Troubleshooting Email Delivery with ExchangeDefender Logs
Modern email delivery has become complex in order to eliminate scams and minimize the impact of cyber threats. Unfortunately, those complexities can impact mail delivery: “I sent them an email and they never got it!!!”
First point the user to https://bypass.exchangedefender.com service that’s included with ExchangeDefender. Our users love it because they don’t have to wait on the tech issue to get sorted, they can send the mail right away (and it tends to have a far better delivery success rate because we strip everything that typically trips up SPAM and security filters).
Second, find the problem in the mail and error logs.
You can of course use our interactive mail log (tracing) search to locate the message and see where the problem may be. For larger tenants, we recommend downloading the logs so you can go through them faster on your PC:
ExchangeDefender can help identify the issue through our detailed Raw SMTP logs and Mail Error logs
Log access gives you raw access to everything we have on our backend but you get it faster (as our support doesn’t have access to your data including logs, and getting the access approved internally takes time).
If log analytics isn’t your thing please contact us about the ExchangeDefender Managed Service where you’ll have your own postmaster managing all these issues for you (service must be enrolled before requesting support).
Email delivery problems can be complex and at times out of your control. This is why we always first recommend going to bypass.exchangedefender.com (and ExchangeDefender Inbox) so you can actually do your work. After that, grab the logs and see what the problem is. As always, we’re happy to help!
ExchangeDefender Phishing Firewall and Microsoft Defender
Now and then Microsoft Defender will encounter something potentially dangerous when it’s processing your browsing activity. Most of the time it is just the URL of a site they’ve blacklisted.
Enter ExchangeDefender Phishing Firewall. We rewrite every URL going through our service to give our users an extra layer of security and prevent malware and phishing. If you’ve seen the xdref.com links in your email, that’s US keeping you from accidentally clicking on a legitimate link and getting a zero-day exploit compromising your PC. Well, Microsoft Defender looks at the same link and its contents and can flag an entire URL of your phishing firewall. Then you end up seeing this:
How do I get this resolved?
Since this URL is exclusively used by you and your clients, make sure you’re using ExchangeDefender Outbound Service to route outbound mail (our outbound service strips all the xdref.com URLs).
Next, please report the problem with the URL to Microsoft at this location:
https://security.microsoft.com/reportsubmission?viewid=url
How do I fix it?
There are two ways to solve this problem within your tenant at Microsoft 365. The fastest way is with PowerShell:
New-TenantAllowBlockListItems -ListType Url -Allow -Entries ~xdref.com~ -NoExpiration
The more user-friendly way to allow the URL is through the Microsoft Defender Portal at the following URL (make sure you’re logged in first):
https://security.microsoft.com/tenantAllowBlockList
Microsoft tends to move its security components around a lot so if the URL changes login to the Microsoft 365 Defender Portal and go to: Policies & Rules> Threat Policies > Rules section > Tenant Allow/Block Lists.
To learn more about Microsoft Defender and how to manage its security policies on this topic please see the following KB article.
Tip: ExchangeDefender recommends executing this process when the client is onboarded, but it will work at any time.
Top 2023 Technologies: Inbox, Encryption, and Troubleshooting Solutions for Email Issues
Can you believe that we’re almost done with the first half of 2023? We’re often asked by partners to catch up so you can see what’s moving and what’s working. We pulled up some stats and tickets and here is what you’re leveraging the most in 2023:
1. Inbox + Bypass
Nearly every email provider and every email platform/server has had issues in early 2023. Hackers and the weather haven’t helped either. All this has propelled Inbox (https://exchangedefender.com/inbox) and Bypass (https://bypass.exchangedefender.com) to our most popular sites.
Email down? It has been for a lot of people in 2023
Inbox is the new generation of LiveArchive, an always-on email service that’s replicating your live mail stream in the cloud. When our clients had problems with Outlook online and Exchange, Inbox was there to let them continue working.
When emails bounced for weird reasons, ExchangeDefender Bypass was there to help people send mail out with their email addresses. Couldn’t receive an email? Bypass helped there too.
2. Encryption + Secure Forms
Regulatory compliance and just better business practices are driving our ExchangeDefender Encryption service to the second most popular spot.
ExchangeDefender Encryption enables you to send secure messages via email, text/SMS, and web services. Whenever you need to send something that you have to track, something that should be protected by multiple passwords, that needs to expire – we’ve got you.
The most leveraged piece? Reporting when an email is read. People want to know who and when something important was actually read by the recipient. When you need to know they saw it 🙂
3. Check + XDNOC
We’ve become experts at troubleshooting mail flow and now that AI is coming into the picture everyone needs some help to integrate all the vast cloud services that are powering everything these days. In a nutshell, when email breaks they call us.
The third most visited ExchangeDefender technologies were https://check.exchangedefender.com and https://anythingdown.com – and mostly because all major email services had issues in 2023. Check site will help you configure your DNS authorizations that are the leading cause of email problems – check your stuff! The NOC is more of a canary in the land mine, stay on top of it to know when there are issues and how to work around them if your provider/server/network is having issues.
Thank you for trusting us with your email, we’re working hard to keep you secure and keep you running when issues pop up.
Passwordless Login – Lower support, better profits
ExchangeDefender Passwordless Login is a new feature that lets users get into their ExchangeDefender account easier and faster. Instead of logging in and tracking passwords, the user just enters their email address and the OTP code we send there – and they get access to all their ExchangeDefender services.
The Passwordless Login feature will drive down the support costs because that was the major issue our clients found in supporting login and authentication problems. We even joked that you may have answered your last login problem email. We now have more data and feedback indicating that this feature is a hit:
In practical terms, wider adoption of this feature means less support work for login and authentication. The fact that it’s more popular than password reset on launch means the users have already seen this feature elsewhere and trust it as a secure way to get into their account.
We’ve also heard from our technical and compliance audience: “It allowed us to finally take you up on an automated password expiration knowing that it will keep our passwords secure and users wouldn’t notice.“
The value we provide to our clients is in the ability to securely email, send secure encrypted messages, and continue emailing when there are IT issues. By making it easier for our users to get to these features everyone benefits.
Thank you for your business and for trusting us to protect your email.
ExchangeDefender Goes Passwordless for Admin Login: Zero Issues, Skyrocketing Adoption Rate!
ExchangeDefender launched Passwordless Logins and we’re happy to report that there have been zero issues and the adoption rate is already through the roof. Unsurprisingly, login/password/security management was identified as the #3 biggest support issue in our town hall meetings with service providers.
As a part of our 2023 initiative to build the best email security platform, we’ve been looking at innovations in the software industry outside of the security space. Launching an authenticated session by sending an OTP code via email and SMS has quickly become a popular authentication method at primary online services. As a technical implementation, this is no different than a password reset link process we’ve used for decades – you click on a link, you’re emailed a secret token that authenticates you, your new session starts and that’s it.
It’s just a lot more user-friendly and allows the user to tap through instead of sifting through applications and tracking credentials. Passwordless login will significantly lower your support costs — today may be the last ticket about a login or password problem!
Of course, we strongly recommend rolling out MFA on every ExchangeDefender account. The other change we’ve made in 2023 is a move to a role-based administration in ExchangeDefender: instead of sharing a domain or sp login you’ll grant users in your org access to domain or sp admin (see www.exchangedefender.com/docs/sp) and they’ll be able to elevate privileges as necessary.
Thank you for embracing all the cool new stuff we build to make your day online safer. Our goal this year is to make secure services convenient and passwordless login is a part of that commitment.
Unlock Your Admin Portal with Ease: Introducing Passwordless Login
On Thursday, May 18th, the login experience at ExchangeDefender will change. Everything still works the same way as before and the new features will not affect user login: you’ll still go to https://admin.exchangedefender.com and type in your email & password to log in.
Below the main login block, you will see the new Advanced Login block featuring Passwordless and Administrator login features.
Passwordless – Tap this if you forgot your password and don’t want to set a new one. We’ll email you a code (for account verification) and when you type it in you’re good for the next 30 days.
Administrator – Tap this to log in to the management console for ExchangeDefender – Domain Admin and Service Provider. It’s safer & smarter to use user->domain, and service provider escalation and this is a more convenient way for smaller organizations.
Social and app authenticator login buttons are on the bottom and we now support all the TOTP app authenticators and encourage you to lock your accounts down.
Protect Your Privacy with Disposable Tracking Emails
Do you ever wonder who is selling your email address to marketing companies? Or do you ever sign up for services and sites while checking things out but don’t want to end up on every email they send until the end of time? Gave your email address for a 10% off discount? Used it with a sketchy parking lot?
We’ve all been there.
Wouldn’t it be nice to be able to come up with an address on a whim? I’m at Subway and they want my email:
“Yeah, that’s subway+vlad@exchangedefender.com“
ExchangeDefender now let’s you do this on a whim there is nothing to set up. Just add any tag+ to the front of your email address and that’s it. Yep, any text you can imagine. Tie it to a specific search like pi+orders+vlad@exchangedefender.com so you can create an Inbox filter rule and potentially automation based on the address alone.
Message is still subject to your security policies so if it’s safe it will come right to your inbox.
Yeah but how do I unsubscribe?
You can do the traditional click & pray that the unsubscribe site is 1) up and 2) works.
The cool thing about tracking emails is that they are integrated in admin.exchangedefender.com and you can see a report similar to the daily quarantine report. Here you can see who is sending messages to which disposable address.
ExchangeDefender shows you where the sender got your email address from and where your data may have been compromised or sold.
You have even more flexibility with the address. If you’re starting to get a lot of abuse at the address, just click on the <b>Stop</b> button and we’ll bounce any email sent to that address tag+ address.
Changed your mind? Hit play and the address will be reactivated as usual.
Inbox, your company email’s emergency plan
We just released a brand new email solution called ExchangeDefender Inbox. You may have seen the beta floating around. It’s official, the commercial product is here and we are absolutely delighted. Inbox is the result of a decades of email issues, and security mishaps.
It is a hybrid of both a standalone email and security all in one. That’s right, you can access your email, and your ExchangeDefender security all in a single pane.
Inbox, what is it?
ExchangeDefender Inbox is a modern and secure email platform that helps you work when your email stops working. It is a safe alternative to your Outlook and Gmail platforms. Inbox is meant to rescue you when your (primary) email goes down. It is your email’s backup plan when things go terribly wrong like email outages, technical difficulties, email delivery issues and so much more!
How does it work?
Inbox takes your email and actively makes copies of it. When email passes through ExchangeDefender, it makes it possible for you to access recent messages in real-time. It is a very cool feature because it works independently of your email hosting. So, if your Outlook goes down, you can simply login to your Inbox to send and receive email while experiencing service outages.
What can Inbox do?
I am so glad that you asked. It has so many features but here are the most noteworthy: you can send and receive email,
you can send secure encrypted messages, and you can bypass any security policy with Bypass. Imagine combining your email and security together for a safe, stress-free email experience!
ExchangeDefender Inbox is unlike any solution on the market. It is an enterprise-grade email continuity solution that saves the day when your email is down, or unreliable. Inbox is flexible in the sense that it has the ability to work as a standalone email, as well as with most email platforms like Outlook, Gmail, and Yahoo.
ExchangeDefender Passwordless Logins
ExchangeDefender is pleased to announce the addition of passwordless logins. This convenient authentication method has become an industry standard and we’re implementing it at the request of many of our clients.
The problem: “I don’t know what it is, I don’t know what my password is!” OK. Reset password. Wait for the email. Pick a new password. A more complex password. One that you’ll forget as soon as you log in. We’ve all been there.
In our May update, you will see another login option under the default sign-in, allowing you to sign in with email. It’s as simple as it sounds, type in your email address and we’ll email you a magic link (with an OTP code) that you can use to log in to your account without your password. It’s that simple.
The session will stay logged in for a month so as long as you’re on the same computer/mobile you won’t have to worry about tracking passwords with ExchangeDefender.
PS. This means anyone with access to your mailbox will have access to ExchangeDefender as well – so for those of you that value security over convenience we’ve also added a domain-level policy that can disable this feature.
We should talk…
ExchangeDefender is aggressively adding features and growing the security footprint and we understand that IT staff is already spread thin enough – so if you’re tight on time or security expertise we are able to help by reviewing, applying, and configuring your mail flow so users get fewer interruptions while getting the latest and best-tuned security service for email.
Service Provider Dude, where is my SPAM?
ExchangeDefender is the ultimate cybersecurity wrapper for an organization and we already discussed how Users and Domain Admins can locate messages ExchangeDefender was configured to keep out of the mailbox.
ExchangeDefender users have a beautiful and powerful way to access their quarantined mail and work around email problems, domain admins have flexible settings, policies and access to the logs to keep the organization protected. So what do ExchangeDefender Service Providers have that others don’t?
ExchangeDefender Service Provider access enables you to do deep troubleshooting and emergency “incident response” activities. Service Provider login is the highest level of control in ExchangeDefender so you have access to all the data that ExchangeDefender has.
Accessing Logs
ExchangeDefender Service Provider access gives you access to the centralized log facility where you can locate any message ExchangeDefender has processed from a central pane of glass.
You can download any search results as a CSV file that can be better visualized and analyzed in a spreadsheet and reporting tool of your choice. This is particularly useful when you don’t know the sender or are searching for an automated sender with a fake tracing email address.
Our partners frequently rely on this facility to troubleshoot for missing messages.
Downloading Raw Logs
ExchangeDefender Service Providers also have access to raw SMTP Mail Logs which give our partners direct access to low level SMTP transactions and error logs. It’s located in the same location as log search.
Service Providers rely on these logs as the ultimate source of truth regarding the traffic for the ExchangeDefender protected domain. This is a fantastic tool if you’re looking for intermittent delivery errors or policy violations or just have a very specific email or server you’re looking for.
Logs will get pulled from all our services and will be available for download within 24 hours. Don’t let the boilerplate distract you, almost all of our clients will get their logs within the hour. From there you can load the logs into your favorite analytics tool and dig for the errors and problems in the mail flow.
To sum it up
ExchangeDefender can help you account for every message going in and out of your organization. While users have a powerful and beautiful way to access their quarantined mail or continue where they left off during an outage or email problem, domain admins and service providers have far more access to the logs so they can troubleshoot around different settings and policies.