ExchangeDefender Encryption is an email, web, and SMS messaging platform designed to make sending secure messages easy and accountable. ExchangeDefender Encryption is a secure, encrypted, web-driven interface that allows users from different organizations to exchange messages securely with various degrees of privacy and security. With various industries establishing regulatory compliance requirements on how secure and personally identifiable information should be stored and transferred, ExchangeDefender offers an all-in-one encryption solution that is capable of scaling and fitting business security requirements without inconveniencing the user.
ExchangeDefender Encryption is very easy to use and requires no software installation or complicated / antiquated technology – “sending an encrypted email is as simple as putting [ENCRYPT] in the subject” and our system makes sure that nobody can intercept and read your message except the intended recipient. Corporate encryption policies automate the process of email encryption based on message contents (via pattern recognition and encryption lexicons), send/recipient rules, and can be customized to include Compliance Officer escalation for approval and rejection.
ExchangeDefender Encryption Portal at gives users central access to all encryption messages, contacts, groups, as well as a full audit log. From this secure site, available via desktop and mobile, you can manage your entire email encryption experience and get an even more powerful control over how your encrypted messages are secured. The login credentials or password reset link will be sent to you by your IT department and you can access all services here:
If you are not an ExchangeDefender Encryption subscriber, your IT department needs to obtain a license for you to send encrypted messages. There is no cost or licensing required for your recipients, and there is no software to download or install to access messages. Everything simply works through any modern web browser, on any device.
ExchangeDefender Encryption - Dashboard
Navigation through the ExchangeDefender User Interface (UI) features with a tool bar across the top for quick access to frequently used features, and management sections on the left. The rest of the UI contains the main area where you manage your Inbox, send messages, setup groups and contacts, audit activity, and manage your settings. Almost all pages will also have a tabbed interface for additional settings, ability to export the current view into a csv/pdf/Excel, and search/paging functions where available.
ExchangeDefender Encryption Dashboard features navigation, recent messages you have worked on, and recent activity in your account. Message Stats Graphs are featured prominently, showcasing what encryption users are concerned the most: are encrypted messages you sent being read, are you taking care of security and using adequate encryption levels, and quick access to items that need your immediate attention such as messages that are set to expire soon.
The purpose of the dashboard design is to get you back to your work right away, and to highlight recent activity to help you identify anything suspicious and how your encrypted messages have been received.
Toolbar across the top, which is featured in every section of the Encryption Portal, gives users quick access to frequently used actions. From left to right you will see the logo, << autohide button, Quick Actions button, Settings button, and your Profile tab.
- Autohide - Autohide feature is designed for power users that are familiar with the portal and want to automatically hide navigation clutter (useful when composing messages or reviewing Compliance Officer messages).
- Quick Actions - Quick actions feature quick access to the features of the portal you use the most, such as one-click access to send a new encrypted message.
- Settings - Account, Security, and Preferences can be accessed from every screen and help customize your experience and overall service behavior (such as date and time formatting preferences).
- Profile - Quick access to your other ExchangeDefender services, and a friendly reminder to stay secure by always logging out.
ExchangeDefender Encryption - Inbox
ExchangeDefender Encryption Inbox gives you an overview of all your encryption messages, their status, and gives you the ability to send new messages. Click on + Compose to start writing a new encrypted message.
Search bar across the top of the UI allows you to quickly locate messages by subject, encryption level, or date range. (keep in mind that encryption messages expire after 30 days by default for your security, but can be kept longer using our Corporate Archiving service)
Inbox also shows you how the message sender categorized the message when they sent it, as either [Secure Encryption] or [Basic Encryption]. The difference between the two is the level of security and authentication you require for your message to be accessed by your recipients (for more details see the “Should I use Basic or High Security to send encrypted messages?” section).
New and unread messages are highlighted with a blue background, while read messages have a white background. To read the message, simply click on the subject.
ExchangeDefender Encryption - New Message
Composing a new Encrypted Message with ExchangeDefender can be as simple or as flexible as you wish to make it. Your selection will vary depending on the content of the message, recipient, your security policies, as well as personal preferences.
Simple way: Type in the email address of your recipient, type the subject and the message (along with any attachments) and click on Send. This will assign your organizations default security policy that has been configured by your Compliance Officer or IT. That’s it, you’re done!
Customized way: ExchangeDefender Encryption provides the most powerful customization policies for message encryption, and we’re the only omnichannel solution for message encryption allowing you to send messages securely to web services as well as mobile devices via SMS. Because your content never leaves your Encrypted Inbox, you do not have to worry about sensitive information being stored in mailboxes and devices you have no control or security assessment of – which is why default policies are created to be secure first, and secure by default. Let’s take a look at how encrypted message security policies can be customized to meet your security requirements.
ExchangeDefender Encryption enables you to send encrypted messages to individual email addresses, to predefined groups of contacts, to a web service or site (such as Slack, Teams, Facebook, forums, or your corporate web site), and even to mobile phones using SMS/text messages.
ExchangeDefender Encryption - New Contact or Group Message
ExchangeDefender Encryption - New URL Message
ExchangeDefender Encryption enables you to send encrypted messages to web sites and services while maintaining the security and custody of the message contents. The system generates a short URL that can be copied and pasted into Slack, Teams, Facebook, social media, or any other web site or service. URL Encrypted Messages are among the most popular features of ExchangeDefender Encryption because it provides a secure authentication layer, automatically deletes the content, and provides advanced tracking.
The process is exactly the same as sending a message to an email address, group, or mobile device: just type your subject, message, attach anything you wish to and click Send.
After you click Send, a dialog box will pop up with the link to the message. You can copy and paste this link and everyone with the access to it
ExchangeDefender Encryption - New SMS Message
ExchangeDefender Encryption enables you to send encrypted messages to mobile devices via SMS / text messages. This feature highly sought after by doctors, attorneys, insurance, and real estate personnel that is frequently interacting with clients that are not in front of their PC or with full access to email at all times. “We’ll just text it to you” is an easy way to deliver a secure message while still keeping the contents in your custody in your secure Inbox.
Sending a secure message to the mobile device is same as sending any other encrypted message through ExchangeDefender encryption – with one important difference – you only need to know the recipients mobile phone number.
The recipient will receive an SMS message with the link to the secure encrypted message.
When they click on it, the default web browser on the phone will go to the secure SSL-encrypted web site and show them the message and contents.
ExchangeDefender Encryption Options
ExchangeDefender Encryption features a very powerful and flexible set of policy engines that help automate the security and privacy of your content. Some encryption options are established by the Compliance Officer or IT department using https://admin.exchangedefender.com Encryption control panel – these are the default settings for the organization.
Each user has the ability to customize the encryption policy for each message on-demand. Because each message contains different content, we enable the sender to pick the most appropriate encryption policy that can get the message to the recipient safely. Every account is assigned two default policies: Basic Security and High Security. They can be further customized with Advanced Options and users have the ability to save policy changes as brand new personal Encryption policies.
Basic Security or High Security, which one should I use?
Both Basic and High Security encryption levels will get your message to the recipient in a safe, secure, and encrypted fashion with a full audit trail. The primary difference between the two is that High Security requires the recipient to create a profile so that the message cannot be compromised by a third party. ExchangeDefender strongly encourages the use of High Security.
Basic Security encryption level sends a link to the recipient. When they click on the link, their web browser will open a secure SSL-encrypted connection to our encryption portal and will immediately display the message (assuming that the message is not password protected). Anyone that might get the message accidentally (due to a typo), or that has access to the recipients Inbox (IT department, manager, hackers, etc) will be able to see the encrypted message just by clicking on the link. If your PC or network or attached devices are compromised, hackers can steal this information.
High Security encryption level provides the same level of baseline security as Basic Security level, but it prompts the recipient to setup a password and a PIN to protect their account. This free and safe process takes less than 1 minute to complete the first time the recipient gets an encrypted message. The addition of password and a PIN to the recipients profile eliminates the possibility that the message or it’s contents can be intercepted by a hacker, by a compromised firewall or PC or mobile device.
So which one should I use? When in doubt, use the safest, most secure settings possible. The best practice is to discuss the email or message with the recipient and advise them that you’ll be sending them an encrypted message. If you are sending sensitive information to a public freemail system or to someone you suspect may not have the best security standards, we recommend using a password to protect the message. Some Fortune 500 companies have a policy that prohibits employees from providing personally identifiable information over the web or signing up for services, so if they cannot enroll in ExchangeDefender Encryption you’ll fall back on Basic Security level (just set a password and inform them ahead of time).
ExchangeDefender Encryption enables you to customize the level of security in realtime as you’re composing your message. Advanced Options, to the right of the New Message section, allow you to specify advanced message handling parameters and to save the encryption policy so you can reuse it later.
By default, the security options are established by your IT department or Compliance Officer at https://admin.exchangedefender.com and are published as the Default encryption policy. Here is how you can customize and create your own.
Automatically destroy this message after # days: ExchangeDefender Encryption can automatically destroy messages between 1 and 30 days after the message has been sent. The less trustworthy the recipient is, the shorter your automatic destruction period should be.
Notify this user when the recipient reads this message: ExchangeDefender Encryption can automatically send an email notification when the recipient accesses/reads the message. This policy is helpful if you need to notify a coworker, distribution group, or any 3rd party.
Password protect this message: ExchangeDefender Encryption can provide an additional layer of password security for both encryption levels. Once the recipient logs in (High Security) or clicks on the link (Basic Security) clicking on the message will display a password prompt. Without it, the message will not be displayed.
Notify me when the recipient reads this message: ExchangeDefender Encryption will send you an email notification when your recipient has accessed/read the message. This is convenient when you don’t send a large volume of encrypted messages and want to have a near realtime alert that your secure message has been accessed (so you can revoke it and limit exposure).
Actions allowed for recipients: Allow Reply: Checking this box will enable the recipient to Reply to your message using the encryption portal, and you will receive a notification of the response in a safe and encrypted email.
Actions allowed for recipients: Allow Forward: Checking this box will enable the recipient to Forward the message to the third party. If this box is not checked and they click on the Forward button, you and your Compliance Officer will be alerted to the possible violation. (they will not be allowed to forward the message).
Actions allowed for recipients: Allow Print: Checking this box will enable the recipient to print the message. If this box is not checked and they click on the Print button, you and your Compliance Officer will be alerted to the possible violation (they will not be allowed to print the message).
Save these options to a new Policy – Pick a name for your new policy and click Save. You will be able to select the policy from Encryption Policy: dropdown which will then populate the saved settings (so you can further customize it on demand).
ExchangeDefender Encryption - Contacts
ExchangeDefender Encryption makes it easy to be more productive by saving contacts you often send messages to. If you would like to import or create your contacts ahead of time so you don’t have to copy and paste or remember their email address, click on the contacts tab.
Click on +Create New Contact and just provide the name and email address. It’s that simple.
ExchangeDefender Encryption - Groups
ExchangeDefender Encryption also supports groups so you don't have to sit and type in email addresses of your recipients every time you send an encrypted message to multiple users.
You can add contacts to a group by clicking on +Create New Group and providing information about your contacts.
At any time, you can also click on the + icon next to the group name to +Add more members or click on the red X button next to the contacts you wish to remove from the group.
ExchangeDefender Encryption - Activity Audit Log
ExchangeDefender cares about your privacy and security. Every single action related to encryption is listed here and it can give you an idea of what was done even after the messages are gone.
This screen is important for compliance and auditing purposes, and can be provided to your Compliance Officer (CO) if there is ever a question about who sent the message, when it was received, by whom, and which IP address they were using.
ExchangeDefender recommends reviewing the activity log periodically for security purposes.
ExchangeDefender Encryption - Recipient Experience
When you send an encrypted message to the recipient, your message is automatically encrypted and kept on ExchangeDefender's secure platform. The message never goes across plain text, nor are message contents transferred to the recipient's mailbox in any way. They simply get the message above telling them that an encrypted message is waiting for them.
To access, view, and respond all the recipient has to do is click on View Message on any device with a modern web browser and they will be taken to the message.
If you used the [ENCRYPT] option to send the message, the recipient will need to enroll in the ExchangeDefender service and provide the following information. This information is required for legal and security purposes. Once the user has identified themselves and set their password and four-digit PIN the account is officially enrolled and locked down with personally identifiable information no other individual or organization is aware of. These credentials are used to further encrypt and secure the message transfer. They are also used to eliminate the possibility of a man-in-the-middle attack, to keep out the IT department rogue personnel that may be reading emails without authorization, or anyone that has access to recipients' email.
After they complete the process they will be taken to the message.
Recipient can then respond to the message, configure their own encryption settings, access attachments or otherwise act on the message as they wish.
ExchangeDefender Encryption - Message Receipt
If you chose to receive a notice when the recipient has received your message, ExchangeDefender Encryption will send you an email when the recipient reads the message.