point at us and all your mail was secured using our platform. In May of 2020, that changed.

As of June 2020, you can offer ExchangeDefender solutions without ExchangeDefender or mail going through to us at all. It’s no secret that all the add-on cool features in ExchangeDefender (LiveArchive, Web File Server, Encryption, Compliance) are in their 3rd or 4th generation, and those services are in huge demand on their own.

You will shortly be able to purchase most of our offerings directly without the complexity of joining our partner program and without needing to implement a bunch of other features if you only need a way to securely collaborate. Our web site, will remain a partner-centric experience and we are introducing a new site used to manage ordering and processing of subscriptions to our a la carte services.

Our partners will be able to continue provisioning and ordering ExchangeDefender services as is. As a partner you’ll also have a choice of placing orders through the new a la carte service as well (if you don’t want to be involved in management, support, etc for your users) just without discounts and incentives (since we’ll be doing all that work now).

We strongly believe that our partner ecosystem provides a lot of value to the organizations that consider IT security to be critical to their success. The reality is that many do not, and our partners tend not to sell services to clients they deem too small or too unprofitable for the overall offering: now we have the means and ways to help them through service bundles and individual service offerings specifically designed for the cloud.

If you’d like to be on a beta test, please let us know, the new platform will launch next week!

ExchangeDefender is making it simple to reach all users in your organization using broadcast messages. This service is convenient for business cases where you need to reach every user at the client site or every single user protected by ExchangeDefender. 

ExchangeDefender Broadcast Messages are easy, simple, automated, and free.

Simple – Sending a broadcast message is simple. Go to, login as a Service Provider and click on Broadcast Messages. 

Automatic – Broadcast Messages are always up to date and require no management or maintenance, for compliance purposes you can be certain every address on the domain will get the message.

Flexible – Messages support full HTML and our user friendly editor can help you design beautiful messages.

Branded – To save time, each message will automatically get the logo and contact information from the Service Provider contact information data.

How-to Guide

To send a message simply go to, login as the service provider , and click on Broadcast Messages

You will be prompted to choose an audience: specific domains (allowing you to pick from the list) or everyone. Type your message and hit Preview. You will see your message here, and it looks exactly the same as your recipients will see it in their Inbox. There are two checkboxes on the bottom to insert your logo and insert a default signature. If you are happy with the look of it click on Submit and messages will be sent within 60 seconds. 

ExchangeDefender introduces bypass email addresses

Every now and then you will need to receive an email from someone that is on a compromised/spam network, or you’ll have to get an attachment that is blocked by corporate policy, or a domain with misconfigured SPF/DKIM domain – we see it every day and it’s incredibly frustrating for the users. On one hand, you have to adhere to the company IT policy but you also have to get the work done and many resort to using free mail systems that shouldn’t be allowed on corporate networks under any circumstance.

Or maybe you’re just signing up for something online and don’t want to deal with the SPAM that will probably come with it. 

A Disposable Email Address

ExchangeDefender is pleased to announce disposable email addresses. They are free, simple to setup, mask your real email address, and they bypass all security policies.


You can setup as many disposable addresses as you wish, they can be created and deleted at any time.


Just go to, login and click on Bypass Addresses


Bypass Addresses mask your entire address and domain (unlike less secure systems that just append + or . to the real address, that is easy to strip and spam) 


Mail sent to bypass addresses isn’t checked for SPF, DKIM, spam content, infections, GeoIP, or other typical security restrictions.


Each email subject is modified to start with [WARNING! | BYPASS.XD External Message] so you don’t inadvertently open an email you were not expecting.

How to get started

Bypass Addresses are available to all ExchangeDefender Pro clients at

Simply login with your credentials for ExchangeDefender Admin portal, select “Bypass Addresses” under My Account, and click on the ” + Add New” button.

That’s it. The system will generate a random disposable email address and any mail delivered to it will automatically be passed on to the real address you select. It takes less than a minute for it to go live! 

Once you’re gotten the email you’re expecting, you can return to the admin portal and delete the address. If you’ve created an email address for an e-commerce site or something that will likely generate a lot of SPAM, you can deactivate the email address and mail sent to it will not be delivered to your inbox. If at some point in the future you need to get email at that address again (forgotten password, two factor authentication, etc) your address is permanently attached to your account and can be reactivated in less than one minute.

Dear ExchangeDefender Clients, 

As you’ve come to expect from us over more than two decades, we’re open and ready to serve you 24/7. If there is anything we can do for you, please let us know at or just call us at 877-546-0316.

Our Orlando Headquarters has been closed to public since Thursday, March 19th. There is a county-wide curfew in effect starting tonight so we will not be accommodating visitors until further notice. Our data centers will also have restrictions on remote visits.

If you need any troubleshooting or maintenance related to your equipment, we will do our best to assist you, but physical access to assets will not be allowed until further notice.

While we regret that this inconveniences everyone involved, we want to assure you that we’ve got your back during this uncertain time. As Floridians we are accustomed to working remotely and we look forward to being as helpful as we possibly can be.

Please be safe and stay healthy, to keep current on our updates, please follow us on:


In other news, we have an upcoming webinar “ExchangeDefender Solutions Redefined” approaching on Tuesday, March 31st at 12:00 PM. Please join us to learn more about the new changes and expansions in our service portfolio. Register, click here.

ExchangeDefender to update White-listing Protocols

We’re making massive changes to ExchangeDefender whitelisting policies that will make it easier (and safer) to allow trusted senders to bypass our SPAM filtering processes.

For 90% of you, this will just make whitelisting smoother and you don’t need to worry about the details.

For our system administrators and users who have grown infuriated with BATS (disposable email addresses) whitelisting, you’ll be thrilled to hear that we’ve launched a new white-listing service a few weeks ago that has been performing well enough in beta tests and will go into full production this week. The main issue we solved with the new technology is the management of bulk senders, but performance improvements alone and new features will be worth a look and full demonstration will be made during our next webinar.

The biggest problem with whitelisting, and an opening of an attack vector, is the prevalent use of BATS addresses. BAT, basic attention token, has become a standard tracking email address technology used by mass mail (bulk) senders. For example, the email address that the message was sent from appears to be: Vlad Mazek

However, that is often not the actual address – it’s just the pretty, friendly, display address that Outlook shows you. If you open the message, the message is usually from something like

New ExchangeDefender whitelisting service will step in and ask the sender to instead whitelist the domain itself, in this case or even wider. This setting will be on by default.

We will also be introducing gateway whitelisting for our enterprise and Pro clients, which will allow you to whitelist common bulk mail organizations entirely. While we do not recommend it, we understand that for some organizations it’s easier to just whitelist all mail sent by Sendgrid, AmazonSES, Constant Contact, etc than to constantly evaluate which ones to permit on a case by case basis. This setting will be off by default.

Another often requested feature, that is tied to the launch of the new Whitelisting code, is the ability to provide one-click access to report and manage white-list entries. Every user that enables this feature is doing so to better control their blacklists, and this setting will be off by default. When turned on, all received messages will have a footer in the message allowing the user to launch a complaint when something that looks like SPAM has been allowed through. The footer will only be visible on inbound messages and all tracking code will be deleted in replies, forwards, or messages sent from ExchangeDefender to the Internet.

We are rolling in a few more features that will be announced during our next webinar in March. If there is something you’d really love to see, please let us know, all these features are based on user requests so keep them coming!

Email is the most common security threat for all organizations, with 88% of companies suffering a data breach due to lack of proper email security protocols.

Email-based attacks affect the entire organization, not just the single user who clicked on the malicious link, or downloaded the virus-infected attachment. It takes just one harmful email to get past your defenses to cause critical damage throughout your organization. 

What does Advanced Email Security mean for us?

ExchangeDefender Advanced Email Security provides the most secure email suite that protects against SPAM, viruses, malware, and phishing attacks. Compatible with all major email service providers – including Office 365, on-premise Exchange, and G-Suite for Business.

Our solution: ExchangeDefender Advanced Threat Protection

The Advanced Threat Protection helps defend users against threats hidden in emails, attachments, and links. It goes beyond the average business email protection; we even dare to say its stronger than Microsoft’s Advanced Threat Protection. See how we compare with their ATP, hint: we offer more security features than ever.

Our Top ATP Features:

Malicious Attachment Blocking

Protects against unknown malware and viruses, and provides zero-day protection to safeguard your messaging system.

Safe Links

Proactively protects your users from malicious URLs in an email message.

Anti-Phishing Policies

Checks incoming messages for indicators that a message might be a phishing attempt.

Real-time Reporting:

Real-time reporting that enable your security and compliance administrators to focus on high-priority issues, such as security attacks or increased suspicious activity.

Whitelist / Blacklist Policies

Email access control mechanism that allows email senders through, except for senders who have been denied access.

DMARC Domain Fraud Prevention

Protects your brand and the people who trust it from suspicious and infringing domains.

Click here to see full features

The powerful email security suite offers a multi-level protection against email-borne attacks, and also includes advanced threat protection features like Malicious Attachment Blocking, Anti-Phishing Policies, and Domain Fraud Prevention. 

Learn more: Advanced Threat Protection

What is Phishing?

In recent years, spear phishing attacks have been on the rise, and have costed American businesses millions of dollars per year in time and resources.

Phishing is a fraudulent attempt via email to obtain sensitive information like username, passwords and credit card details. This type of attack is tricky because the phishing email appears to be from a trustworthy entity like Netflix, or Apple for example.

Furthermore, the phishing email typically has a call to action, and directs the user to a website via a link within the email. This website then asks the user to update personal information – and boom, your information now is in the hands of hackers.  

According to a recent study by Verizon (2019), over 80% of security compromises start with a spear phishing email. ExchangeDefender can help you eliminate spear phishing threats or just provide notifications to your users when they get tricked into clicking on a link leading somewhere dangerous.

The solution: ExchangeDefender Spear Phishing Protection

ExchangeDefender provides the most sophisticated and most comprehensive real-time protection from email phishing threats through ExchangeDefender Phishing Firewall, External Sender flagging, real-time databases of safe and dangerous sites, and flexible phishing content handling policies.

The Basics:

1. ExchangeDefender’s phishing protection works on every device that is wifi-enabled with the ability to receive email.

2. There is no download or installation required for the security feature.

3. Our email spear phishing protection enables you to whitelist and blacklist email addresses and domains.

Spear Phishing Protection Highlights:

Phishing Firewall

ExchangeDefender rewrites the URL of links in HTML emails and redirects you through our cloud filtering service that can alert or block threats you may inadvertently click on. (Learn More)

Flag External Emails

ExchangeDefender modifies the subject of messages received from outside of your organization, so nobody can ever mistake a message from external source or a coworker. ([EXTERNAL])

Blacklist / Whitelist

ExchangeDefender Phishing Firewall allows organizations, domains, groups, and users to maintain a list of safe and dangerous web sites, to which traffic should be allowed to pass or be blocked.

To learn more about ExchangeDefender’s Email Phishing protection and how it works, click here.

You can also explore our advanced email security suite that includes phishing protection, and so much more!