ExchangeDefender Tag

ExchangeDefender has recently enhanced our MFA features (multi-factor authentication) to help you enforce domain-level MFA compliance and to make it easier for users to be enrolled and protected by a layered authentication process automatically.

Simply put, we’re making it easier for you to keep everyone protected.

Today we are announcing ExchangeDefender MFA support for custom authenticator apps. By now everyone is familiar with our typical MFA functionality, available under your Settings at https://admin.exchangedefender.com. Just scan the QR code on your device and you’re set!

BUT WHAT IF YOUR DEVICE DOESN’T HAVE A CAMERA?

ExchangeDefender now supports MFA app enrollment using a QR code. This is great for scenarios in which:

– You don’t have a camera on your device
– The QR code doesn’t seem to scan (problems with the camera or monitor)
– You want to use a text-based MFA app
– You want to integrate PowerShell/no-code with MFA
– You want to share your MFA codes with others

If you’re in one of those scenarios, note the text under the QR code when you start the enrollment:

Click on the Can’t scan? Show code link and you’ll get the TOTP secret (aka secret code, MFA code). Paste it in your solution and paste back the 6 digit code it generates. That’s it, you’re done. MFA is now enforced and ExchangeDefender will rely on the codes generated by your app to validate MFA and grant access to your account.

All our features come from user feedback so if there is something we need to be doing to keep you more secure please let us know!

ExchangeDefender is giving users more power to lock down their valuable data. Now that ExchangeDefender handles business continuity and backups for M365/Gmail tenants there is even more information in ExchangeDefender that demands more flexibility with security policies. First, let’s talk about the upcoming feature that allows you to lock down your ExchangeDefender SPAM Quarantine Report activity.

Bit of background: ExchangeDefender Quarantine Reports are an immensely popular ExchangeDefender feature (coming up for an upgrade this spring btw!) that sends users a list of quarantined messages with a set schedule. Users tend to rarely look in Junk Items or review SPAM unless they are waiting for something so this is a cool feature that our users just love. Scroll down the list of quarantined messages and release or trust just by tapping the link. Super convenient, but does it meet your security requirements?

ExchangeDefender Quick Release feature now enables you to choose between convenience and a more secure release process. For many organizations, having the message released or get added to trusted senders with just a click is a huge time saver and user convenience. But if your Microsoft M365 / Gmail account gets compromised (which happens ALL the time) or you deploy a new security/business/CRM (mostly AI stuff) that scans links then this “convenience” can turn into an Inbox packed with SPAM messages that some hacker/service inadvertently released.

If this happens to you, know that ExchangeDefender can help with the “Secure Release” setting. By enforcing Secure Release, when the user clicks to release or trust a message they will be prompted to authenticate before they can release/trust the message. This way if you get hacked or install link scanning/crawling software in your tenant will not be able to access the messages without a password.


Now please, go setup your favorite authenticator app with ExchangeDefender MFA (next up, you can set it to be mandatory/required)

The new ExchangeDefender LiveArchive has been delighting our clients for months and we’ve got a surprise for you coming in February with a huge new feature pack we can’t wait to show you:

ExchangeDefender LiveArchive Web UI is the free, open-source, host-anywhere platform that will make it easy to access and perform eDiscovery tasks with your LiveArchive backups. Instead of just staring at a directory in S3, you can have a beautiful interface to quickly locate, view, and export messages. You can host it anywhere that offers container hosting or on your PC, you have the entire source code that’s free forever that you can customize and build on, and it’s free!

We’ve even rolled out similar user interface elements so that the experience will feel familiar to users of Microsoft M365 or Google Gmail:

During the launch webinar, we will go over the features, execute a full deployment so you can see how easy and quick the process is, and go over the security best practices. In less than an hour, you will have all the expertise needed to position, price, deploy, and manage the entire LiveArchive backup system.

On December 31st, our current version of LiveArchive will be decommissioned. Inbox, a business continuity solution we launched last year, has already taken the workload of LiveArchive and it does the job better, faster, with fewer clicks.

LiveArchive served our client base well for over a decade and we’re thankful for all the disasters it’s saved us and our clients from. Now that we’re looking at 2024 and beyond, LiveArchive must solve new problems. For starters, most email is no longer hosted on low-grade hardware in SMB offices managed by part-time hobbyist IT: It’s now professionally managed in high-end data centers. The primary concern is no longer “What if my T1 Internet connection goes down?”; “BACKUPS ARE OUR RESPONSIBILITY” and keeping all your eggs in one basket is never a good idea.

COVID and the work-from-home era have only exacerbated the problem of how quickly (if at all) you’ll get your email back when the disaster occurs. Cloud operators are vague in their data protection statements and there is no way to audit it. Backup tools and services similarly offer few guarantees and the supply chain attacks have only gotten more prominent.

New LiveArchive Migration Service

New LiveArchive is designed to help solve the 3 problems clients have with protecting cloud email:

1. We don’t have any room in our IT budget (and need to save $)
2. If we get compromised our backups will get cryptolocked too
3. We have to protect and backup our email

ExchangeDefender LiveArchive.next webinar on November 8th, 2023 covered exactly how the next version of LiveArchive is going to help you solve all of these problems.

Furthermore, we announced a LiveArchive Migration Service for our clients who wish to have the LiveArchive data ported to the new LiveArchive. Because LiveArchive is IMAP based we can pull existing LiveArchive data into the new version. We can use the same IMAP process to bring over mailboxes hosted on any other IMAP accessible (M365, Office365, Gmail, Exchange, and virtually every legacy email service).

In order to get your data migrated all you have to do is configure your new LiveArchive service and put your ticket request in by December 1st, 2023. We take care of everything else and to reward our loyal clients over the years the service will be provided free of charge (est $499 value).

Has it been a while since you last reviewed your email policies? Do you need to make sure that every user in your organization gets the same protection and the same service behavior and reporting?

We’ve taken some of our most popular features and wrapped them in a user-friendly wizard that will allow you to quickly configure ExchangeDefender. These settings establish the bare minimum configuration you need to reliably send and receive email on the Internet and instruct ExchageDefender how to sort your email.

Security Policy Overview

Our goal with the Security Policy wizard is to save time while configuring the major aspects of ExchangeDefender. While you still have access to hundreds of policies and can always configure new custom ones (as business requirements demand) it’s nice to know you can quickly adjust the features and make sure they apply to everyone in the organization.

You’ll be able to teach ExchangeDefender how to categorize mail, how long to keep it, and how to report it. Basic SPAM, malware, phishing, and address enforcement policies can be configured in seconds.

We’ve also added some of the settings that are exclusive to ExchangeDefender (From: policy enforcement) and some that always give IT teams trouble (DNS, DKIM + SPF records). The goal was to present all the required and support-intensive features in a friendly way so you can protect your network without knowing the details of the latest standards and security best practices.

Default Security Policy will automatically display the first time you log in as a Domain Administrator. It will load your current settings into the policy and allow you to review it or apply it to all the users in the domain. All the settings are still in their normal places so you can fine-tune your protection and features (https://www.exchangedefender.com/docs >remember the docs).

We hope this new wizard saves you time and gives you peace of mind that your protection is configured correctly.

Watch the full webinar episode >> Click here!

In a dynamic and informative session, our recent webinar shed light on the latest advancements in email management and security. Hosted on August 16th, participants gained a comprehensive understanding of key features and innovations that are set to reshape the way we interact with our email systems. Here’s a recap of the highlights from this engaging event:

1. Seamless Integration: LiveArchive Meets Inbox

A major focal point of the webinar was the integration of LiveArchive, our innovative business continuity solution, directly into the Inbox interface. This strategic move not only enhances user experience but also provides a streamlined pathway to essential features, ensuring business continuity even in the face of disruptions.

2. Long-Term Archiving Redefined: Introducing LiveArchive

Anticipation filled the virtual room as LiveArchive’s impending launch as a long-term archiving service was unveiled. Participants were introduced to this game-changing solution, designed to preserve crucial data over extended periods, elevating archiving capabilities to new heights.

3. Empowerment through Insights: Quarantine Email Reports
The introduction of Quarantine Email Reports was met with excitement. Attendees discovered how this addition empowers users with deeper insights into email management and security, enabling more informed decisions and improved communication management.

4. Crafting Policies with Precision: Enhanced Policy Creation

One of the webinar’s hands-on segments demonstrated the process of crafting allow policies for domains such as @xdreports.com and @xddiagnostics.com. This procedure showcased the delicate balance between streamlined communication and robust security measures.

5. File Sharing Made Effortless: WEBSHARE for Large Attachments

Participants were introduced to the upgraded support for large attachments through the WEBSHARE feature. This enhancement offers a more efficient and seamless method for sharing files within the platform, simplifying collaboration without compromising on security.

6. Simplified Security Configuration: Default Domain Security Policy Wizard

Navigating the complexities of security policies became a breeze as we explored the Default Domain Security Policy Wizard. Attendees gained a firsthand experience of how this user-friendly tool streamlines the configuration of essential security policies, ensuring a safer digital environment.

7. Unveiling Loopback Services: Insights and Applications

A deep dive into Loopback Services rounded off the webinar. From roundtrip latency testing to policy enforcement and delivery testing, participants gained insight into these multi-faceted services. Moreover, the critical role they play in phishing education and attack simulation highlighted their value in fortifying cybersecurity defenses.

In closing, the webinar provided an illuminating exploration of the evolving landscape of email management and security. Participants departed armed with knowledge and insights that will shape their strategies for more effective communication and enhanced protection. We extend our gratitude to all attendees for their active engagement and look forward to continually revolutionizing the way we interact with our digital communication systems.

ExchangeDefender will be discontinuing the current LiveArchive service on December 31, 2023. LiveArchive is being replaced by a new service in Q4 2023 (Oct-Dec 2023).

ExchangeDefender Inbox will be providing the business continuity aspect of LiveArchive. Inbox will give our clients the ability to send and receive emails in real time from the web interface during any outage or service issue.

ExchangeDefender Inbox has been in production for over a year with great customer feedback and partner sales success – clients love it because it’s fast, efficient, and simple to use (conveniently available at admin alongside their SPAM quarantine, bypass, virtual email addresses, and recurring email)

LiveArchive product had a great run for over a decade and numerous releases but it suffered in the SMB/MSP space because users only became aware of it when things blew up. Some faced issues with credentials, access, different UI were only compounded by the technical challenges. Furthermore, most of our partners relied on the product as the backup service and we’ve executed many projects helping our partners export their client’s email as a means of Exchange recovery.

LiveArchive has been used more as a live backup and data recovery service than a business continuity solution (note: NOT the case with Inbox, convenient access and ease of use has many users relying on it as their primary email)

Over the years the business recovery and email archiving projects we’ve helped our partners perform have inspired us to give LiveArchive new life as a reimagined email failover solution that addresses the technical and cybersecurity issues of the current decade!

I’d like to wrap this up with some good news Yes, you will still have access to over a year of inbound/outbound email. Yes, it will still be FREE and included in the upcoming release which will be announced on September 1st, and remain included in ExchangeDefender free of charge (hint: start learning about Amazon S3 or Minio S3) Another bit of good news is that we’re not about to raise prices either, this new feature set is free to our partners who want to implement their own archiving or backup process.


As the throwback to the Victorian era implies, ExchangeDefender looks forward to providing your protection and prosperity. From September to November of 2023 we will be launching a ton of new features and we want to invite you to a webinar that will explain all the details you need to know:

To register for the webinar, click the banner or click here!

The pricing will not change but you’ll get many new features and security settings.

We are responding to the demands and problems our clients face every day exchanging information across the Internet securely.

What worked a decade or two ago, heck even a week or two ago in some cases, is no longer adequate. That’s what you pay us for and the primary value we provide – keeping new exploits and attacks on your technology away from your server/cloud/tenant.

To get the same level of protection and monitoring you’d need a dedicated cybersecurity team for even the smallest of organizations – and we’re taking big steps to simplify that process and give you the ability to control your security without having to deal with every little detail.

We’re excited and hope you get a chance to join us for this webinar – we promise it will save you a ton of time and get you ahead of what will be a very busy quarter.

One of the most common complaints we get from our clients has to do with allow/whitelist policies and to make the long story short this happens because of the way your service provider configured ExchangeDefender. The long story, technical background, and best practices are outlined at https://www.exchangedefender.com/docs/whitelist. It usually sounds like this:

“I keep whitelisting this email address that sends me my OTP password / password reminder / login code / transaction confirmation / newsletter and they keep on ending up in SPAM!”

This happens for clients that configure ExchangeDefender to block email forgeries and spoofing.

You see, the email address that is showing up in ExchangeDefender and your Outlook/Gmail is not the actual email address that the message was sent from. Large volume emails (OTP, password reminders, notifications) are not sent by humans, they are computer generated and there is a random email address for every notification they sent out (so when/if it bounces they can track it).

These automated email addresses tend to have a long randomly generated identifier in them and generally look like this:

010001890676a389-ee862f60-d7ea-4ba1-a113-f16935e2afeb-000000@amazonses.com

But in your Outlook/Gmail the spoofed/faked email appears to have come from DoNotReply@someotpsite.cz which has the domain you trust and attempt to allow/whitelist. If you pull up the SMTP headers from the quarantined email you can see this email address in the envelope-from field:

Received: from inbound10.exchangedefender.com (65.99.255.114) by
 owa.exchangedefenderdemo.com (10.10.10.5) with Microsoft SMTP Server (TLS) id 14.3.498.0;
 Thu, 29 Jun 2023 05:23:03 -0400
Received-SPF: pass (inbound10.exchangedefender.com: domain of 010001890675c389-ee862f60-d7ea-4ba1-a113-f16935e2afeb-000000@amazonses.com designates 54.240.77.69 as permitted sender) receiver=inbound10.exchangedefender.com; client-ip=54.240.77.69; helo=a77-69.smtp-out.amazonses.com; envelope-from=010001890676a389-ee862f60-d7ea-4ba1-a113-f16935e2afeb-000000@amazonses.com; x-software=ExchangeDefender SPF;
Authentication-Results: inbound10.exchangedefender.com; dmarc=pass (p=quarantine dis=none) header.from=someotpsite.cz
Authentication-Results: inbound10.exchangedefender.com;
 dkim=pass (1024-bit key) header.d=someotpsite.cz header.i=@someotpsite.cz header.b=”QPv3HP79″;
 dkim=pass (1024-bit key) header.d=amazonses.com header.i=@amazonses.com header.b=”MsX8RGl7″
Received: from a77-69.smtp-out.amazonses.com (a77-69.smtp-out.amazonses.com
 [54.240.77.69]) by inbound10.exchangedefender.com (8.14.7/8.14.7) with ESMTP
 id 35T9M86a030204
<demo@exchangedefenderdemo.com>; Thu, 29 Jun 2023 05:22:09 -0400
From: <DoNotReply@someotpsite.cz>
To: <demo@exchangedefenderdemo.com>
Subject: ConnectWise Manage Security Code

Solving this issue requires your ExchangeDefender admin to decide how permissive they want to be of email forgeries and fakes. ExchangeDefender provides two ways to manage this in the ExchangeDefender Domain Admin app at https://admin.exchangedefender.com (see documentation)

Option 1: Allow email from the bulk email network

ExchangeDefender enables you to automatically pass through messages coming from specific bulk/spam mail providers. It’s located at https://admin.exchangedefender.com under Advanced Features > Bulk Mailer Policy:

In our example SMTP header the message came from AmazonSES so if you change the policy from Scan to Allow, ExchangeDefender will simply deliver these messages to your mailbox without quarantining it as a forgery/spoof (which it is).

Option 2: Choose a relaxed From: policy

This is a less secure option that will allow forgeries and effectively lowers your security level to that of M365/Office365 – and we strongly discourage you from doing that. However, if the client requires it you can get it done under Advanced Features > From: Policy:

Summary

If you’re seeing notification emails in your SPAM quarantine even though you’ve trusted the sender repeatedly, it’s doing so because the message is being spoofed and your admin has configured ExchangeDefender to block that activity. You can relax the security restrictions by choosing to either allow the bulk mail network or you can build your trust rules on the less-secure From: address.

Our team is always here to help but they aren’t allowed to guess without seeing the SMTP headers first – so if you ever run into an issue that you’d like us to take a look at grab the headers and provide them at https://support.exchangedefender.com and we’ll advise from there.

We often get asked, “My email never got to the recipient or it ended up in their Junk/SPAM, how can I fix that?”

There are some MUST and some nice-to-have modifications you need to make to your organization and mail client (Outlook) to give your email the best chance of getting to your Inbox.

Your first step should be to look at Mail Log and Mail Error Log guide. These facilities will show you the actual error (or acceptance/message tracking you can provide to the recipient to determine the issue).

Must Haves
———-
The following features are required if you intend to send an email
on the Internet in 2023 and beyond:

1. SPF Record

You should deploy a restrictive SPF record that only includes organizations you send mail from. Make sure it ends in -all. This prevents spoofing.


2. DKIM Record

You should deploy a DKIM record, this indicates the message went through the appropriate network and has not been tampered with.


3. DMARC Record

You should deploy a DMARC record and review any rejections/problems. This is “a canary in the coal mine” that will alert you when there is an issue.


4. No External Forwards

You need to disable/remove external mail forwarding (user@ your domain forwarding mail to someone@gmail.com) and close any open relays/issues and any autoresponders/bouncers.

Nice to have
————
The following features are nice to have and will help you improve delivery.
This is a lot for smaller providers but it’s something we offer to our managed clients.

1. Separate marketing domain

DO NOT use your domain at Constant Contact, Mailchimp, etc, and also with your M365/Gmail services. Most email security providers will identify and treat the entire domain as bulk mail. Create a separate marketing/alerting domain if you send automated emails.

2. Simplify your email

Remove disclaimers, signature pictures, tracking pixels, and signature providers – if your email looks like a website it’s going to Junk. This is the least popular suggestion but if you want your email to get there drop the links and pictures.

3. Trim the thread

When replying or forwarding, delete all but the last part of the message. Each image, icon, and embedded element in the message increases the count and the likelihood that your message is SPAM.

4. No large pictures

All email security solutions look at the % of the message that is image vs. text. If you send a oneliner with a large image, it might end up in junk.

Lastly, simply ask your frequent contacts to add you to their allowed/trusted senders. This helps bypass any errors or problems with email security (which do happen!) on the receiving side but it does take some effort. When we sign up someone new they get a separate plain-text email asking them to either add the sender to allow list or forward the request to their admin (allow 174.136.31.16/28 and 207.210.228.192/28)

If none of this works, you have something that no other email provider
features – https://bypass.exchangedefender.com – try it today, helps with email
sending and receiving problems.