logo XD
logo Antler

ExchangeDefender

ExchangeDefender

We have some new and exciting changes coming to ExchangeDefender with the new release now less than two weeks from launch. However, I wanted to introduce you to some network-wide changes and explain them to the best of my ability so you can clearly communicate them to your clients.

If you take a look at www.ownwebnow.com/new and sign up for one of our webcasts, you will notice that there are a ton of new features coming to ExchangeDefender. We are also running a huge sales special. No, we are not a car lot, we don’t “make it up with volume” but by optimizing our technology.

Starting November 23, 2009 we will no longer accept messages from known spammers that have been listed on SpamCop and SpamHaus realtime blacklists. We have used SpamCop and SpamHaus to automatically drop non-whitelisted messages into the SureSPAM quarantine and during that time we have had less than 0.0000000001% release rate with an overwhelming number of released messages being forged junk messages. To put it even more plainly, even the messages from these servers that our clients thought were legitimate turned out to be fraudulent.

This has become even more obvious lately as spoofing has become more and more common. Say a client whitelists “@aol.com” or “@live.com” domain. ExchangeDefender will look at the header of the incoming message and even though we know it’s on multiple RBL’s, we will accept it and deliver it to the user as a non-spam. This has increased the complaint rate by our users who say more and more SPAM is getting through while they knowingly whitelisted domains that are often spoofed.

We will be joining almost all of the other major providers that do not accept mail from the known SPAM addresses.

Wait, you’re going to be deleting my mail?

No. We will only be deferring them. Every message reviewed by ExchangeDefender and confirmed to be on a RBL will be temporarily deferred (not accepted) and the remote senders server will attempt to send the message again later. Since messages on SpamCop and SpamHaus are not accepted by any of the large service providers, the sender will be alerted by dozens of other recipients who automatically reject messages on RBL networks. They will not only not be able to send mail to you but to anyone else.

We believe that if the sender is legitimate, they will address the RBL situation quickly and messages will be delivered to us promptly. However, if they are a known source of SPAM and choose to do nothing about distributing viruses and/or SPAM we have to do what’s in the best interest of the network and all the users that it protects.

We don’t expect this to be an issue as it really is a norm in the industry and virtually nobody knowingly accepts SPAM from addresses on these large, reputable commercial RBLs. SpamHaus and SpamCop come with excellent reputation and our own statistical models indicate that this will be a nonissue. This policy has been in place with our Exchange 2007 hosting network and our virtual web / mail hosting platform for over a year without complaints.

But we wanted you to know why your SPAM counts will drop dramatically ahead of time.

Sincerely,

Vlad Mazek, MCSE

CEO, Own Web Now Corp

ExchangeDefender

Please visit us in booth #1346 at the Microsoft Worldwide Partner Conference in New Orleans March 13-16th.

microsoftwpc

Next week we will be sponsoring the Microsoft Worldwide Partner Conference in New Orleans. If you are attending, please stop by booth #1346. We have a number of new plans that we are excited to discuss. If you are missing the event, we will also be at the CompTIA Breakaway in Las Vegas, MSP University in Santa Ana, ConnectWise Summit in Orlando and a handful of ASCII events and user groups. This is in addition to the many ASCII, MSPU, Autotask, Microsoft TechEd and HTG events we have participated in so far this year.

So the obvious question should be: why go to all these events when the economy is doing so poorly? Over the past year we have seen many companies go under or slow down significantly because they were not prepared to address the demands of the marketplace. Companies that have survived and are now thriving are doing so thanks to solid management, execution and product matrix. I personally feel that we are at the greatest wave of change on the Internet ever since it started being used for commerce and business. Business demands for Internet applications are changing, as are support requirements, making many of the old technology business models obsolete. In order to stay at the front as an innovator in this industry, we have to work closer with our partners and our clients.

My one agenda for 2009 was to convert many of the experimental and community projects into professional services our clients and partners could count on. This involves working very closely with our partners to develop the features the clients are actually working on, not necessarily the ones we think we can sell. This interaction has so far been responsible for our PSA as well as the PSA integrations with Autotask, ConnectWise and Zenith Infotech. It has also resulted in record growth in our revenues and profits, some of which we are contributing to community projects to encourage everyone to work with us more closely.

So consider this an invitation – we want to work with everyone. Feel free to email me to get started.

-Vlad

To download the remainder of the newsletter please click here.

ExchangeDefender

We are proud to announce an upgrade for ExchangeDefender Client Software Suite. You can read more about the software here. They are free and recommended for client interaction with ExchangeDefender service.

Bug Fixes – 03/10/2009
======================
– Fixed an issue causing some users spam/surespam to not be displayed correctly.
– Fixed an issue where the application would Pop-up each time the application loaded.

Features – 03/10/2009
=====================
– Added an “About Form”
– Automatic version checking has been added as a feature upon viewing the about page.

There are several other minor bug fixes. If the current software is working for you there is no reason to upgrade. However, if you do experience an issue our support teams will ask you to upgrade to the latest version before working the case.

Downloads are available at www.exchangedefender.com

ExchangeDefender

For the past two weeks we have taken an unusual project: Find out why certain messages get deferred or delayed at random times to random recipients. While this task is something that we perform routinely through our support portal, my staff has taken a lot of abuse at the hands of something that is really not an ExchangeDefender issue or something we are capable of addressing.

Last week we have introduced a layer of monitoring service to ExchangeDefender that has been collecting data on failures our clients servers are experiencing. This data is being plotted for each IP address we hand off mail to. So far we have been able to identify users that have:

Inadequate Internet connections (bandwidth or reliability)

Inadequate Firewalls or routers (connections time out, get deferred or dropped randomly)

Configuration problems (lack of space, lack of resources)

We have made several adjustments to the way we deliver mail for the clients that have frequent or persistent delay problems. In each researched case we have been able to isolate the problem to the recipients servers or network not cooperating. We have attempted to replicate the scenario with servers / addresses that are not on the same ranges or networks to eliminate the possibility of network/routing causing a problem.

We are continuing our work on this because no user should be frustrated with the delays in their message delivery. If there is anything we can do to determine if these issues are persistent enough to recommend additional resources or spotlight problems that the admins or MSPs are not aware of, I’m glad to do so. It is in all our users best interest.

Sincerely,
Vlad Mazek, MCSE
CEO, Own Web Now Corp

P.S. There is only one legitimate reason for mail delays: Senders IP address is on a commercial RBL like SpamCop or SpamHaus. These messages are delayed intentionally and whitelisting does not affect the performance, they will get delayed. This behavior has been in place for a long time with ExchangeDefender and is not set to change: Senders on SpamCop and SpamHaus have been confirmed as spammers by independent parties and have not done anything to delist themselves. We can only assume that these resources are not managed and we just cannot trust mail from these hosts, even if you chose to trust the senders from those domains.

ExchangeDefender

ExchangeDefender, now in the 4th release of the product, is proud to add Client Software Suite to the portfolio of security and business continuity products covered under a single fee. Consisting of ExchangeDefender Outlook 2007 agent and ExchangeDefender Desktop agent, the suite is uniquely positioned to help users interact with ExchangeDefender without having to leave their day-to-day computing experience inside Outlook 2007 or Windows Desktop.

Click here to download ExchangeDefender Outlook 2007 Agent

Click here to download ExchangeDefender Windows Desktop

Click here to see the features overview

Click here to read technical FAQs

Click here to listen to the Client Software podcast

While the features of the two products overlap somewhat, each is designed for a specific audience. Outlook 2007 agent is primarily designed to let users interact with ExchangeDefender on demand, report SPAM that slips through and casually customize the service to their needs. Desktop agent is designed for the diehard email addict that needs hourly updates on the amount of SPAM, quick access to LiveArchive.

We will continue to develop both going forward and have plans to introduce web filtering, virus protection and web file sharing during 2009. We see attack vectors changing and becoming more social to compromise the security of more savvy technology users. With that threat, the software protecting our users must evolve as well.

As always we welcome feedback and suggestions on how to improve the software and make your clients and users more efficient and productive with our services. Please use the Development tab in our support portal to communicate directly with the development team.

Oh, did we mention that all this is FREE? Go ahead and download it now!

ExchangeDefender

Since December 15th we have been testing a new ExchangeDefender antispam engine that has gone into production last night, January 5th. The new engine improves SPAM filtering efficiency by nearly 800% and shows about 5% less false positives than the current engine.

This new system has been running in the background transparently simultaneously with our previous engine and did not impact operations. We have started to notice new trends in SPAM lately and have moved to improve filtering of the items that have not been accurately picked up by the network.

We want to thank you for submitting SPAM through our ExchangeDefender Outlook 2007 agent as that has been critical in our ability to better protect you from junk. If you have not yet deployed the new ExchangeDefender Outlook 2007 plugin, or the new ExchangeDefender Desktop please do so today. They are available for download on the homepage at www.exchangedefender.com

Enjoy your new, cleaner mailbox!

ExchangeDefender

Happy Monday! Over the weekend a ton of ExchangeDefender 4 bugfix requests went online and so far the support requests for the issues have all but disappeared. Here they are, in order of magnitude:

ExchangeDefender Email SPAM Reports

Late last week new ExchangeDefender SQL cluster for email report management went online to compensate for the growth in network capacity. Because it usually takes six to eight hours for replication to complete some reports over the weekend were generated with 0’s for SPAM totals, an error that has since been fixed.

Going forward, SPAM reports will be remain to be available but we are moving the feature to the “legacy” mode meaning we do not recommend them as the primary point of access to SPAM. By default, new accounts will have their email reports turned off unless they explicitly request the email reporting to be turned on. There will be no change to the current users and as noted above there will be far more capacity to provide current users with the reports and those that choose them forward.

Email reports have been a dark eye on the face of ExchangeDefender. Over 83% of ExchangeDefender clients have never even opened an ExchangeDefender SPAM report, and nearly 99% have never released a single piece of SPAM from them. We track these releases and have even noted that majority of the releases are forged SPAM itself.

This is why we have developed better tools to surround ExchangeDefender with – the new ExchangeDefender Outlook 2007 Addin for Microsoft Outlook 2007, the ExchangeDefender Desktop Alerts for XP and Vista as well as the realtime web portal which is scheduled for 4.0 release this fall.

ExchangeDefender Password Resends

ExchangeDefender password resend request used to lead you to a blank screen and no email. This has been fixed, passwords are being sent now without issue.

ExchangeDefender Activation Optimizations

ExchangeDefender activations now take mere seconds (it used to take about 1 second to provision a single account) which globally meant it could take approximately an hour for the address to be fully provisioned. That has been throttled down to allowing over 5,000 user activations per minute.

ExchangeDefender LiveArchive Sync

Problems with ExchangeDefender LiveArchive settings sync have been addressed and syncronization is now up-to-the minute. If you’re ever stuck waiting more than 60 seconds for a password change or a setting change you might want to close your browser and retry.

More exciting changes are on their way, to be announced tomorrow.

ExchangeDefender

It has been quite an evening at ExchangeDefender as we continue to fight the outbreak of the UPS trojan. You may have seen this:

Warning: This message has had one or more attachments removed

Warning: (UPS_INVOICE_978172.exe, UPS_INVOICE_978172.zip).

Warning: Please read the “ExchangeDefender-Attachment-Warning.txt” attachment(s) for more information.

Subject: UPS Tracking Number 6431834482

Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient’s address is not correct.

Please print out the invoice copy attached and collect the package at our office

Your UPS

What is interesting about this is that the message does look fraudulent to the casual observers and people that do domestic business with UPS. However, we have encountered this format (with attachments and all) being used by UPS Commercial shipping departments in the past, which is why messages with the specific patterns received lower SPAM scores and were allowed through.

We still stripped the attachments but the attachments inside the ZIP file are passing through AV scanners as the variants change. We are now up to over thirty definitions used to track this specific worm and have taken the following steps:

UPS messages are only processed if they come from UPS.

UPS Tracking numbers are only accepted as valid if they start with 1Z.

UPS messages instigate a callback function against UPS servers.

Dealing with these extended rulesets and checks has made mail move a little slower today as we’ve dealt with onslaught of messages while this worm becomes more prevalent. UPS is also issuing a warning on their behalf:

brownbulletin

We currently have this issue under control and it should not pose any further problems. However, expect the UPS messages to be taken with higher scrutiny and always warn users not to open executable attachments.

ExchangeDefender

It has been quite a while since we introduced a new feature to ExchangeDefender. This is mainly because we have been hard at work on ExchangeDefender 4.0 whose LiveArchive backend is completely different from the present one. But we have heard the pain and thanks to the number of very compelling arguments we now support transparent archiving of outbound mail as well as inbound mail via LiveArchive.

Service is already provisioned and active for everyone that relies on LiveArchive. You do not have to do anything to activate the outbound archiving component. This new feature brings us one step closer to giving you a fully redundant mail solution within ExchangeDefender portfolio.

For more details on LiveArchive please see the ExchangeDefender web site LiveArchive overview.

ExchangeDefender

Due to the enormous amount of feedback by our customer base we are stepping up the defense from NDRs received for the emails that were not originated by your users to begin with. This is often called NDR blowback, backscatter, fake virus or worm storm, etc. It happens when someone uses your email address to relay an enormous amount of SPAM to the remote servers and encounters a lot of dead mailboxes that may have already been removed or had their quotas filled with SPAM. Naturally, an error bounces back to you because the remote server thinks you sent it.

We have had NDR backscatter protection for quite some time but the cries from our customer base have forced us to take away our liberal stance on this issue. We are now strictly enforcing NDR legitimacy, meaning that we will only deliver NDR mail if the message was sent through one of our outbound servers. Anything else, because we cannot validate it, will be automatically thrown into the SPAM queue if you choose to quarantine SPAM messages.

Are NDRs SPAM?

No, the non-delivery receipts and delivery status notifications are not SPAM. They do not contain any unsolicited commercial communication, they are not selling anything, they are not dangerous in any way. They are annoying, very annoying when you receive a few hundred in a span of a minute. How did this happen? Well, someone you previously emailed likely got infected by a worm or a virus that searched their hard drive (mailboxes) for email addresses. It then took a random address and joined a botnet and sent thousands of messages and made them appear they came from you. Because the remote (recipient) server did not have proper SPAM protection it blindly accepted the message and issued a rejection.

How does ExchangeDefender know what passed through it and what did not?

ExchangeDefender outbound network stamps each outgoing message with a hash key. When the message is returned in a form of a DSN or NDR we check the SMTP header for the presence of our hash key, we decode it and compare with the local copy stored in our server along with the matching From: message. If the hash key matches the sender of the message the email is passed on to other filters. If it doesn’t it means that  the message is a bounce to the message you never sent in the first place because it did not go through our network and it did not get stamped.

What to do if you still keep on getting NDRs?

There are a few things:

  1. Check that you are sending mail using outbound.exchangedefender.com as your organizations smarthost.
  2. Check that you only have inbound30.exchangedefender.com as your only MX record. If you have more than one your configuration is broken, follow the deployment guide.
  3. Check that you are enforcing IP restrictions, port 25 only and from our exchangedefender.com network only.
  4. If everything looks correct and the NDR was received after Tuesday, May 10th, open a support request with the text of the NDR as well as full SMTP headers of the message for review.

Thank you for trusting us with your mail.