Caveat: This feature is not recommended by ExchangeDefender, we actively discourage you from using it, and it is disabled by default. At the same time, we understand that sometimes the risk of getting hacked is less painful than arguing with non-technical users… In other words, we got you.

ExchangeDefender is an SMTP proxy security service, we scrub your email and only pass on stuff that doesn’t look like SPAM. In order to make that happen, we use industry standards such as SPF, DKIM and DMARC to make sure the senders are legitimate. (envelope-sender aka “envelope from:”)

The challenge these days is that nearly all the automated email messages (password reminders, marketing messages, newsletters, order confirmations, 2FA/OTP, etc) are sent from a unique disposable email address. Instead of coming from (the email you see in Outlook/Gmail) they actually come from something like These email addresses are automatically generated and only live for a short period of time (less than 24 hours) and are used to track bounces and failed deliveries. However, once you open the email your mail client looks at the “display from” address such as This address can be forged easily by anyone and that is how hackers end up compromising end users easily (cyberattack process better known as “spear phishing“).

ExchangeDefender has a secure facility to manage legitimate newsletter senders and automated email platforms (Domain Admin > Advanced Settings > Bulk Mailer Policy) and we train our partners how to properly create allow policies for<a href=”“>Disposable Email Addressing</a>/BATS. If you’re not a fan of using that process, you’re going to love the new From: Policy feature.

ExchangeDefender From: Policy

ExchangeDefender Advanced Features has a new section called “From: Policy” which enables you to create an Allow Policy based on the Display From address (display-from/fake-from). You can find this new setting at under Domain Admin > Advanced Features > From: Policy.

The policy is disabled by default, but if you enable it ExchangeDefender will search the email headers for the From: address and apply your Allow Policy (whitelist) using that address. Allow Policy forces ExchangeDefender to bypass all SPAM checks and will deliver the message to the users Inbox regardless of SPAM content (malware protection, virus protection, file attachment policies will still be enforced).

This feature will make delivery of automated messages (newsletters, password reminders, etc) much smoother with the side effect of making it easier for your users to get spear phished. However, this level of security exactly the same as whitelist/allow policy/trusted senders evaluations consumer email solutions such as Microsoft365/Outlook/Google Apps have, so if you trust their email security you can trust this as well.


tl;dr; You can now whitelist by the fake email address you see in Outlook/Gmail.

Schedule recurring emails
ExchangeDefender is proud to deliver another new feature to our Pro subscribers – Recurring Email Scheduler.

ExchangeDefender Recurring Email Scheduler feature has been the top request from our clients in 2021 as we continue our work-from-home lives: we are constantly trying to remind ourselves or others about something… and email (soon SMS/text) is the go-to way to do that. Virtually anything you need to remind yourself (or others) about on a consistent basis can be done including:

– Personal reminders
– 3rd party (clients/staff) reminders
– Invoice and recurring payment reminders
– Payroll and HR requests
– Meeting & appointment reminders
– Recurring tasks & maintenance requests

Problem is, most recurring email options require you to keep your PC on at all times. Maintaining and managing them quickly becomes a nightmare. Reporting is virtually non-existent, and creating new recurring messages takes time and skill and you’re in charge of troubleshooting problems with every software update. Or you can spend even more money on a 3rd party commercial solution.

This is where ExchangeDefender Recurring Emails feature shines:

– Create and manage all recurring emails from a single interface
– Create beautiful HTML messages with a friendly editor
– Attachments and multiple contacts are supported too!
– No need for your PC to be on, no DNS changes, no software to install
– Relies on public cloud infrastructure
– Powerful recurring scheduling & control
– Activity log and campaign delivery details (for compliance and troubleshooting)
– Ability to pause and resume campaigns

We’re also hard at work integrating our SMS Proxy solution so that we can extend the reminders framework to help you reach and remind everyone through their preferred contact method. Get started at by clicking on Recurring Emails. If you can send an email, you can send a recurring email!

ExchangeDefender Bypass builds on our commitment to helping users deliver email – not to mention making it easier to troubleshoot and work around mail security restrictions. We’ve all experience the “email bounce” when a message we send to someone promptly returns with some cryptic error and the bottom line is the recipient isn’t getting your email.

ExchangeDefender Outbound Bypass helps remedy this problem.

Email non-delivery can happen for a number of reasons – insufficient resources, misconfiguration, outage, local system policy, etc. When your mail bounces there are no easy ways around it, and most savvy users will just go to their free mail account (gmail, yahoo, ISP) which can cause a number of legal and HR complications. We can do better: with ExchangeDefender Outbound Bypass.

Much like our inbound bypass feature, the mail transiting this system does not rely on ExchangeDefender IP address space, network policies, or restrictions. We further designed it to rely on the public cloud infrastructure which is typically trusted and not subject to extra SPAM check (it’s where all your Amazon receipts & promotions come from).

So how does it work?

Simply open your browser and go to

Click on Bypass and select “I have problems sending mail” – fill out the form, attach anything you may need to and the message is sent instantly. When the recipient hits reply the message will go to your regular email address. That’s all there is to it. When the recipient receives your email it will still show your name, your email address, and include any HTML, images, or attachments you’ve put in the message when you composed it. It can also be used to help us open a communication channel with the recipients IT provider to resolve the original bounce as well. We hope this helps our partners troubleshoot problems faster and provide our clients a more reliable and resilient email experience.

P.S. ExchangeDefender Bypass is intended for legitimate, person-to-person email. Use of this system for UCE, bulk, sales, or otherwise commercial mail can expose you to steep fines.

Today, in our “Managed Cybersecurity services” webinar, we revealed new services for 2022. The meeting focused on how we can solve today’s email problems with ease. ExchangeDefender recently launched three solutions that will empower clients, and reduce their time wasted on email issues.

Solution #1 – Bypass ExchangeDefender

Bypass ExchangeDefender helps you receive email that doesn’t meet ExchangeDefender’s security needs. The reason why clients would use this is because it completely bypasses ExchangeDefender security infrastructure entirely. Bypass ignores DNS security and authorization requirements like SPF, DKIM, and DMARC. It also bypasses established security restrictions for attachments and domains. The biggest bonus here is that it is self-service and does not require any interaction with IT staff.

Outbound Bypass

ExchangeDefender Outbound Bypass helps you deliver important email despite of outages, blacklists, throttling, and other IT problems. The email service does not use any of our networks or systems. Instead, it relies on public cloud infrastructure. Pro user? ExchangeDefender PRO users get this solution for free.

Solution #2 – Recurring Emails

ExchangeDefender Recurring Email enables you to schedule recurring emails to send in the future. You can schedule emails to be sent at a certain time of day, any day of the week. The new feature is for standardized and compliance-oriented recurring email campaigns. So, how would you use it? Our team has been using it for recurring tasks and maintenance requests, payroll and HR requests, and client reminders.

Solution #3 – ExchangeDefender Guardian

Introducing ExchangeDefender Guardian, the cybersecurity analyst that lives in your inbox. Your dedicated analyst has the ability to triage, evaluate, and advise on any email that you deem suspicious. The guardian is mean for high-profile personnel. Anyone whose credentials, access, or role provide a lucrative entry into an organization. Price? The service is currently being offered invitation-only, and prices range from just $39 per month up to $399 dollars.

Interested? Contact us, or submit a ticket if you are an existing client to get started!

We want to thank so many of you that finalized the DMARC deployments during #CyberMonth of October. Special thanks to the thousands of clients that trusted us to update their DNS zones on their behalf, we know that DNS work can be complex and inconsistent from provider to provider, and getting it completed will eliminate countless mail flow problems (many that you’re probably not even aware of).

DMARC compliance allows us to keep you in our priority routing, assures delivery to major email service providers, improves mail flow & delivery, and most importantly – keeps us in your corner when there is a problem. (non-compliant domains are considered a broken deployment and restricted to service inquiries).

What all the DNS work and troubleshooting has turned up is that far too many of our clients and partners do not have the required skill set to properly deploy, maintain, and secure their DNS. This is not a one-off project: your domain name and DNS are your organizations primary identification on the Internet and just like people email you verification links when you sign up for the service, cloud applications are requiring custom DNS records for ownership verification.

In October we launched an ExchangeDefender DNS Service, at just $19/month, that will cover all the work related to your DNS including SSL certificate work, Dynamic DNS, DNSSEC, and whatever DNS standard comes up next.

Through the end of 2021, we are offering our ExchangeDefender DNS Service for just $19/month and we are waiving the setup fees. Contact us today to get this added to your account, as it will cost you exponentially more in troubleshooting and lost business the first time you have an issue.

Hello folks – Vlad here, thank you for a phenomenal 2021!

The best is yet to come – on December 7th (at noon) we’re holding an event to introduce the next generation of our offerings. As cybersecurity threats evolve, so must ExchangeDefender, and I’m confident you’re going to love how we put our expertise to work for you.

That said, we’ve had a very tough 2020 and an even more challenging 2021. The demand for our services has never been higher and the ability to predictably execute the business plan in a state/country/world that’s standing on quicksand has never been tougher. Our team not only managed to exceed service levels through it all, we also performed major upgrades and huge service improvements all around. I owe my team a looooooooooooooooong deserved break and for the remainder of 2021 we are not taking on any new projects, extended support contracts, deep dive optimizations/troubleshooting/consulting/etc. I need to allow people that have been working long past their shifts or burning the midnight oil the luxury of sleeping in till noon. You won’t notice it – support will still be available around the clock, our SLAs will still be honored, and all the routine stuff will keep moving smoothly.

When we come back from the Thanksgiving break, our sole focus will be the successful launch of the Dec 7th project. We will start 2022 with a bang and a team fresh and ready to fend off emerging cyberattacks.

In that spirit I’d also like to wish our partners, clients, vendors, and suppliers a happy holiday season. I know everyone has had to up their game in the face of Covid restrictions and challenges – and I hope you’re as grateful to make it through it as we are. Thank you for your patience, thank you for your kindness, thank you for your professionalism and thank you for trusting us with keeping you safe.

Vlad Mazek

Data Security

The importance of data security has catapulted to the forefront because of the fast-moving, unforeseen Covid-19. The pandemic caused most office workers to work from home for months, and required many organizations to build remote workflows. Remote working has offered prime opportunities for hackers to take advantage of unsecured data. The safety of confidential information in the remote workforce is becoming increasingly difficult to achieve without the proper security tools, (which most businesses lack).

ExchangeDefender Corporate Encryption is the perfect solution for organizations that need to secure their company data. Employees are able to encrypt emails simply, and share documents securely with Encryption. (Ask for a demo!)

Skilled Employee Shortage

Yes, we’re in the middle of a talent shortage. Businesses are experiencing a lack of skilled employees as the pandemic, and the Great Resignation movement continues to rage on. The IT department in many businesses are suffering, with 93% of employers reporting an overall skills gap. Staffing issues in IT are creating disruptions in other parts of the business as well – making increasing productivity a dream rather than reality.  

There is an opportunity for MSPs to offer IT services that organizations are unable to fulfill inhouse due to staffing. Services like cybersecurity, data storage, encryption, and disaster recovery are in very high-demand since the beginning of the pandemic. Offering businesses services that are mission-critical, and that can guarantee work productivity or continuity is vital!

Uncertain times

The COVID-19 crisis brought most businesses to a near stand-still causing major stress to business owners, and corporate CEOs alike. The future is uncertain, but what we can do is actively factor in future trends into our business growth goals. This means focusing on what the market needs (like providing solutions related to trends that are exploding), and on your customer base. The best data you have is from your current clients. Look for similarities, ask them questions along the way.

Cybersecurity threats increasing

Approximately 2,200 cyber attacks happen every day, which means every 40 seconds, a hacker gains unauthorized access to information. Company data has become one of the most valuable assets of a business. Data breaches continue to rise as hackers take advantage of vulnerabilities, particularly within the remote workforce. 68% of business leaders feel their cybersecurity risks are increasing.

The most common way of cyber-attack is through email, and every business is susceptible. 94% of malware is delivered by email, and about 50% of malicious attachments are Office files. The pandemic has brought in a new wave of cyber attacks with Phishing. In fact, 1 in 13 requests lead to malware – making it increasingly difficult to discern what is real, and what is not. Human error is driving data breaches, and organizations need to implement security measures to ensure the safety of their people and data. (Explore ExchangeDefender PRO)

Business Continuity / Disaster Recovery

When the COVID disaster first occurred, businesses realized that they did not have an active business continuity plan. This is a plan that details what to do in the event that a disaster, natural, or otherwise happens.  We have experienced a significant increase in demand for email outage protection, archiving, and file sharing services. Businesses have the challenge of making sure they can still operate as usual despite disruption, or public health crisis. Organizations that take advantage of solutions that empower productivity from work or home will experience the least amount of interruption.

The healthcare industry has seen a sharp increase of data breaches since the onset of Covid-19. As we encouraged minimal in-person interaction to minimize the spread, the rise of Telehealth services grew 46% in 2020. It is known that the medical sector has been slower than others when it comes to leveraging new technology. The lack of data security is apparent as 89% of healthcare providers have suffered some type of data breach within the past two years.

So, what’s the deal? Why is the healthcare industry such a big target for hackers?

The healthcare sector mainly consists of businesses that provide medical services, create medical equipment, and develop the drugs that fill our prescriptions. It is a gold-mine for big data that contains sensitive information about patients like date of birth, addresses, medical records, and so much more. Hackers target the industry with data breaches and ransomware to gain full access of medical information of millions of people. 41% of Americans have had their protected health information or PHI exposed in the last three years. The sector’s biggest challenge is managing and securing large volumes of sensitive data. It is extremely difficult to minimize security breaches, and reduce cyber theft when security is not seen as a priority.

Struggling with strict compliance standards

The nature of information that the healthcare industry collects, is subject to some of the strictest data privacy and compliance standards. Healthcare is unique as it manages large volume data that is constantly changing. Complying with data security standards is a major struggle for healthcare as they use Electronic Healthcare Records (EHR), and adopt new cloud technology. Patient EHRs enable doctors to treat via telehealth, and share data digitally which is encouraged by the HITECH act. Unfortunately, many hospitals and clinics have not implemented a secure method of sharing this information which does not fulfill HIPAA standards.

No security training leads to user errors

This is the fact of life, right?  Users cannot manage something effectively without understanding how it works. Approximately 90% of data breaches in 2019 were caused by human error, a drastic increase from 61% two years prior. In general, human error is the leading cause of data breach within an organization. For healthcare, about 40% of employees have received no cybersecurity training whatsoever. This lack of security training is costing the medical sector millions of dollars in damages per year, with the average record stolen costing about $400 each.

Empower medical professionals to implement Encryption software

Healthcare professionals can easily send and receive secure messages with ExchangeDefender Corporate Encryption. Personnel can communicate sensitive data with confidence using a powerful, user-friendly web interface that can auto-detect personal identifiable information (PHI) like patient names, date of birth, lab test results, medical bills, and more! It can prevent accident data leaks by triggering custom policies that the organization creates based on security standards. Using Corporate Encryption will automatically help medical workers comply with HIPAA and HITECH regulations.

Interested in a free trial? Contact us today!

Most common IT challenges for lawyers in 2021

The legal industry is what we, in the tech industry, call ‘late adopters’ when it comes to modernizing their business with newer technologies. Traditionally, legal professionals were not very tech-savvy, and were dependent heavily on the physical handling of documents. Now is the time to spread awareness of the technologies that are available to the legal industry to prepare present lawyers, and future generations of lawyers with the most appropriate technologies. Let’s explore the most common IT challenges that today’s law firm are currently experiencing, and ultimately help suggest the right solutions they need to empower their practice.

Data Leaks

Data leaks or “data breaches” are the most common result of cyber-attacks. A data leak happens when a hacker has accessed sensitive information of a company, and in many cases, has released the information into the public domain without permission.  

The legal industry is a prime target for hackers because of the nature of their business. They deal with sensitive, and confidential information on a daily basis. Due to the lack of security used by many law firms, it is easy for hackers to perform data breaches via malware, phishing, and even denial of service. An email security suite like ExchangeDefender PRO would protect a law firm from email-borne attacks, phishing attempts, and would most definitely prevent data leaks.

Phishing Scams

Phishing attacks have taken over the internet in terms of being the most popular form of cyber-attack. It is the most common way for hackers to win your sensitive information. In fact, Verizon’s most recent Data Breach report claimed that 70% of data breaches involved Phishing.

A phishing scam is when a hacker sends a fake email that appears to be coming from a trustworthy company. The user clicks on the link inside of the email, is presented with a fake landing page, and is deceived into entering their login credentials, or credit card information.

Document Management

Overcoming document management challenges are a major struggle for law firms as the industry has been extremely dependent on physical document copies. The accumulation of these documents as records are proving disastrous for legal practices that have been in business for years. ExchangeDefender’s Web File Server solution would take care of any document management issues. It offers unlimited storage, is extremely secure, and can provide limited access to a lawyer’s clients for seamless collaboration.  


Compliance is a major issue for law firms when it comes to the technology aspect. They are responsible for ensuring that their IT solutions are secure enough to keep data safe, and is secure enough to prevent a data breach. This is difficult when many firms do not currently use an advanced email security suite. As cybersecurity providers, it is our duty to keep law firms safe and to ensure that they adhere to state, federal, and international regulations.    

At ExchangeDefender, we are unique just like our clients. Our team members are all from different nationalities, backgrounds, and expertise.

We do not aim to offend or demoralize any individual or groups, unless they are spammers or hackers. 🙂

Some of the industry standard terms used in the backend, that have been part of IT for decades, may sound offensive to clients in the modern workplace. Non-technical clients who are not accustomated to traditional IT terms are rightfully shocked when they see terms like “master-slave replication”, “whitelist”, and other similar racially sensitive wording.

SPAM filtering and email security should not be offending our clients so we’ve gone through an audit of our web site, our portals, our mobile apps, and our backend in an effort to rephrase some of the industry terms that may be offensive. 

Our client base has changed over the past 24 years, (our services are predominantly used by non-technical staff) and this was a part of our larger effort to make ExchangeDefender more user-friendly. 

We want to make our services more accessible for users that have never used ExchangeDefender, or an enterprise security software; you will see fewer IT acronyms. Instead, we’re rephrasing our services to sound like spoken English, for example: To block senders from sending you SPAM you will now add their address to a “Block list”.