ExchangeDefender Phishing Firewall FAQ
ExchangeDefender Phishing Firewall officially launches tomorrow, June 12th, 2019.
Every service provider and every user will be contacted with the information about the new service. Since some users may see the redirection site, we wanted to assure everyone was aware of the service, how it works, what it looks like, and what it does to protect them.
Note from Vlad: We hate changing the user experience. We understand that every time we change anything there will be an issue, folks don’t like having their cheese moved, I get it. However, this isn’t a futile exercise in self-promotion, up-selling, cross-selling, or useless noise: we are doing this to eliminate the problem that 90% of security compromises are triggered by. This implementation comes down to ethics: If I know that something is 90% likely to hurt you, and I have the means to protect you, and I choose to let you get hurt anyhow… why would you ever do business with me or ExchangeDefender? I understand we may lose some business over this, and I am willing to make less money in order to do a better job for people that trust us with their business.
Here are the answers to some questions we’ve already received:
Q: Does ExchangeDefender PF work on every device I receive email on?
A: Yes, ExchangeDefender PF automatically encodes all links sent through our system in HTML messages and redirects them through ExchangeDefender PF. This means that the link will be secured no matter which device you use to access your ExchangeDefender-protected email.
Q: Does ExchangeDefender PF protect me from non-email links?
A: ExchangeDefender only protects you from email links in HTML messages sent to your email address through ExchangeDefender. If your mail client downloads mail from 3rd party external services (Yahoo,
AOL, Microsoft, Google) that are not protected by ExchangeDefender, you will not be protected.
Q: Is ExchangeDefender PF available in ExchangeDefender Essentials?
A: ExchangeDefender PF is only available in ExchangeDefender Pro and ExchangeDefender Enterprise.
Q: Is there any way to turn off URL encoding for specific domains or users?
A: ExchangeDefender encodes the URL at the edge, as the message is being scanned for malware and other phishing forgeries.
Q: I don’t want to see the ExchangeDefender PF warning/site, can I bypass it?
A: Yes, you can simply whitelist the domain and ExchangeDefender PF will not be displayed. Whitelisted domains are automatically displayed without ExchangeDefender PF. ExchangeDefender maintains a list of known good/legitimate domains so the likelihood that you will see a dangerous (or questionable) website is very low. Additionally, your IT department or IT Solution Provider has access to organization-wide whitelist and can bypass ExchangeDefender PF to any site you need to visit.
Q: Is it possible to still get hacked/compromised even with ExchangeDefender PF?
A: ExchangeDefender PF simply applies your organizational policies to traffic and gives you additional information about the link you have clicked on. If you ignore warnings, or if you proceed to a dangerous site as a part of your organizational policy, you can still be compromised.
Q: Is there anything special I need to do on my network in order to support the redirection?
A: No, you should not have to make any modifications to your clients network in order to support this. If you do something exceptionally unusual (we would have contacted you separately, DoD requirement) and only have an allow access policy while blacklisting the rest of the Internet, redirection happens through https://r.xdref.com domain that needs to be in the safe sites.
Q: Can I turn URL rewriting off?
A: The ExchangeDefender URL rewriting code is implemented at the edge without regard for domain/user policies. In order not to introduce delays in processing, this is a global rule. If you are concerned about your clients seeing the redirection screen, whitelist the domains they typically go through. If we get complaints about it, we will look at deploying this policy further down in the scanning path which will slow down processing times for domains that opt out of the service and that feature is already in the development queue.
Q: Can I see the copy of the messages you are sending users, so I know what to expect?
A: Here is a copy of the message in PDF and Outlook format.
Q: Will the links stay live for X number of years for compliance purposes?
A: There is no expiration date for the links, as clearly stated in our Privacy Policy we do not collect or archive the links that you click on or that we encode, they will stay in your downloaded / cached / archived messages. While many regulatory requirements have message retention policy expectations, those requirements do not extend to external content, ie: you have to archive the message, you DO NOT have to archive the documents that are externally linked on third party sites. Either way, messages will continue to redirect as long as we stay in business.
Q: Can I get a list of good/bad sites for my compliance records?
A: Please contact our compliance officer at compliance@ownwebnow.com with the letter from your regulatory body and we will do our best to provide this confidential information ASAP.