Email Encryption: New Security, Productivity, and Advanced Reporting Features Released
ExchangeDefender Email Encryption: When you need to make sure your message was read, securely.
ExchangeDefender is proud to announce the launch of a new version of ExchangeDefender Email Encryption, our second update to this service in 2020 built entirely from user feedback.
Covid-19 pandemic has permanently changed how we exchange secure documents with people outside of our organization. In 2020, encrypted email has become a standard for secure delivery of confidential information. When you absolutely needed to make sure your documents got delivered and received, you’d turn to a fax machine or certified mail – but in 2020 with remote work and reducing touch or even office – we’re turning to Email Encryption. It’s no surprise that Email Encryption is now our most popular service.
For this new release, we went back to our users with a question: How can we make you more productive?
Encrypted Email is the modern version of a certified letter
When you have sensitive information that you need to make sure stays confidential, email encryption is your go-to solution. In fact, the biggest complaint about email encryption is usually about how clunky and user unfriendly it is. This is because email encryption was not designed with a sender or recipient in mind, but the IT and Corporate Compliance Officer staff that needed to protect ordinary email flow and keep any sensitive information from leaking out.
We wanted to solve this problem so we focused the new version on productivity.
This meant spending more time perfecting the user experience, both for the person in charge of sending sensitive information and making sure that the recipient can easily and safely access the message. With no training, no obstacles, no software installation, and accessibility anywhere, anytime.
Almost all of the corporate effort in email encryption is focused on acronyms and alphabet soup of regulatory requirements that are largely automated. But the real opportunity – and our clients identified obvious pain points – is in the day-to-day use of the email encryption system to send confidential information and make sure it’s received.
Sending Encrypted Messages
Our biggest goal was to make sure everyone could send encrypted messages without a ton of effort – so we’ve made it possible to subscribe to Corporate Encryption without subscribing to ExchangeDefender at all. Yes, it’s available a la carte and you just need to sign up (no MX record changes, no hosting provider changes, just sign in to the encryption portal and click Send).
For our clients that live in Microsoft Outlook or Outlook Web App, we’ve made it even simpler with the ExchangeDefender Encrypted Email addin. Now email encryption is just one click away.
Our biggest challenge was to make encryption easy to use – with so many powerful features and settings, modern email encryption solutions feel like an airplane cockpit to many white collar workers. We started by simplifying the user interface and giving IT/Compliance Officers the ability to create default organization policies – so users only need to worry about the message and where it’s going. All the advanced options are just a click away, enabling users to tweak email encryption to meet any unique business task.
So we’ve made it easier to obtain, easier to get started, and beyond effortless to use!
Controlling & Automating Encryption
We did not forget about our power users and our new release has all the features our clients have requested. Advanced Options no longer clutter the screen, but they are only a click away.
Once you customize the policy for a new message you have the option of saving it as a new policy and simply reusing it later (instead of always going through all the settings).
Regardless of the industry or the role we spoke to, our clients stressed that one-size-fits-all approach simply doesn’t work. While all appreciate and understand that there is a security policy requiring encryption of sensitive data, the pain point for everyone is the notification system: We all have to comply with the encryption policy, but we’d all like more flexibility with how we’re notified about our encrypted messages. Simply put, it can depend on the content, the urgency, the concern for how the message is shared with 3rd parties, and even on who is being contacted. As one office manager told us:
“When I’m sending a letter to our attorney or CPA, I need to know the moment they got it. But when I send out 300+ lab reports, I really don’t want to get 600 notification emails. I wish I could manage how chatty the service is for each situation”
Now you can – just save the new policy and reuse it as often as needed.
Important thing is, everyone stays secure using the default organizational encryption policy. New users don’t need to be trained or taught every single setting, they can just rely on the corporate policy that assures they don’t make mistakes.
Tracking Encrypted Messages
One of the biggest additions to Corporate Encryption is the Activity Report. As our users consistently put it: “Encryption is half about protecting the content and half about making sure it got to the recipient”
Tracking receipt of messages using encryption solutions is generally about searching through tons of email notifications: finding a specific message and what happened to it is an analytical process. We fixed that, for power users and occasional users alike.
If you’re constantly sending encryption messages, tracking them becomes simple using our encryption portal that is accessible from any PC or mobile device. Simply login at https://encryption.exchangedefender.com (branded URLs coming soon) and click on the Activity tab. Here you can locate a specific message and see every activity related to it.
If you’re after a report, you can also use our powerful filtering to select the right action, date range, and contents – then just export it to PDF, Excel, CSV or just print out the web page and you’re done.
If you are not a power user, but send a lot of encrypted messages, we’re making your life simpler as well. Instead of getting an email every time something happens, you will now get a weekly email report showing you all of the messages you sent and what got delivered, read, printed, forwarded, etc.
Simple. Encrypted. Reported.
ExchangeDefender’s new Corporate Encryption is all about giving organizations better control over their sensitive information. For many business purposes surrounding security and data leakage, ExchangeDefender’s powerful encryption policies, lexicons, pattern recognition, and support for hundreds of regulatory standards will help keep you safe.
ExchangeDefender is about more than just safe, we’re about safety and productivity. Our new UI will make sending confidential information faster and simpler. Our new policies will make custom notification templates and message control effortless. Our ability to make an encryption platform that fits the way you run your business, be it email or a shared URL or even an SMS message — that future is now.
Get Ready for 2021: New services, new SKUs, new promotions
ExchangeDefender, like almost all small businesses worldwide, is having a challenging time managing the Covid-19 crisis. From having our headquarters on the 12th floor of a downtown Orlando high-rise, to undertaking a massive and complex migration, to team dealing with family and health issues, this spring and summer has really forced us to grow and quick. I’m sure you’re dealing with the same and I want you to know that we’re fully committed to growth this year and putting you into a better position to profit from cybersecurity.
While the economic disruption will certainly be forcing some businesses into a hibernation or worse, my travel always reminds me what a blessing and a privilege it is to own a business. It comes with responsibility – to clients, to partners, to vendors, and to our team. We don’t have the luxury of slowing things down and seeing how things look in a year or two – we are actively attacked 24/7/365 – we have no chance but to act, secure, and grow so we can continue to defend networks today and provide a security layer for the threats we’ll encounter tomorrow.
Over the past two years we have focused on development and modernizing of all ExchangeDefender services. In the spring, when Covid-19 started, everyone got a free Wrkoo portal, which we are committing to keeping free because we need our partners and clients to communicate through this interruption. We’ve also released a brand new LiveArchive product that will usher a new era of security and redundancy services for Gmail and Microsoft 365. We’ve upgraded everyone to the latest Microsoft 365 SKU, which not only introduced new features but reduced support load by 90%!!! We’ve hired more developers and have an aggressive feature roadmap taking us through the end of 2021.
While we have raised our rates over the years, many of our partners have benefited from us not auditing invoices, not expiring some of the promotional services, not reclassifying passthrough billing (which is prohibited), not enforcing the $100 monthly minimum for monthly payments, etc. We hope this advantage has allowed you to grow and profit, and you’ll be happy to hear that the new SKU’s scheduled for 2020/2021 are still significantly lower than the market average.
Later this fall (November 1st), we will be expiring old/defunct SKUs. To find current pricing, please download the Partner Guide from our portal.
Personally, I understand that price increases suck. There is no such thing as a good time to raise prices. Yet people do it all the time, and when we look at our roadmap and what our clients are demanding: they are asking for more security, not cheap security. When we look at our top performing partners, they aren’t selling Essentials and freeware, they sell the best. While I know that the decision to standardize our pricing and enforce the rules will cost us some business, our focus is on putting out the best product and service. Many of you that have followed or worked with me over the years know that my personal hero is Ayrton Senna, and that I frequently talk about his mastery of a wet race track. How did he get that good? Truth is, Senna bombed his first go cart wet race. Determined to get better, he put his wet gear in a bag and got on the track just as the rain started. Partners, clients, friends – in the tech business you don’t get ahead with cheap and aging technology – the security demands are only going to get greater and we want to make sure that we can keep you safely in business for years to come. We’re up for that challenge, and we hope you like all the enhancements we’ll continue bringing to our service.
ExchangeDefender Service Cancellation Schedule
ExchangeDefender has always tried to help our partners when it comes to billing management. Perhaps you’ve noticed that no matter when you sign up for the service during the month you are not charged. Not even a prorated amount.
The terms of service do require a 30 day notice, but we understand that sometimes our IT partners are too busy to remember to cancel stuff. As we’ve grown over the years, it’s become necessary to lock down our subscription management a few days before the billing cycle that runs on the 1st. Inevitably someone forgets or waits till the last moment and opens a ticket nearly at midnight making for an awkward pointing to terms of service. Worse, some partners make their staff wait till the last of the month to manage cancellations and adjustments, which stresses everyone out unnecessarily.
So we’ve got a solution. When you come to delete / cancel the service you will be given the option of selecting a cancellation date. This allows our partners to have the service scheduled for automatic deletion so you don’t have to worry or wait until the end of the month. Now that this bit is automated, our team will no longer accept cancellations of services unless they are made through the Service Manager
Final Update: Exchange Migration
We wanted to offer one final update before we close the ExchangeDefender NOC covering our Exchange migration.
The past few days have been largely consumed with cleanup and misc configuration requests already covered here. By far the biggest issue has been reseeding and legacy copies of mailboxes exceeding 25GB – using nearly all internal, Microsoft/powershell, and third party tools there seems to be no predictable, foolproof, failsafe way to migrate a mailbox. The larger mailbox gets, the more difficult it seems to port (one particular user has been waiting on their mail for 2 weeks – they have a 70 GB mailbox – and it’s taken dozens of attempts of repair/recheck/export/move/seed/verify) and it has been the greatest source of frustration for us and for our clients, largely because the progress indicators are unreliable and process very prone to failure the larger the mailbox gets. This is why when we started offering 2016 years ago we set up the 50GB quota with 15GB realtime and 35GB in place archive setup so we can deliver on both service restoration and disaster recovery.
We are continuing to assist our partners in the following areas:
– Outlook connectivity (if it keeps on prompting you for a password you need autodiscoverregistryhacks.zip)
– Distribution Group (External) and External Forwards UI (we discovered a bug, the control panel will be back over the weekend and in meantime we’ll create it for you manually with a ticket request)
– Cancelled services (as of yesterday 6/18 we have the ability to remove organizations from ExchangeDefender/O365, so if you client cancelled or went to another service even within O365, open a ticket and request that we delete the org. You can do so on your own as well if you’ve deleted all the mailboxes/forwards/groups.)
– IoT/SMTP (while Exchange/O365 does support SMTP connectivity, managing it through our IoT connector is far more secure and reliable)
– Implementation of Shared Mailboxes. Please, please, please, please DO NOT use Public Folders anymore, for any purpose. Create a Shared Mailbox instead.
At this point everyone can connect, mail delivery and legacy reseeding are in progress, all systems for Exchange, ExchangeDefender, and LiveArchive are working normally.
We’re looking forward to closing this ugly chapter. We have done everything in our power, and we couldn’t be more thankful for our partners who have helped us with the cleanup of the Microsoft disaster. Thank you. We are sorry that so many clients were inconvenienced with this, we planned and managed every step of this migration by the book with thousands of other successful migrations that happened from 2016 – Aug 2019, but when your vendor pulls the rug underneath you and damages hundreds of mailboxes unannounced… many of us will soon be enjoying the first day off in June. The only good news is, you will not have to go through this process again.
Exchange Upgrades Complete
So far 2020 has been surprising on every level, and our legacy Exchange infrastructure was not going to be missing in action: As of May 31st, at 10 PM EST we have decommissioned our legacy Exchange and have moved everyone to the new Office365 SKU (Exchange2016/2019) to provide the best email experience Microsoft has to offer.
We do not anticipate any major issues. Months of engineering/testing/backups went into making this move as smooth as possible, and we really hope you like it.
If there is an issue, we can help:
We have increased staffing levels around the clock from May 31 – June 6th to help our clients and partners with any issues that may come up. If you run into any issues whatsoever, please keep in mind that there are two ways to get your mail even if Outlook is having issues:
Outlook Web App / Outlook Web Access
ExchangeDefender LiveArchive
https://nge.exchangedefender.com
Both of these systems will allow you to continue sending/receiving email while we we help figure out what isn’t working right. Here are the best ways to get in touch with us:
ExchangeDefender Support Portal
If you do not have an account in our support portal, please submit your issue here:
https://www.exchangedefender.com/help
If neither works, call us*:
USA (877) 546-0316
World: +1 (407) 465-6800
Support portal is the best way to get things done, but if you call or go through the 3rd party help site, we will get your issue into our portal and will work on the issue until everything is sorted out. We thank you in advance for your patience and we look forward to having you on the newer, more reliable, email experience.
Sincerely, Vlad Mazek
CEO
ExchangeDefender
Rise of “a la carte” offerings at ExchangeDefender
Traditionally, ExchangeDefender has been an email security platform, first and foremost. In order to secure your email on its way to/from your email infrastructure, your MX records needed to point at us and all your mail was secured using our platform. In May of 2020, that changed.
As of June 2020, you can offer ExchangeDefender solutions without ExchangeDefender or mail going through to us at all. It’s no secret that all the add-on cool features in ExchangeDefender (LiveArchive, Web File Server, Encryption, Compliance) are in their 3rd or 4th generation, and those services are in huge demand on their own.
You will shortly be able to purchase most of our offerings directly without the complexity of joining our partner program and without needing to implement a bunch of other features if you only need a way to securely collaborate. Our web site, ExchangeDefender.com will remain a partner-centric experience and we are introducing a new site used to manage ordering and processing of subscriptions to our a la carte services.
Our partners will be able to continue provisioning and ordering ExchangeDefender services as is. As a partner you’ll also have a choice of placing orders through the new a la carte service as well (if you don’t want to be involved in management, support, etc for your users) just without discounts and incentives (since we’ll be doing all that work now).
We strongly believe that our partner ecosystem provides a lot of value to the organizations that consider IT security to be critical to their success. The reality is that many do not, and our partners tend not to sell services to clients they deem too small or too unprofitable for the overall offering: now we have the means and ways to help them through service bundles and individual service offerings specifically designed for the cloud.
If you’d like to be on a beta test, please let us know, the new platform will launch next week!
Introducing ExchangeDefender Broadcast Messages
ExchangeDefender is making it simple to reach all users in your organization using broadcast messages. This service is convenient for business cases where you need to reach every user at the client site or every single user protected by ExchangeDefender.
ExchangeDefender Broadcast Messages are easy, simple, automated, and free.
Simple – Sending a broadcast message is simple. Go to admin.exchangedefender.com, login as a Service Provider and click on Broadcast Messages.
Automatic – Broadcast Messages are always up to date and require no management or maintenance, for compliance purposes you can be certain every address on the domain will get the message.
Flexible – Messages support full HTML and our user friendly editor can help you design beautiful messages.
Branded – To save time, each message will automatically get the logo and contact information from the Service Provider contact information data.
How-to Guide
To send a message simply go to https://admin.exchangedefender.com, login as the service provider , and click on Broadcast Messages.
You will be prompted to choose an audience: specific domains (allowing you to pick from the list) or everyone. Type your message and hit Preview. You will see your message here, and it looks exactly the same as your recipients will see it in their Inbox. There are two checkboxes on the bottom to insert your logo and insert a default signature. If you are happy with the look of it click on Submit and messages will be sent within 60 seconds.
ExchangeDefender Introduces Special “bypass” Disposable Email Addresses
Every now and then you will need to receive an email from someone that is on a compromised/spam network, or you’ll have to get an attachment that is blocked by corporate policy, or a domain with misconfigured SPF/DKIM domain – we see it every day and it’s incredibly frustrating for the users. On one hand, you have to adhere to the company IT policy but you also have to get the work done and many resort to using free mail systems that shouldn’t be allowed on corporate networks under any circumstance.
Or maybe you’re just signing up for something online and don’t want to deal with the SPAM that will probably come with it.
A Disposable Email Address
ExchangeDefender is pleased to announce disposable email addresses. They are free, simple to setup, mask your real email address, and they bypass all security policies.
Free
You can setup as many disposable addresses as you wish, they can be created and deleted at any time.
Simple
Just go to https://admin.exchangedefender.com, login and click on Bypass Addresses
Private
Bypass Addresses mask your entire address and domain (unlike less secure systems that just append + or . to the real address, that is easy to strip and spam)
Bypass
Mail sent to bypass addresses isn’t checked for SPF, DKIM, spam content, infections, GeoIP, or other typical security restrictions.
Secure
Each email subject is modified to start with [WARNING! | BYPASS.XD External Message] so you don’t inadvertently open an email you were not expecting.
How to get started
Bypass Addresses are available to all ExchangeDefender Pro clients at https://admin.exchangedefender.com.
Simply login with your credentials for ExchangeDefender Admin portal, select “Bypass Addresses” under My Account, and click on the ” + Add New” button.
That’s it. The system will generate a random disposable email address and any mail delivered to it will automatically be passed on to the real address you select. It takes less than a minute for it to go live!
Once you’re gotten the email you’re expecting, you can return to the admin portal and delete the address. If you’ve created an email address for an e-commerce site or something that will likely generate a lot of SPAM, you can deactivate the email address and mail sent to it will not be delivered to your inbox. If at some point in the future you need to get email at that address again (forgotten password, two factor authentication, etc) your address is permanently attached to your account and can be reactivated in less than one minute.
What to Expect: Our COVID-19 (Coronavirus) Update
Dear ExchangeDefender Clients,
As you’ve come to expect from us over more than two decades, we’re open and ready to serve you 24/7. If there is anything we can do for you, please let us know at https://support.ownwebnow.com or just call us at 877-546-0316.
Our Orlando Headquarters has been closed to public since Thursday, March 19th. There is a county-wide curfew in effect starting tonight so we will not be accommodating visitors until further notice. Our data centers will also have restrictions on remote visits.
If you need any troubleshooting or maintenance related to your equipment, we will do our best to assist you, but physical access to assets will not be allowed until further notice.
While we regret that this inconveniences everyone involved, we want to assure you that we’ve got your back during this uncertain time. As Floridians we are accustomed to working remotely and we look forward to being as helpful as we possibly can be.
Please be safe and stay healthy, to keep current on our updates, please follow us on:
FACEBOOK
BLOG
In other news, we have an upcoming webinar “ExchangeDefender Solutions Redefined” approaching on Tuesday, March 31st at 12:00 PM. Please join us to learn more about the new changes and expansions in our service portfolio. Register, click here.
Upcoming Changes to ExchangeDefender Whitelisting
We’re making massive changes to ExchangeDefender whitelisting policies that will make it easier (and safer) to allow trusted senders to bypass our SPAM filtering processes.
For 90% of you, this will just make whitelisting smoother and you don’t need to worry about the details.
For our system administrators and users who have grown infuriated with BATS (disposable email addresses) whitelisting, you’ll be thrilled to hear that we’ve launched a new white-listing service a few weeks ago that has been performing well enough in beta tests and will go into full production this week. The main issue we solved with the new technology is the management of bulk senders, but performance improvements alone and new features will be worth a look and full demonstration will be made during our next webinar.
The biggest problem with whitelisting, and an opening of an attack vector, is the prevalent use of BATS addresses. BAT, basic attention token, has become a standard tracking email address technology used by mass mail (bulk) senders. For example, the email address that the message was sent from appears to be: Vlad Mazek vlad@ownwebnow.com
However, that is often not the actual address – it’s just the pretty, friendly, display address that Outlook shows you. If you open the message, the message is usually from something like soap-2391-kwqw-399q-vlad=ownwebnow-com@massmailernode102.spammer.com
New ExchangeDefender whitelisting service will step in and ask the sender to instead whitelist the domain itself, in this case massmailernode102.spammer.com or even wider. spammer.com. This setting will be on by default.
We will also be introducing gateway whitelisting for our enterprise and Pro clients, which will allow you to whitelist common bulk mail organizations entirely. While we do not recommend it, we understand that for some organizations it’s easier to just whitelist all mail sent by Sendgrid, AmazonSES, Constant Contact, etc than to constantly evaluate which ones to permit on a case by case basis. This setting will be off by default.
Another often requested feature, that is tied to the launch of the new Whitelisting code, is the ability to provide one-click access to report and manage white-list entries. Every user that enables this feature is doing so to better control their blacklists, and this setting will be off by default. When turned on, all received messages will have a footer in the message allowing the user to launch a complaint when something that looks like SPAM has been allowed through. The footer will only be visible on inbound messages and all tracking code will be deleted in replies, forwards, or messages sent from ExchangeDefender to the Internet.
We are rolling in a few more features that will be announced during our next webinar in March. If there is something you’d really love to see, please let us know, all these features are based on user requests so keep them coming!