ExchangeDefender as an SMTP proxy will scan and deliver any email targeted at a protected domain. Even though we sanitize each message and do not permit dangerous content through, if the email address does not exist on the clients server, the message will bounce to the sender. Now, imagine that sender doesn\u2019t have an SPF\/DMARC, and imagine that the address itself is spoofed \u2013 now send that message a few thousand times and an attacker can destroy a mailbox simply by overloading with non-delivery receipts and bounce messages. <\/p>\n
Why this happened in the first place<\/strong><\/p>\n Bad automation. It happens, and when it happens on a scale of ExchangeDefender, it creates an issue. So to minimize complaints, we just stopped actively enforcing address book validation. To those of you protecting servers on networks outside of ExchangeDefender\u2019s control (think Google, Office 365, etc) the management and addition of new addresses will become automatic. Here is a peak at our new support portal. It should make a lot of you very happy.<\/p>\n Figure 1:<\/strong> Service Manager.<\/em> Instead of having a ton of accounts in the listing, everything is now logically grouped by a Company. This way whenever you go to manage one client you only see the users belonging to that client and any addition or modification will pull pricing, configuration and meta data from that organization\u2019s settings. This should virtually eliminate mistakes, billing issues and configuration problems.<\/p>\n <\/p>\n![\"screen1\"](\"http:\/\/www.exchangedefender.com\/blog\/wp-content\/uploads\/2018\/02\/screen1.png\" "\\"screen1\\"")
<\/a><\/p>\n