ExchangeDefender Admin Portal gives organization (domain) administrators central access to all policies, logs, configurations, service subscriptions, branding, and user management. From this secure site, accessible via desktop and mobile, you can manage email security for your entire organization and customize it to fit your specific needs. The login credentials or password reset link will be sent to you by your IT department and you can access all services here:
Navigating around ExchangeDefender's User Interface (UI) is simple, with a tool bar across the top for most common tasks, and management sections (links) on the left. The rest of the UI contains the main functionality for whichever section you're currently managing. Almost all pages will also have a tabbed interface for additional settings, ability to export the current view into a csv/pdf, and search/paging functions. When you are in sections that require your full attention and you want them to take up most of the screen (for going through SPAM messages, auditing access logs, etc) you can also click on the << icon next to shrink all the navigation and menu displays and focus on the content of the section you are working on. Almost all pages will also have a tabbed interface for additional settings, ability to export the current view into a csv/pdf, and search/paging functions.
ExchangeDefender organization administrators manage all user accounts from a single interface available from the Accounts tab. Across the top you will see tabs for Domain Accounts, Blocked Accounts, and IoT Accounts .
Domain Accounts - All the accounts and email aliases associated with the members of your organization, as well as all the aliases (for additional email addresses the user manages, for vanity purposes, and for public folders / shared mailboxes, etc)
Blocked Accounts - Accounts and email addresses that are not meant to be protected by ExchangeDefender.
IoT Accounts - Machine / system accounts for Internet of Things devices to send alerts or notifications (printers, copiers, thermostats, sensors, etc).
To protect another user, click on +Add New Account. All users are listed below and the form supports multi-select, enabling administrators to apply the same action to multiple accounts (i.e. mass password reset)
All email accounts within your organization are listed here. You can search for individual addresses or filter your view by domain (by default all are displayed). The main email address is at the top of each account (MAIN) and you can use Quick edit to quickly modify SPAM and SureSPAM policies. Additional options are available under the Actions menu:
ExchangeDefender enables organizations to connect their IoT (Internet of Things) devices to the Internet and enable email functionality. These devices range from printers, copiers, alarms, sensors, and even third-party services that generate alerts and require a local SMTP server. Since most organizations no longer have SMTP servers, ExchangeDefender provides a free SMTP gateway. In order to add a new IoT account click on +ADD NEW IOT ACCOUNT.
ExchangeDefender strongly encourages domain / organization administrators to create an IoT account for every device or service on the network. If one of the devices or services gets compromised (common IoT issue) they will have free access to relay mail and ExchangeDefender aggressively shuts down abuse. Because IoT devices tend to have complex configuration processes, changing the password on multiple devices should be avoided at all cost by setting up an account for each device. For this reason alone, ExchangeDefender IoT accounts are free of charge.
ExchangeDefender IoT devices are required to relay through the following server: outbound-auth.exchangedefender.com which is load balanced across multiple data centers for redundancy. If your ISP allows you to use port 25 (even most business connection ISPs require special permission) you can use port 25 with TLS/SSL. If you cannot use port 25, please try port 2525.
ExchangeDefender Settings for Domain Administrators is used to manage security and account settings for the Domain Administrator (ie: exchangedefender.com) account only. Region enables you to configure your language and time zone (which is used as a basis to show timestamps everywhere in the portal as well as determine when to send SPAM Quarantine reports)
Domain Administrator password should be changed every 90 days and complexity requirements are in place. ExchangeDefender also recommends providing an alternate email address in the event that you forget your password and need to gain access.
One Time Password (OTP) and two factor authentication (2FA) can be managed from this screen and we strongly recommend using a mobile phone as an additional authentication device.
Secure IP Range feature enables organizations with advanced security policies to restrict access to ExchangeDefender to specific IP ranges. Furthermore, you can request an email notification whenever a login is attempted from an IP address outside of your authorized range.
Trusted Devices enables ExchangeDefender to remember and trust known devices. You can request an email notification whenever a new device accesses the Domain Administrator section of the portal.
ExchangeDefender SPAM Admin section is intended for email administrators that are in charge of managing and releasing SPAM messages on behalf of the other users in an organization. Some smaller organizations (typically law, medical, construction) designate a person on staff that is responsible for releasing SPAM messages and infected files on behalf of other employees.
ExchangeDefender uses the same controls and management for SPAM Admin that every user is already familiar with from the user SPAM quarantine management. SPAM Admin can search, restrict the SPAM listing by domain, sender, recipient, and subject to make it easy to find specific messages you are expecting.
ExchangeDefender Quarantine Search is essentially the ExchangeDefender SPAM Quarantine Report for the entire organization. Domain administrators may use this form to locate any piece of junk mail quarantined for the entire organization and quickly act on it. Just select any message (or multiple messages) and additional buttons will enable you to:
To quickly Release, allowlist, or review a message you can click on one of the shortcut icons next to the Subject. Clicking on the subject will load the message and give you options to Release, Print, and allowlist (add to Trusted Senders).
ExchangeDefender enables domain / organization administrators to access infected file quarantines on behalf of users. If one of ExchangeDefender's many antivirus engines detects a threat, it is quarantined or saved on our network and the user is sent a notice that one of the dangerous attachments has been removed with a tracking id. Administrators can use the search to locate the message and get the download link.
Email link to option gives domain administrators to send the attachment download link via email to the user or to another party that can review it. The email simply contains the message information and the link to download the attachment.
ExchangeDefender enables organizations to extend their branding to the ExchangeDefender portal, and to standardize their corporate email signature or disclaimer on all outbound messages. This is a global setting for all domains in the organization and every message coming from the domain will be signed with the text and HTML markup provided here.
By enabling Domain Branding you can upload the logo that will be displayed on the Domain Admin and User sections of the portal (instead of ExchangeDefender, MSP, or reseller branding). Main background & accent color can also be personalized.
ExchangeDefender Domain Admin portal offers rich customization and security enforcement policies. Everything regarding how ExchangeDefender works for your organization is here.
Mail Delivery section enables you to set mail flow policies:
ExchangeDefender Mail Delivery policies determine how ExchangeDefender routes your email.
Our on-premises mail server (static IP address) - If you choose this option you will be prompted for the IP address of your mail server. This must be a static IP address (ExchangeDefender can work with dynamic ranges, but it is unsupported and will result in mail loss).
Office 365, Gmail, or multihomed MX record (3rd party MX record) - If you choose this option you will be prompted for the MX record given to you by the 3rd party email provider. If you have multiple records either provide just the top one, or contact us about your DNS options to support multiple MX records.
ExchangeDefender can also relay outbound mail on behalf of your organization. You can provide up to 2 IP addresses that we will authorize to relay mail for your organization through our outbound mail infrastructure at outbound.exchangedefender.com.
ExchangeDefender LiveArchive server for your organization.
ExchangeDefender enables you to disable and enable additional services.
ExchangeDefender Phishing Options enable Domain Administrators to configure security policies that protect users from identity theft.
Phishing Protection - Configuration for ExchangeDefender Phishing Firewall. Disabling this feature requires a legal waiver as this policy forces us to deliver content we know is dangerous and exposes ExchangeDefender to legal liability if such dangerous content reaches your network.
SureSPAM Block My Domain Spoofing -Enabling this policy will flag all outbound mail from your domain as SureSPAM. Since all of your domains mail is local, or coming from a known authorized relay source, ExchangeDefender will categorize mail using your domain as SureSPAM when it comes from an unknown third party server. This feature is meant for organizations that cannot establish an SPF record.
ExchangeDefender Office Macro Protection - Enabling this policy will subject Microsoft OLE code to additional screening and warnings. Options for Office OLE protection are as follows:
Subscription (Newsletter) Bomb Protection - Enabling this policy will make ExchangeDefender more aggressive in stopping known bulk-precedence SPAM and mailing list providers. Options for newsletter bomb protection are as follows and encouraged only as a temporary measure when you're experiencing an attack:
Flag External Emails - Enabling this policy will add [EXTERNAL] to the subject of every message that is received from outside of your organization. This policy can help protect organizations by clearly marking external messages so users do not accidentally open forged/spoofed messages from themselves or other members of your organization.
ExchangeDefender allows you to disable industry standard security protocols if you are having issues sending or receiving certain types of messages. We strongly discourage you from disabling these features, and we offer these policies as a workaround.
Disable TLS- Disables a requirement for TLS messages, and enables your domain to send messages to hosts that do not have a valid SSL certificate.
WARNING: Enabling this setting allows ExchangeDefender to send email to the remote server without encryption, which might compromise your regulatory compliance requirement.
Disable Message Integrity Warning - Disables removal of suspicious attachments specifically designed to crash Microsoft Outlook.
Report Options - ExchangeDefender Pro allows users to receive up to two daily SPAM reports that contain a list of messages that ExchangeDefender quarantined as SPAM or SureSPAM. From that email report users can quickly see all the SPAM ExchangeDefender has caught and can whitelist or release the message just by clicking on a link in the email.
Report Contents - The following settings determine if we sent the SPAM report and what sort of information it contains. For clients with lots of aliases it's best to select Report quarantines only for email addresses that have SPAM in them.
ExchangeDefender SPAM Reporting (Feedback Loop) is a simple way for users to report SPAM messages that get delivered to their Inbox. This is a user-level feature in ExchangeDefender that inserts a link at the bottom of each processed email and gives users one-click reporting and blacklist management. Service providers and domain administrators can customize the appearance of the link that is automatically inserted at the bottom of the message.
How to access the Feedback Loop Feature
Login as the domain administrator And click on Mail Delivery > SPAM Feedback Loop. Click on Enable Feedback Loop Feature, make any optional additions to the signature, and click Save.
How to enable Feedback loop Reporting for Users
Once the feature has been enabled for the domain, Users will get a new feature in their Settings. Click on Settings > Settings > and click on the SPAM Feedback Loop to enable signatures for email addresses associated with this user.
The signature you designed on the Domain admin level will appear at the bottom of every HTML/text message that arrives in your Inbox. When the users click on the link it will open a web browser and take them to their ExchangeDefender account (if they are not logged in, they will see the login screen).
Once authenticated, the user can review the message, confirm that's something they don't want to see again, and we'll look into it and make sure messages similar to the one they are reporting is not delivered to the Inbox.
Users also have an option of providing feedback, uploading a copy of .msg file, as well as a checkbox that will automatically place the sender domain on a blacklist.
ExchangeDefender supports SPF and Domain Keys/DKIM infrastructure to help minimize phishing and fraud. If you only use ExchangeDefender to relay outbound mail, you would use the SPF record provided here. If you use other mail services to relay/send mail, they need to be a part of the SPF record. If you need any assistance with the SPF records, please contact your Domain Administrator and DNS admin, ExchangeDefender does not manage your DNS (SPF records).
ExchangeDefender enables domain administrators to create a complex attachment handling policy. Whether you want to explicitly allow or deny certain attachments, you can do so from this screen. To add new attachment policies please click on +Add New.
ExchangeDefender Attachment Policy engine will allow the message containing prohibited attachments to pass through to the recipient, but the attachment will be replaced with a warning explaining why the attachment was stripped. If the attachment is absolutely necessary, Domain Administrators have the ability to retrieve attachments and infected files.
ExchangeDefender features a comprehensive Corporate Encryption service, but if you aren't subscribing to it yet you can still rely on ExchangeDefender to encrypt sensitive information free of charge. This section allows you to create Encryption Policies so that messages that match the From/To rule will always be encrypted by ExchangeDefender.
Domain Administrators also have the ability to reset the Corporate Encryption account of their recipient if they forget their login credentials for https://encryption.exchangedefender.com.
ExchangeDefender Domain Administrators can create domain-wide organization allow and block lists policies that users cannot override or change. If your organization explicitly trusts or bans communication from some companies, you can define their domains and addresses here and they will either bypass or trigger SPAM protection.
ExchangeDefender also enables you to upload files with the list of allowed or blocked domains instead of typing each domain at a time. Just create a csv file in Microsoft Excel (or your choice of spreadsheet) and provide a domain, email address, or subdomain one entry per line.
ExchangeDefender Advanced Features includes policies that are designed for the advanced ExchangeDefender admins who need a powerful policy to allow or block very specific types of email traffic. Because these features require special consideration, testing, and implementation there is no technical support for them offered by ExchangeDefender.
ExchangeDefender allows domain administrators to retrieve infected attachments on behalf of users. Enabling this policy allows users to retrieve infected attachments through their account at https://admin.exchangedefender.com . ExchangeDefender recommends disabling this policy (off by default) because infected attachments should only be accessed by trained IT staff in a sandbox environment. Allow users to retrieve infected attachments (self service)
ExchangeDefender enforces Allow Policies based on the envelope-sender From: address, which is the address the email actually comes from. This address has to comply with SPF, DKIM, DMARC and other standards and is difficult to forge. End user applications (Outlook, Gmail, Thunderbird, etc) show the more friendly "Display From:" address which can easily be forged and is frequently forged by automated mail systems.
Difference between envelope-sender and Display From
Many automated email systems (AWS, MailGun, MailJet, MailChimp, Constant Contact) use a different envelope-sender and display-from email addresses:
1) envelope-sender address is a system generated random email address that is unique to each email the system sends, and if the message needs to be returned for any reason it will be returned to that address. This is the only address that must conform to SPF, DKIM, and DMARC security protocols and makes it nearly impossible to forge.
2) display-from address is a more friendly looking email address that is displayed by the email client (Outlook, Gmail, Thunderbird, etc) so the user knows which domain the message came from. It does not have to comply with SPF, DKIM, or DMARC and can be easily forged by anyone.
The problem arises when ExchangeDefender user attempts to create an Allow Policy because they always want to receive emails from email@example.com for example. Because the envelope-sender address is changed every time (to track every delivery issues) the only way to assure every email comes in is to create an Allow Policy for the whole sender domain.
ExchangeDefender From: Policy allows you to lower ExchangeDefender's security enforcement and allow it to consider display-from address (likely forged) when scanning for email. This is the default behavior of consumer email software (Outlook, Gmail) which is why clients often get compromised by phishing emails. However, we understand that there may be business requirements and additional security layers in place to minimize that so you can allow ExchangeDefender to work less securely by enabling this policy.
This policy enables ExchangeDefender to use Allow Policy with the potentially forged Display From: address (which will lower the security profile to that of M365/Gmail services).
ExchangeDefender can block specific character sets which is helpful when you want to block messages for clients that only communicate with locals. Please note this filter only works for legitimate mail, spammers tend to mask the actual character set.
ExchangeDefender enables you to better manage how mail from bulk (mass mailing) operations gets categorized. Due to the simplicity and lack of security enforcement of these networks (they get paid for every message sent) they carry both legitimate and dangerous content.
By default ExchangeDefender will Scan each message and categorize it as clean or SureSPAM based on the content. If you often receive messages from these networks that our scanning systems categorize as SPAM (due to their marketing content nature) you can enforce an Allow policy to make sure all messages from the network arrive in your inbox. If you would like to keep all messages away from your Inbox you can enforce a Block policy.
ExchangeDefender enables you to filter forged "From:" lines. Hackers often use a name familiar to the user, such as the CEO or members of the management, hoping that users will recognize the name and click on the message that contains dangerous content.
Display Name Block enables you to context-block messages from predefined display names and email addresses. ExchangeDefender will scan the incoming email from line (which typically looks like "From: Vlad Mazek <firstname.lastname@example.org>") and categorize the message as SureSPAM if the blocked name doesn't match the email address. Please note that this is a very aggressive SPAM filtering policy that will be applied every time a blocked name match is found.
ExchangeDefender Encryption can help your clients receive encrypted messages. This feature is helpful when your clients need to receive confidential materials securely but the sender does not have access to email encryption - they can simply go to a URL and send an email to you at any time (ex: https://encryption.exchangedefender.com/ownwebnow.com/vlad)
Allow ExchangeDefender Corporate Encryption subscribers to receive encrypted messages from unknown sender
ExchangeDefender Country Policy enables ExchangeDefender administrators to create country-specific routing policies and restrict access to their tenant/domain to specific countries. Simply type in the name or the tld of the country you wish to block and ExchangeDefender GeoIP will apply the policy on receipt and categorize mail from these countries as SureSPAM.
ExchangeDefender automatically categorizes messages from vanity gTLDs as SureSPAM and keeps them out of the mailbox. These vanity tlds are generally used for web sites and many registrars lack the reputation or publish domain registration details which makes them extremely attractive for hackers and spammers.
Any changes to this policy are applied within 1 hour of change.
Simply click on the top level domain category to get started.
To accept mail from the tld, clear the checkbox next to the tld or category.
To block the tld from emailing you, check the checkbox next to the tld or category.
As you manage your permissions keep this legend in mind:
[ ] Not selected, all tlds are allowed.
[ ] Purple - Some entries are selected
[ ] Green - All entries are selected.
[ ] Yellow - Some entries that were checked before are now allowed.
[ ] Orange - Some entries that were allowed before are now blocked.
[ ] Red - All entries that were previously blocked are now allowed.
ExchangeDefender Phishing Firewall supports allowed and blocked policies for URLs from trusted or banned domains. Whenever ExchangeDefender PF encounters a hyperlink in the email it rewrites it so that it is proxied through our firewall at https://r.xdref.com
Allowed domain names do not get rewritten, and the user will automatically be redirected to the target domain.
Blocked, or banned, domains will have the link deactivated and will be presented with a warning when they attempt to go to the site.
ExchangeDefender Logs features extensive logging and security audit tools that can help domain administrators track login activity for security and troubleshooting purposes. The security audit log can be done on a Domain basis or you can click on Users to show the security login by email address.
The Accounts Log shows all account/domain policy changes so changes can be audited and tracked. The screen will show you the activity, description, time of the activity, and the source IP address.
ExchangeDefender enables Domain Administrators and Service Providers to access low-level SMTP error logs. While email transaction logs ("Mail Logs", "SPAM Logs") provide all the details about message processing and delivery, Mail Fail (Error) logs provide errors ExchangeDefender issues to messages that are not accepted by our network.
ExcangeDefender usually rejects messages due to administrator policy configuration (your settings/routing), domain and geoIP settings, as well as protocol failures ranging from network issues to DNS authorization protocols (DKIM + SPF). When ExchangeDefender issues rejections all the data we have from the sender/mail server is available in this log.
ExchangeDefender offers a powerful search facility that can help locate messages if you know the sender/recipient. This screen gives you an easy way to identify potential issues and know exactly which messages are not getting through and why (so you can adjust your policies!)
Click on Download to download the entire fail log in the .csv format. This file can be opened using your spreadsheet or imported into another tool for better processing and analytics.
ExchangeDefender Phishing logs contain activity from ExchangeDefender Security Center (https://r.xdref.com) and give domain administrators access to URLs that were intercepted by the ExchangeDefender Phishing Firewall with either no or bad reputation.
This information is provided for security audit purposes and for tracking which sites may have lead to a security breach/compromise. Because dangerous malware distributed through phishing often results in destruction of a PC and/or network, ExchangeDefender as an external resource can help you determine which links may have been involved in distributing dangerous payload.