January 2022

Caveat: This feature is not recommended by ExchangeDefender, we actively discourage you from using it, and it is disabled by default. At the same time, we understand that sometimes the risk of getting hacked is less painful than arguing with non-technical users… In other words, we got you.

ExchangeDefender is an SMTP proxy security service, we scrub your email and only pass on stuff that doesn’t look like SPAM. In order to make that happen, we use industry standards such as SPF, DKIM and DMARC to make sure the senders are legitimate. (envelope-sender aka “envelope from:”)

The challenge these days is that nearly all the automated email messages (password reminders, marketing messages, newsletters, order confirmations, 2FA/OTP, etc) are sent from a unique disposable email address. Instead of coming from orders@amazon.com (the email you see in Outlook/Gmail) they actually come from something like vlad=exchangedefender-com.23581.i32.1941kab@east-1.aws.amazon.com. These email addresses are automatically generated and only live for a short period of time (less than 24 hours) and are used to track bounces and failed deliveries. However, once you open the email your mail client looks at the “display from” address such as orders@amazon.com. This address can be forged easily by anyone and that is how hackers end up compromising end users easily (cyberattack process better known as “spear phishing“).

ExchangeDefender has a secure facility to manage legitimate newsletter senders and automated email platforms (Domain Admin > Advanced Settings > Bulk Mailer Policy) and we train our partners how to properly create allow policies for<a href=”https://www.exchangedefender.com/docs/whitelist“>Disposable Email Addressing</a>/BATS. If you’re not a fan of using that process, you’re going to love the new From: Policy feature.

ExchangeDefender From: Policy

ExchangeDefender Advanced Features has a new section called “From: Policy” which enables you to create an Allow Policy based on the Display From address (display-from/fake-from). You can find this new setting at admin.exchangedefender.com under Domain Admin > Advanced Features > From: Policy.

The policy is disabled by default, but if you enable it ExchangeDefender will search the email headers for the From: address and apply your Allow Policy (whitelist) using that address. Allow Policy forces ExchangeDefender to bypass all SPAM checks and will deliver the message to the users Inbox regardless of SPAM content (malware protection, virus protection, file attachment policies will still be enforced).

This feature will make delivery of automated messages (newsletters, password reminders, etc) much smoother with the side effect of making it easier for your users to get spear phished. However, this level of security exactly the same as whitelist/allow policy/trusted senders evaluations consumer email solutions such as Microsoft365/Outlook/Google Apps have, so if you trust their email security you can trust this as well.

-Vlad

tl;dr; You can now whitelist by the fake email address you see in Outlook/Gmail.

Schedule recurring emails
ExchangeDefender is proud to deliver another new feature to our Pro subscribers – Recurring Email Scheduler.

ExchangeDefender Recurring Email Scheduler feature has been the top request from our clients in 2021 as we continue our work-from-home lives: we are constantly trying to remind ourselves or others about something… and email (soon SMS/text) is the go-to way to do that. Virtually anything you need to remind yourself (or others) about on a consistent basis can be done including:

– Personal reminders
– 3rd party (clients/staff) reminders
– Invoice and recurring payment reminders
– Payroll and HR requests
– Meeting & appointment reminders
– Recurring tasks & maintenance requests

Problem is, most recurring email options require you to keep your PC on at all times. Maintaining and managing them quickly becomes a nightmare. Reporting is virtually non-existent, and creating new recurring messages takes time and skill and you’re in charge of troubleshooting problems with every software update. Or you can spend even more money on a 3rd party commercial solution.

This is where ExchangeDefender Recurring Emails feature shines:

– Create and manage all recurring emails from a single interface
– Create beautiful HTML messages with a friendly editor
– Attachments and multiple contacts are supported too!
– No need for your PC to be on, no DNS changes, no software to install
– Relies on public cloud infrastructure
– Powerful recurring scheduling & control
– Activity log and campaign delivery details (for compliance and troubleshooting)
– Ability to pause and resume campaigns

We’re also hard at work integrating our SMS Proxy solution so that we can extend the reminders framework to help you reach and remind everyone through their preferred contact method. Get started at https://admin.exchangedefender.com by clicking on Recurring Emails. If you can send an email, you can send a recurring email!