ExchangeDefender Phishing Firewall Update
Starting in March 2023, ExchangeDefender Phishing Firewall will get a more advanced and more customizable experience.
Instead of using r.xdref.com or d.xdref.com domains in URL rewriting we will be using the service provider ID as a part of the URL, for example:
As you know we introduced the ExchangeDefender Phishing Firewall to protect our clients from direct security compromises (clients being sent phishing emails) and indirect reputation issues (spammers and hackers proxying/bouncing traffic on domains that don’t correctly setup SPF/DKIM). By now the URL rewriting tech is a common industry standard used by almost all major email providers to apply clients security requirements for links in emails.
We know that nearly all security compromises start with email and being able to redirect the client to a warning page & policy enforcement engine has saved countless clients from getting compromised over the years. However, just as with all things email it’s been a challenge with other providers. URLs can be maliciously submitted, misused, cracked, and in some circumstances the ISPs have hijacked the DNS of the redirection page.
To help our clients and partners reduce the risk of this, in 2023 we’re delivering more customization and flexibility to a lot of the centralized technology we’ve used over the years. It’s a double-edged sword: new domains and hostnames take time to build up a sender reputation AND a ton of mail or misconfigured network equipment can sometimes falsely flag traffic as an attack. Our hope is that with the ability to break ExchangeDefender out into smaller modules that you can host in your own cloud or elsewhere on a public cloud will help our clients fine tune their security requirements.
Just to give you an example: We have a government client on ExchangeDefender who has a strict list of approved web sites their team can visit. Their IT manages their network and web proxies but just like any other organization they get 2FA emails, password reset links, esignature requests, links to invoices, etc. By putting ExchangeDefender Phishing Firewall in front they can sandbox unapproved links (https://theirid.xdref.com/) and police, audit, and review traffic from the cloud without it ever having a chance to compromise their network and tech. It’s the same approach used by the ExchangeDefender Inbox – hackers aren’t going to stop trying to compromise you via email so it’s really just a choice between spending time on the cleanup after getting hacked or managing the threat proactively so it doesn’t cause a problem.
Whichever route you find yourself in your cybersecurity journey, we appreciate you trusting ExchangeDefender to secure your mail flow. Huge thanks to our partner and client base for giving us a ton of feedback/ideas and helping us protect your email better.
New Release: ExchangeDefender Inbox M365 Hybrid Solution
Huge and most demanded feature from our community has finally shipped.
No more PowerShell. No manual steps. It’s all automated.
When you create a mailbox on ExchangeDefender Inbox the service creates your users M365 account, enables mail forwarding, maps the email addresses correctly, updates routing and signing.
Anyone can manage Inbox with far fewer IT skills than are needed for the most basic of M365 deployments!
We’re seeing ExchangeDefender Inbox mailboxes used in companies with high turnover, in companies that are trying to save money (Inbox could save over $300 / employee every year!), for mailboxes that get a ton of traffic but are mostly for logging (necessary but rarely ever logged in), temps, external users that need email at that domain but shouldn’t be given an entire M365 license or be exposed to all the data you have on your M365.
So.. if you’ve been keeping your own Exchange server barely alive just for these types of use case that M365 isn’t ideal for (or worth the $), let’s have a call and save some of your IT budget!
How easy is it?
Login to your ExchangeDefender Inbox admin account and choose a tenant to create a user.
ExchangeDefender Inbox does all the heavy lifting under the hood instantly. Using a combination of Remote PowerShell, Microsoft Graph, and Microsoft’s API for Exchange/M365 we’re able to create the user, setup forwarding, update address books on both sides and keep everything in sync. The admin doesn’t have to deal with any of that, they just see that it’s done:
That’s all it takes to create a mailbox and share the domain with a M365 tenant in hybrid mode. Everyone is on the same domain, everyone has the same format email address, it’s practically the same thing but saves your organization up to 95% every month.
Everything on the backend is tracked and kept in compliance. Best part – we do not use delete statements anywhere so you never have to worry about ExchangeDefender Inbox creating problems and issues at M365.
Try Inbox today for free! Login to your ExchangeDefender Admin account to get started.
ExchangeDefender URL Rewriting Tips
No matter how much money you waste on cyber training, someone, somewhere, innocently or intentionally, will eventually click on a link that can take your network down.
ExchangeDefender protects you from malware and phishing threats by rewriting web traffic through our security service called ExchangeDefender Phishing Firewall. The process is very simple, we analyze the email message as it goes through ExchangeDefender and rewrite the URLs so that when you click on them on your Outlook or phone you’re redirected to a site that your organization manages and that you can customize for your personal liking.
Remember, over 91% of cybercrime starts with a link in an email! ExchangeDefender helps stop that.
We also roll up OSINT and public reputation lists that give you an idea exactly what you are being directed to. We check if the site is known for spreading malware, if there is a recent incident report, if the site is brand new – and you can quickly decide to click on a button to proceed one time or you can add it to your safe list and then you’ll automatically get redirected to the real site.
Problems and Challenges
URL rewriting is an industry standard practice and almost all large mail service providers feature similar “safe links” technology.
As helpful as it is in disarming dangerous content, it can at times cause a support issue as well when the link gets broken or when the site gets wrongly listed for hosting dangerous content (hint: we don’t host anything, we just redirect the link). The process of delisting can take some time and sometimes misconfigured devices and services can cause additional problems. Just last week we dealt with an issue at Comcast/AT&T xFinity Business SecureEdge service and the only workaround is to turn that service off.
Workarounds and Quick Fixes
The quickest way to work around this is to ask the sender to email you at your bypass email address you create for this interaction. Simply go to https://bypass.exchangedefender.com and follow the directions from there.
Optionally, but as the last recourse only you can turn off the ExchangeDefender Phishing Firewall (see https://www.exchangedefender.com/docs/domain for instructions) but doing so also lowers the level of protection and support you’ll be getting from ExchangeDefender.
We have a week of client/partner development focus groups, March 6th-7th and if you’re interested please ping us at events@exchangedefender.com. What we’re currently beta testing are provider or domain redirection portals so that you’re not stuck sharing r.xdref.com or d.xdref.com with millions of your closest email neighbors. This way any problems with the site listings or DNS hijacking (in SecureEdge’s case) would be limited to your clients and it would be easier to pick out and mitigate any malicious reporting activity.
If you’re looking to make ExchangeDefender work better for you, please join us for the focus group. We’d love to help you protect your clients mail flow better.
Migrating from ExchangeDefender to M365
If you’re currently on ExchangeDefender (our Exchange or other email services) and migrating to M365 there are a few important steps to take to make sure everything is secure and mail moves appropriately to the new destination.
Step 1: If you’re leaving our Hosted Exchange platform
If you’re leaving our Exchange first you need to remove the domain from the Service Manager. Go to https://support.exchangedefender.com and after login click on Service Manager.
From there just select your Exchange organization and click on Delete.
You will be presented with a confirmation screen, follow the instructions and system will schedule your organization for removal from our Exchange network. Next, let’s take care of ExchangeDefender.
Step 2: Moving the ExchangeDefender pointer and MX records
When you setup your M365 Exchange service Microsoft will issue you an MX record that is typically formatted like this: DOMAIN.mail.protection.outlook.com
Go to https://admin.exchangedefender.com/domain-sp-login.php and login either as the domain administrator (userid: domain.com) or ExchangeDefender Service Provider (userid: sp) and proceed to Mail Delivery tab.
On the Mail Delivery tab you should set your mail server as “Office 365, Gmail, or multihomed MX record (3rd party MX record)” and provide your M365 MX record below.
Click Save and routing tables will be updated within the hour. In the meantime please follow these instructions to lock down your M365 tenant to only allow secure email delivery via ExchangeDefender this step is required or mail will not be delivered!
This process takes only a few minutes but it’s absolutely crucial.
That’s all you need to properly deliver mail to M365 via ExchangeDefender. If you’re not interested in securing your mail flow and protecting your M365 instance from malware & phishing you can always delete all the domains and references from ExchangeDefender.
If you run into any issues please open a support request at https://support.exchangedefender.com with the M365 MX record and M365 admin credentials and we’ll take care of the process for you.
Thank you for trusting us to secure your email.