ExchangeDefender WebUI: New Features & Enhancements! 🚀
As mentioned in the previous blog post, our new Web Services infrastructure is coming with a ton of new features, new UI, and new faster way of rolling things out that can help benefit & secure everyone.
In the previous post we discussed the scope of the update – rolling up over a decade and a half of legacy features, hacks, services, automations – all into a modern web services world where we can start rolling out features faster.
The biggest problem we are trying to solve now is how to quickly deploy efficient solutions. Most of the development time isn’t in actual coding or rollouts, most of the time is in design and confirming that users are able to quickly and effortlessly rely on them. Past service design was built over the years, as we helped our clients mitigate one security problem after another. Restructuring it will make things far smoother and easier to use.
Note the three single icons next to teach message checkbox. Tapping them on a touchscreen interface or with your mouse triggers the action to Release, Allow Sender, and Review. Icons aren’t very intuitive though – so we see people click on the checkbox and scroll all the way to the top to release a message.
Consider a new modern UI where icons become buttons. Would that change user behavior? Good news is that this will no longer be subject to opinion or guess but hard data as every element of our page will give us actual feedback about how the new feature is being used and how it’s performing:
By leveraging actual usage statistics and better insight on the backend, we can rely on AI to provide a far better level of service with a way faster delivery. In other words, we can respond to security problems faster.
ExchangeDefender Web Services Update
ExchangeDefender Web Services Update has concluded and the new infrastructure is handling 100% of the ExchangeDefender traffic. So far the new platform is performing exactly as expected and we have already closed several minor bugs. Overall, we are extremely happy at ExchangeDefender today!
We want to take a moment to high-five ourselves and highlight three main areas where our clients and partners are going to benefit from this investment:
1. Enhanced Security
With the changes in the development backend, our platform now utilizes the latest security patches and modern language features, significantly reducing vulnerabilities and providing a more robust threat defense.
Our old platform was also rock-solid in terms of performance and security, but that secure-by-design methodology forced us to reverse-engineer as well as design and manage everything from input validation to report routing. Modern web services take care of these routine things allowing us to spend more time on policy development.
2. Improved Performance
The new infrastructure supports faster processing and is optimized for global operations allowing us to deliver a more responsive and reliable service.
You’ve already seen a hint of this in the ExchangeDefender LiveArchive relaunch as a standalone data vault for cloud operations. By breaking up our infrastructure into microservices we’re able to deliver edge operations closer to where our clients are, we can keep data more securely in your local data geography, and we can delegate away control as required.
3. Features Shipped Faster
By moving away from legacy code and internal systems/plugins for policy and protocol enforcement, we can dedicate more of our development cycles to policies and training that will keep your organization more secure. You will be able to benefit from the latest improvements and security innovations while we deliver more.
Thank you for filling out our survey, if you haven’t done so please take a moment to tell us where we can help. We have intentionally dedicated a large window to bringing the new web service infrastructure online so we do have spare cycles to help alleviate some pain points our clients are experiencing. Please take a moment to fill out our survey
We are hard at work on the new User Interface, we’re nearly ready for the public launch of our Phishing platform, all sorts of goodies are heading your way so once again – thank you for your business and your faith in us to deliver safe and secure email to your organization.
Sincerely, Vlad Mazek CEO ExchangeDefender
ExchangeDefender 2025 Web Service Expansion
In less than a week, ExchangeDefender will be running on a new generation of web services. While improving security and performance, the new platform will enable us to launch a ton of new features in 2025 and we would like our clients and partners have a say.
If you have a moment, we would appreciate some feedback. Only (3) questions, should take less than ONE minute and will help us a TON!
https://www.surveymonkey.com/r/YXQ5TKZ
In 2025 we are looking forward to growing ExchangeDefender to do every aspect of email security. We want to extend our protection to phishing simulations, training, and analytics tools. We have also heard from you regarding having mobile apps to manage the user mailbox for users who are full-time mobile. We are redesigning our SPAM reports. We are improving our M365 security footprint with built-in monitoring and performance metrics.
But most of all, we are looking to help meet the problems you’re experiencing in your organization with better solutions, better documentation, and the AI integrations you’ve been demanding.
Please take a moment to fill out our survey and let us know if you’d like us to get in touch with you. We often work with partners on custom solutions and if we can make ExchangeDefender work better for you let us know in the survey or the support ticket and we’ll be happy to set a time.
Looking forward to working with you in 2025 and thank you for your business.
Protect Yourself from Cyberattacks: Simple Tips for Everyday Users
In today’s digital world, cyberattacks are an ever-present threat. From phishing emails and malicious websites to ransomware and data breaches, online dangers lurk around every corner. But don’t worry, you can take simple steps to protect yourself and your devices.
1. Strong Passwords are Your First Line of Defense:
- Create unique and complex passwords: Avoid easy-to-guess passwords like “password123” or your birthday.
- Use a password manager: A password manager can generate and securely store strong, unique passwords for each of your online accounts.
- Enable two-factor authentication (2FA): This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.
2. Be Wary of Suspicious Emails and Links:
- Hover over links before clicking: Check the actual URL of the website before clicking on any link in an email.
- Be cautious of unsolicited emails: If you receive an unexpected email, especially one asking for personal information, be suspicious.
- Don’t open attachments from unknown senders: Attachments can contain malware that can infect your device.
3. Keep Your Software Updated:
- Install software updates promptly: Updates often include security patches that address vulnerabilities exploited by cybercriminals.
- Use reputable antivirus and anti-malware software: These tools can help protect your devices from malware and other threats.
4. Be Mindful of Public Wi-Fi:
- Avoid accessing sensitive information on public Wi-Fi networks.
- Use a VPN (Virtual Private Network) to encrypt your internet traffic.
5. Practice Safe Browsing Habits:
- Be cautious of websites that look suspicious or offer deals that seem too good to be true.
- Be mindful of what information you share online.
- Regularly review your online privacy settings.
Following these simple tips can significantly reduce your risk of falling victim to cyberattacks and protect your personal information. Remember, staying informed and practicing safe online habits are crucial in today’s digital world. For more information on cybersecurity best practices, visit the ExchangeDefender website.
ExchangeDefender Web Service Infrastructure Updates
Thank you for another fantastic year of keeping your email secure and reliable, killing SPAM and cyber threats has never been more fun. We’re finishing the year strong on a company-wide upgrade to our web services infrastructure.
We will be upgrading all of our web services and virtually every web site of ours you interact with for two reasons:
1) To prepare the infrastructure for amazing new features in 2025
2) To reflect on workloads being moved from browsers/desktops to mobile/API.
Over the years ExchangeDefender has grown a ton and as a cybersecurity company we’re often addressing realtime attacks. Hackers are creative, so we have to be creative too in order to stop emerging exploits from causing damage to our clients data.
How can I help?
We currently have our new infrastructure running in parallel with the existing ExchangeDefender, so you can easily experience the new stuff at https://admin.exchangedefender.com. When logged in as the Service Provider or Domain Administrator you will see a button right under your logo labeled TRY THE NEW BETA SITE:
You can always exit the beta experience by clicking on the “Leave Beta” button underneath. Note: If you switch back to production from beta make sure you refresh the page with Ctrl+Shift+R / Cmd+Shift+R and then restart your browser completely.
We encourage our clients and partners to test the new service, verify that your API integrations and plugins work. One thing you will notice is that the beta service is several orders of magnitude faster than our production stuff.
We expect to move all our workloads to the new web site by Wednesday, February 5th.
Upgrade Notice: Login Service Enhancements and Monitoring Improvements
Over the weekend, we designed, tested, and implemented new architectural solutions to address recent issues with the central login service for ExchangeDefender products. Additionally, we identified and began resolving a critical alerting issue that had prevented our NOC from receiving timely notifications about service outages.
To expedite improvements, we deployed a web cluster originally planned for a later release. This new cluster introduces advanced high-availability features, including self-healing capabilities and integration with modern, distributed monitoring solutions to ensure consistent global accessibility.
Given the scope of this upgrade, we opted for a phased rollout using A/B testing to ensure service reliability. Over the past three days, we’ve gradually increased traffic to the new cluster, starting at 12%, while monitoring server and load balancer performance metrics. Currently, 20% of traffic is routed through the new cluster, with the remaining 80% handled by the legacy system. In the event of a failure in either cluster, the load balancer will dynamically shift all traffic to the active system, even if a customer was initially pinned to the affected cluster.
Performance Improvements
The initial results have been highly encouraging, with noticeable performance gains. We’ve observed a 5x improvement in P95 latency and a 3x improvement in P99 latency compared to the previous setup.
Next Steps
Next weekend, we plan to implement the final phase of this upgrade, introducing automated transitions between data centers to address any performance or reliability issues proactively.
Addressing Notification System Failures
During our investigation, we identified a failure point in our notification system. Alerts were being throttled or discarded by our SMS gateway, particularly during cascading outages triggered by login server downtime. We’ve since refreshed our monitoring solution with modern analytics tools and implemented multiple alerting pipelines to prevent future disruptions. While we continue to work with our SMS gateway provider to resolve filtering issues, these changes significantly improve our ability to detect and respond to service issues.
Thank You for Your Patience
We sincerely appreciate your understanding as we worked to diagnose and resolve these challenges. We recognize how frustrating the repeated service interruptions have been and want to assure you that we’ve been actively addressing these issues with a focus on long-term reliability and minimal disruption.
Thank you for your continued trust in ExchangeDefender.
Unlock the Power of Free Email Backups: This Summer with ExchangeDefender LiveArchive (Take Survey!)
The new ExchangeDefender LiveArchive has been very popular with our clients as a live email backup service. With backups typically being the last thing organizations want to spend their IT budget on, it’s no surprise that a free backup service that you own and can archive indefinitely would be compelling.
We’re trying to help our partners and clients roll out LiveArchive this summer and we would like to hear from you. We’re organizing our summer webinar series and this 3-minute survey would help us focus the schedule and content to serve you better:
To help as many of you get started as fast as possible, ExchangeDefender is considering several short-form or small-group interactive webinars several times a week during July and August. During these webinars, we’ll cover the basics of the service and help you actually complete the deployment of LiveArchive (it only takes a few minutes with the public cloud)!
What is Live Archive Email Backup?
ExchangeDefender LiveArchive offers secure backup, long-term archiving, and eDiscovery services for Office 365, Gmail, and cloud mail.
Sales Collateral? Yes! We have a Data Sheet, Live Archive Email Backup Advantage sheet, plus case studies!
ExchangeDefender Supernet
Last month we announced a major upgrade and expansion of our network to better serve our clients in a more challenging cybersecurity world. I’m sure you’ve seen many stories in the news about cyber attacks and how some groups and nations are expected to attack our critical infrastructure.
We can assure you that those threats are real and are ongoing in a very focused fashion. In order to prepare for a more massive attack, we’ve had to rely on some BGP routing magic to make ExchangeDefender far more resilient.
Make sure you allow inbound SMTP traffic from ExchangeDefender’s 65.99.255.0/24 (255.255.255.0) range.
This range has been in use by ExchangeDefender since 2003 so if you’ve followed our deployment guide correctly you should be all set. If you’ve chosen to deploy ExchangeDefender differently and have other scanning/security active on that range, you might see email delivery delays and failures. Easy fix, just add the whole class C.
What is happening under the hood is that all of our different data centers are routing traffic via the same 65.99.255.x range. Even if half of our data centers disappear due to a telecom or power event, we will be able to continue email delivery.
As you’ve seen over the past year, we’ve focused on Inbox, LiveArchive, and upcoming Replay features to improve security and reliability. Like you, we wake up every day to another Exchange/Gmail event/issue/policy/fubar and nobody likes losing email or the ability to communicate. This is why having ExchangeDefender around your email infrastructure is critical if email is critical to your organization. The new supernet has been routing messages for over a month with no issue and on Wednesday, May 15th we will make it available for everyone.
ExchangeDefender Network Upgrade: Supercharged Security and Disaster Recovery for Your M365 Clients
At ExchangeDefender, we’re obsessed with keeping your clients’ emails safe and secure. That’s why we’ve just completed a massive network upgrade, designed to empower you, the IT Managed Service Provider, to offer unparalleled disaster recovery and enhanced security for your M365 clients.
Why the Upgrade? The Cloud Needs Saving Too!
Remember the good ol’ days of on-prem email outages? Well, guess what? The cloud isn’t immune!
- M365 Outages Happen: We’ve all been there – clients waking up to a down Office 365 tenant. Scary stuff.
- Data Loss Lurks: Lost emails due to strange glitches or language barriers (seriously, Croatian?) are a real threat.
Building on LiveArchive, we’re massively expanding our disaster recovery businesses due to increased demand for client protection on the Microsoft M365 network.
Our upcoming live mail caching service is here to save the day! We’ll cache copies of your clients’ emails for 24 hours, ensuring no email gets lost due to infrastructure issues. Need a message from the past day? Simply request a redelivery – problem solved!
Network Upgrade? More Like a Network Revolution!
To make Live Mail Caching a reality, here’s how we did it:
- Open-sourced LiveArchive: This empowers you to deploy massive email archiving solutions for your clients on their own cloud.
- Infrastructure Overhaul: We’ve upgraded nearly every switch, firewall, core router, and most of our backend to handle the massive data demands of live caching.
- Network Failover on Autopilot: BGP magic ensures seamless service delivery across multiple data centers, automatically routing around network issues and regional outages. No configuration changes on your end are needed!
In the coming quarter, we’re excited to unveil all these new services.
While email remains a prime target for cyberattacks (not a good thing!), our core focus continues to be protecting traffic and identifying threats. However, our M365 clients are facing a surge of issues and are turning to us for solutions.
For instance, when Microsoft experiences delivery delays or mail latency problems, our ExchangeDefender Inbox service becomes the go-to solution for accessing critical OTP/MFA tokens.
Many clients have also adopted Inbox as their preferred webmail client due to its speed and lightweight design.
As Microsoft prepares to sunset Basic Authentication, many legacy SMTP services and mail-enabled applications will become inoperable. To address this growing demand for reliable and secure email routing and delivery, we’ve significantly upgraded our network and services this past quarter.
Email delivery problems happen.
With ExchangeDefender, however, these problems won’t impact your operations. That’s our unwavering commitment, and we’re thrilled to announce the expanded ExchangeDefender network is here to serve you and ensure the continued security of your email.
P.S. Sounds expensive and boy was it!! We’re in an era where any excuse is used to raise prices, so this might come as a bit of a surprise: There will be no change in pricing as a result of all these upgrades. Thank you for keeping us in business in our 4th decade and thank you for trusting us with your email.
Enhanced MFA Enforcement Policy: Strengthening ExchangeDefender Security Measures
For years, ExchangeDefender users have enjoyed enhanced login security via multi-factor authentication security (aka MFA, 2FA, OTP). In our March feature update, we hope to improve your security and enhance MFA enrollment to keep you and your data safe. Allow us to introduce to you the new MFA Enforcement Policy!
Note from the boss: Before we get to any discussion of policies, our official recommendation is to enforce MFA on every service we provide and to rotate passwords at least once a quarter. I know, nobody likes the second validation prompt but this is a standard in the industry and I can’t think of a bank or a vendor that doesn’t require it. Maybe I’m jaded because we’re a cybersecurity company.. and with all the layers of MFA/VPN/auth we have in place I spend an insane amount of time trying to find my key or wait for the new pin to display in my authentication app. Because when I interact with a vendor that holds my information and they have no login security.. all I can wonder is what else they’re not doing to keep my data safe? Is this a real business or some WordPress plugin?
At the same time, I understand we have a ton of customers in SMB space where sometimes (obnoxious) tech can be slow and difficult to implement. But you pay us to keep you safe – and to keep your backups safe, and to keep your business continuity safe, and to do that we absolutely must require MFA. But we also can’t expect staff who have clicked on a Release/Trust link for over a decade to be cool with suddenly being forced into MFA enforcement workflow on Monday. So we designed a compromise. I hope it fits your organization and I hope you adopt it as fast as possible.
Sincerely,
–Vlad Mazek, CEO Own Web Now Corp.
In March 2024 you will have the ability to enforce or require MFA enrollment at the domain level. What this means is that you’ll be able to require MFA enrollment with an authenticator app for everyone with just one click at https://admin.exchangedefender.com:
With this policy, you can secure your users’ login with multi-factor authentication without making them enroll a device.
How does it work?
When your users go to admin.exchangedefender.com and attempt to access Inbox, WFS, or LiveArchive we will check their MFA enrollment and if none is found we’ll just tell them we have to verify their identity:
When they check their mailbox they’ll see an email from ExchangeDefender and just provide the code back.
This way your ExchangeDefender login is technically secured at ExchangeDefender with MFA even if you haven’t enrolled a device in MFA yet. There is no way to get into the secure areas of your account without enrolling into MFA. But what if someone guessed the password, they can just enroll a device and hijack the account, right? No.
When you set MFA Enforcement to Required/Forced, all your users are automatically set into an MFA mode that relies on their email address for secondary verification. When they visit admin.exchangedefender.com for the first time and provide their username and password the system will check their MFA enrollment and if email MFA is detected the system will send them an email with a verification code to proceed. This way we’re using the email MFA as a way to verify their identity and then we enroll their authenticator app as usual by scanning the QR code.
ExchangeDefender Quarantine Reports behavior will not change at all as a result of the change in the MFA Enforcement policy. ExchangeDefender Quarantine Reports do not rely on the login system at all as the user is never prompted to authenticate to trigger the release of the message. Instead, quarantine operations are tokenized and one “release” request does not automatically grant any other release or trust requests with the same token. It also doesn’t automatically log them into ExchangeDefender so there is no getting by the MFA!
Secure your logins now
It’s 2024 and the world has changed when it comes to authentication and identity when dealing with services online. Experiencing a cybersecurity threat or compromise is an incredibly expensive and frustrating experience that can easily be avoided by requiring an ID check before granting access to sensitive information. ExchangeDefender MFA Enforcement Policy is your way to protecting your organization from unauthorized and unverified access.