We wanted to offer one final update before we close the ExchangeDefender NOC covering our Exchange migration.
The past few days have been largely consumed with cleanup and misc configuration requests already covered here. By far the biggest issue has been reseeding and legacy copies of mailboxes exceeding 25GB – using nearly all internal, Microsoft/powershell, and third party tools there seems to be no predictable, foolproof, failsafe way to migrate a mailbox. The larger mailbox gets, the more difficult it seems to port (one particular user has been waiting on their mail for 2 weeks – they have a 70 GB mailbox – and it’s taken dozens of attempts of repair/recheck/export/move/seed/verify) and it has been the greatest source of frustration for us and for our clients, largely because the progress indicators are unreliable and process very prone to failure the larger the mailbox gets. This is why when we started offering 2016 years ago we set up the 50GB quota with 15GB realtime and 35GB in place archive setup so we can deliver on both service restoration and disaster recovery.
We are continuing to assist our partners in the following areas:
– Outlook connectivity (if it keeps on prompting you for a password you need autodiscoverregistryhacks.zip)
– Distribution Group (External) and External Forwards UI (we discovered a bug, the control panel will be back over the weekend and in meantime we’ll create it for you manually with a ticket request)
– Cancelled services (as of yesterday 6/18 we have the ability to remove organizations from ExchangeDefender/O365, so if you client cancelled or went to another service even within O365, open a ticket and request that we delete the org. You can do so on your own as well if you’ve deleted all the mailboxes/forwards/groups.)
– IoT/SMTP (while Exchange/O365 does support SMTP connectivity, managing it through our IoT connector is far more secure and reliable)
– Implementation of Shared Mailboxes. Please, please, please, please DO NOT use Public Folders anymore, for any purpose. Create a Shared Mailbox instead.
At this point everyone can connect, mail delivery and legacy reseeding are in progress, all systems for Exchange, ExchangeDefender, and LiveArchive are working normally.
We’re looking forward to closing this ugly chapter. We have done everything in our power, and we couldn’t be more thankful for our partners who have helped us with the cleanup of the Microsoft disaster. Thank you. We are sorry that so many clients were inconvenienced with this, we planned and managed every step of this migration by the book with thousands of other successful migrations that happened from 2016 – Aug 2019, but when your vendor pulls the rug underneath you and damages hundreds of mailboxes unannounced… many of us will soon be enjoying the first day off in June. The only good news is, you will not have to go through this process again.
So far 2020 has been surprising on every level, and our legacy Exchange infrastructure was not going to be missing in action: As of May 31st, at 10 PM EST we have decommissioned our legacy Exchange and have moved everyone to the new Office365 SKU (Exchange2016/2019) to provide the best email experience Microsoft has to offer.
We do not anticipate any major issues. Months of engineering/testing/backups went into making this move as smooth as possible, and we really hope you like it.
If there is an issue, we can help:
We have increased staffing levels around the clock from May 31 – June 6th to help our clients and partners with any issues that may come up. If you run into any issues whatsoever, please keep in mind that there are two ways to get your mail even if Outlook is having issues:
Outlook Web App / Outlook Web Access
Both of these systems will allow you to continue sending/receiving email while we we help figure out what isn’t working right. Here are the best ways to get in touch with us:
ExchangeDefender Support Portal
If you do not have an account in our support portal, please submit your issue here:
If neither works, call us*:
USA (877) 546-0316
World: +1 (407) 465-6800
Support portal is the best way to get things done, but if you call or go through the 3rd party help site, we will get your issue into our portal and will work on the issue until everything is sorted out. We thank you in advance for your patience and we look forward to having you on the newer, more reliable, email experience.
Sincerely, Vlad Mazek
Traditionally, ExchangeDefender has been an email security platform, first and foremost. In order to secure your email on its way to/from your email infrastructure, your MX records needed to point at us and all your mail was secured using our platform. In May of 2020, that changed.
As of June 2020, you can offer ExchangeDefender solutions without ExchangeDefender or mail going through to us at all. It’s no secret that all the add-on cool features in ExchangeDefender (LiveArchive, Web File Server, Encryption, Compliance) are in their 3rd or 4th generation, and those services are in huge demand on their own.
You will shortly be able to purchase most of our offerings directly without the complexity of joining our partner program and without needing to implement a bunch of other features if you only need a way to securely collaborate. Our web site, ExchangeDefender.com will remain a partner-centric experience and we are introducing a new site used to manage ordering and processing of subscriptions to our a la carte services.
Our partners will be able to continue provisioning and ordering ExchangeDefender services as is. As a partner you’ll also have a choice of placing orders through the new a la carte service as well (if you don’t want to be involved in management, support, etc for your users) just without discounts and incentives (since we’ll be doing all that work now).
We strongly believe that our partner ecosystem provides a lot of value to the organizations that consider IT security to be critical to their success. The reality is that many do not, and our partners tend not to sell services to clients they deem too small or too unprofitable for the overall offering: now we have the means and ways to help them through service bundles and individual service offerings specifically designed for the cloud.
If you’d like to be on a beta test, please let us know, the new platform will launch next week!
ExchangeDefender is making it simple to reach all users in your organization using broadcast messages. This service is convenient for business cases where you need to reach every user at the client site or every single user protected by ExchangeDefender.
ExchangeDefender Broadcast Messages are easy, simple, automated, and free.
Simple – Sending a broadcast message is simple. Go to admin.exchangedefender.com, login as a Service Provider and click on Broadcast Messages.
Automatic – Broadcast Messages are always up to date and require no management or maintenance, for compliance purposes you can be certain every address on the domain will get the message.
Flexible – Messages support full HTML and our user friendly editor can help you design beautiful messages.
Branded – To save time, each message will automatically get the logo and contact information from the Service Provider contact information data.
To send a message simply go to https://admin.exchangedefender.com, login as the service provider , and click on Broadcast Messages.
You will be prompted to choose an audience: specific domains (allowing you to pick from the list) or everyone. Type your message and hit Preview. You will see your message here, and it looks exactly the same as your recipients will see it in their Inbox. There are two checkboxes on the bottom to insert your logo and insert a default signature. If you are happy with the look of it click on Submit and messages will be sent within 60 seconds.
Every now and then you will need to receive an email from someone that is on a compromised/spam network, or you’ll have to get an attachment that is blocked by corporate policy, or a domain with misconfigured SPF/DKIM domain – we see it every day and it’s incredibly frustrating for the users. On one hand, you have to adhere to the company IT policy but you also have to get the work done and many resort to using free mail systems that shouldn’t be allowed on corporate networks under any circumstance.
Or maybe you’re just signing up for something online and don’t want to deal with the SPAM that will probably come with it.
A Disposable Email Address
ExchangeDefender is pleased to announce disposable email addresses. They are free, simple to setup, mask your real email address, and they bypass all security policies.
You can setup as many disposable addresses as you wish, they can be created and deleted at any time.
Just go to https://admin.exchangedefender.com, login and click on Bypass Addresses
Bypass Addresses mask your entire address and domain (unlike less secure systems that just append + or . to the real address, that is easy to strip and spam)
Mail sent to bypass addresses isn’t checked for SPF, DKIM, spam content, infections, GeoIP, or other typical security restrictions.
Each email subject is modified to start with [WARNING! | BYPASS.XD External Message] so you don’t inadvertently open an email you were not expecting.
How to get started
Bypass Addresses are available to all ExchangeDefender Pro clients at https://admin.exchangedefender.com.
Simply login with your credentials for ExchangeDefender Admin portal, select “Bypass Addresses” under My Account, and click on the ” + Add New” button.
That’s it. The system will generate a random disposable email address and any mail delivered to it will automatically be passed on to the real address you select. It takes less than a minute for it to go live!
Once you’re gotten the email you’re expecting, you can return to the admin portal and delete the address. If you’ve created an email address for an e-commerce site or something that will likely generate a lot of SPAM, you can deactivate the email address and mail sent to it will not be delivered to your inbox. If at some point in the future you need to get email at that address again (forgotten password, two factor authentication, etc) your address is permanently attached to your account and can be reactivated in less than one minute.
Dear ExchangeDefender Clients,
As you’ve come to expect from us over more than two decades, we’re open and ready to serve you 24/7. If there is anything we can do for you, please let us know at https://support.ownwebnow.com or just call us at 877-546-0316.
Our Orlando Headquarters has been closed to public since Thursday, March 19th. There is a county-wide curfew in effect starting tonight so we will not be accommodating visitors until further notice. Our data centers will also have restrictions on remote visits.
If you need any troubleshooting or maintenance related to your equipment, we will do our best to assist you, but physical access to assets will not be allowed until further notice.
While we regret that this inconveniences everyone involved, we want to assure you that we’ve got your back during this uncertain time. As Floridians we are accustomed to working remotely and we look forward to being as helpful as we possibly can be.
In other news, we have an upcoming webinar “ExchangeDefender Solutions Redefined” approaching on Tuesday, March 31st at 12:00 PM. Please join us to learn more about the new changes and expansions in our service portfolio. Register, click here.
We’re making massive changes to ExchangeDefender whitelisting policies that will make it easier (and safer) to allow trusted senders to bypass our SPAM filtering processes.
For 90% of you, this will just make whitelisting smoother and you don’t need to worry about the details.
For our system administrators and users who have grown infuriated with BATS (disposable email addresses) whitelisting, you’ll be thrilled to hear that we’ve launched a new white-listing service a few weeks ago that has been performing well enough in beta tests and will go into full production this week. The main issue we solved with the new technology is the management of bulk senders, but performance improvements alone and new features will be worth a look and full demonstration will be made during our next webinar.
The biggest problem with whitelisting, and an opening of an attack vector, is the prevalent use of BATS addresses. BAT, basic attention token, has become a standard tracking email address technology used by mass mail (bulk) senders. For example, the email address that the message was sent from appears to be: Vlad Mazek firstname.lastname@example.org
However, that is often not the actual address – it’s just the pretty, friendly, display address that Outlook shows you. If you open the message, the message is usually from something like email@example.com
New ExchangeDefender whitelisting service will step in and ask the sender to instead whitelist the domain itself, in this case massmailernode102.spammer.com or even wider. spammer.com. This setting will be on by default.
We will also be introducing gateway whitelisting for our enterprise and Pro clients, which will allow you to whitelist common bulk mail organizations entirely. While we do not recommend it, we understand that for some organizations it’s easier to just whitelist all mail sent by Sendgrid, AmazonSES, Constant Contact, etc than to constantly evaluate which ones to permit on a case by case basis. This setting will be off by default.
Another often requested feature, that is tied to the launch of the new Whitelisting code, is the ability to provide one-click access to report and manage white-list entries. Every user that enables this feature is doing so to better control their blacklists, and this setting will be off by default. When turned on, all received messages will have a footer in the message allowing the user to launch a complaint when something that looks like SPAM has been allowed through. The footer will only be visible on inbound messages and all tracking code will be deleted in replies, forwards, or messages sent from ExchangeDefender to the Internet.
We are rolling in a few more features that will be announced during our next webinar in March. If there is something you’d really love to see, please let us know, all these features are based on user requests so keep them coming!
Email is the most common security threat for all organizations, with 88% of companies suffering a data breach due to lack of proper email security protocols.
Email-based attacks affect the entire organization, not just the single user who clicked on the malicious link, or downloaded the virus-infected attachment. It takes just one harmful email to get past your defenses to cause critical damage throughout your organization.
What does Advanced Email Security mean for us?
ExchangeDefender Advanced Email Security provides the most secure email suite that protects against SPAM, viruses, malware, and phishing attacks. Compatible with all major email service providers – including Office 365, on-premise Exchange, and G-Suite for Business.
Our solution: ExchangeDefender Advanced Threat Protection
The Advanced Threat Protection helps defend users against threats hidden in emails, attachments, and links. It goes beyond the average business email protection; we even dare to say its stronger than Microsoft’s Advanced Threat Protection. See how we compare with their ATP, hint: we offer more security features than ever.
Our Top ATP Features:
Malicious Attachment Blocking
Protects against unknown malware and viruses, and provides zero-day protection to safeguard your messaging system.
Proactively protects your users from malicious URLs in an email message.
Checks incoming messages for indicators that a message might be a phishing attempt.
Real-time reporting that enable your security and compliance administrators to focus on high-priority issues, such as security attacks or increased suspicious activity.
Whitelist / Blacklist Policies
Email access control mechanism that allows email senders through, except for senders who have been denied access.
DMARC Domain Fraud Prevention
Protects your brand and the people who trust it from suspicious and infringing domains.
Click here to see full features
The powerful email security suite offers a multi-level protection against email-borne attacks, and also includes advanced threat protection features like Malicious Attachment Blocking, Anti-Phishing Policies, and Domain Fraud Prevention.
Learn more: Advanced Threat Protection
What is Phishing?
In recent years, spear phishing attacks have been on the rise, and have costed American businesses millions of dollars per year in time and resources.
Phishing is a fraudulent attempt via email to obtain sensitive information like username, passwords and credit card details. This type of attack is tricky because the phishing email appears to be from a trustworthy entity like Netflix, or Apple for example.
Furthermore, the phishing email typically has a call to action, and directs the user to a website via a link within the email. This website then asks the user to update personal information – and boom, your information now is in the hands of hackers.
According to a recent study by Verizon (2019), over 80% of security compromises start with a spear phishing email. ExchangeDefender can help you eliminate spear phishing threats or just provide notifications to your users when they get tricked into clicking on a link leading somewhere dangerous.
The solution: ExchangeDefender Spear Phishing Protection
ExchangeDefender provides the most sophisticated and most comprehensive real-time protection from email phishing threats through ExchangeDefender Phishing Firewall, External Sender flagging, real-time databases of safe and dangerous sites, and flexible phishing content handling policies.
1. ExchangeDefender’s phishing protection works on every device that is wifi-enabled with the ability to receive email.
2. There is no download or installation required for the security feature.
3. Our email spear phishing protection enables you to whitelist and blacklist email addresses and domains.
Spear Phishing Protection Highlights:
ExchangeDefender rewrites the URL of links in HTML emails and redirects you through our cloud filtering service that can alert or block threats you may inadvertently click on. (Learn More)
Flag External Emails
ExchangeDefender modifies the subject of messages received from outside of your organization, so nobody can ever mistake a message from external source or a coworker. ([EXTERNAL])
Blacklist / Whitelist
ExchangeDefender Phishing Firewall allows organizations, domains, groups, and users to maintain a list of safe and dangerous web sites, to which traffic should be allowed to pass or be blocked.
To learn more about ExchangeDefender’s Email Phishing protection and how it works, click here.
You can also explore our advanced email security suite that includes phishing protection, and so much more!
ExchangeDefender’s Live Archive solution offers uninterrupted access to live and archive email via the cloud. It enables organizations to access their email even when service disruptions occur, without customers knowing that there is an internal outage in progress.
The basics of Live Archive:
It’s Always On, and Running
Always have access to your email even during service interruptions.
It is Easy to Setup
Get up and running in minutes, there is no training required.
No Downloads Required
No software installations, no manual switches, and does not require management or maintenance.
It’s mobile friendly
Enjoy 24/7 access to your emails no matter where you go.
Live Archive is an enterprise-grade email continuity service that lets you resume work after a service interruption, or other technical malfunction.
Powered by our custom solutions in multiple data centers, LiveArchive delivers a vigorous and resourceful solution that is secure, and reliable! The best part of all is that – LiveArchive is always-on, constantly archiving your sent and received mail for up to one year. No maintenance or management to worry about in case of an outage. LiveArchive is continuously uploading your mail whether your system is up or not.
Live Archive Top Features:
We offer email continuity using our secure standby servers to archive emails instantly.
Real Time Archiving
Live Archive is always on records emails in instantly powered by our mail systems with data center redundancy.
One Year Storage
Receive up to 1 year of inbound and outbound mail accessible via our LiveArchive website. If you’re looking for long-term storage for email compliance, see compliance archiving.
It allows for you to sync your contacts, calendars, appointments and everything else in Outlook. And gives you the option to search and manage those items.
So, How Does Live Archive Work?
It’s as simple as typing in livearchive.exchangedefender.com, or livearchive.us and logging on to your account using your credentials. You are able to send, receive, forward and search, any of the mail that you need which we have rescued for you. Our inbound and outbound servers are simply an in-between step to your email being sent; as it is going to and from your mailbox, your correspondence is being saved in our servers for you later.