ExchangeDefender Phishing Firewall Update
Starting in March 2023, ExchangeDefender Phishing Firewall will get a more advanced and more customizable experience.
Instead of using r.xdref.com or d.xdref.com domains in URL rewriting we will be using the service provider ID as a part of the URL, for example:
As you know we introduced the ExchangeDefender Phishing Firewall to protect our clients from direct security compromises (clients being sent phishing emails) and indirect reputation issues (spammers and hackers proxying/bouncing traffic on domains that don’t correctly setup SPF/DKIM). By now the URL rewriting tech is a common industry standard used by almost all major email providers to apply clients security requirements for links in emails.
We know that nearly all security compromises start with email and being able to redirect the client to a warning page & policy enforcement engine has saved countless clients from getting compromised over the years. However, just as with all things email it’s been a challenge with other providers. URLs can be maliciously submitted, misused, cracked, and in some circumstances the ISPs have hijacked the DNS of the redirection page.
To help our clients and partners reduce the risk of this, in 2023 we’re delivering more customization and flexibility to a lot of the centralized technology we’ve used over the years. It’s a double-edged sword: new domains and hostnames take time to build up a sender reputation AND a ton of mail or misconfigured network equipment can sometimes falsely flag traffic as an attack. Our hope is that with the ability to break ExchangeDefender out into smaller modules that you can host in your own cloud or elsewhere on a public cloud will help our clients fine tune their security requirements.
Just to give you an example: We have a government client on ExchangeDefender who has a strict list of approved web sites their team can visit. Their IT manages their network and web proxies but just like any other organization they get 2FA emails, password reset links, esignature requests, links to invoices, etc. By putting ExchangeDefender Phishing Firewall in front they can sandbox unapproved links (https://theirid.xdref.com/) and police, audit, and review traffic from the cloud without it ever having a chance to compromise their network and tech. It’s the same approach used by the ExchangeDefender Inbox – hackers aren’t going to stop trying to compromise you via email so it’s really just a choice between spending time on the cleanup after getting hacked or managing the threat proactively so it doesn’t cause a problem.
Whichever route you find yourself in your cybersecurity journey, we appreciate you trusting ExchangeDefender to secure your mail flow. Huge thanks to our partner and client base for giving us a ton of feedback/ideas and helping us protect your email better.