logo XD
logo Antler

ExchangeDefender

ExchangeDefender

We are proud to announce an upgrade for ExchangeDefender Client Software Suite. You can read more about the software here. They are free and recommended for client interaction with ExchangeDefender service.

Bug Fixes – 03/10/2009
======================
– Fixed an issue causing some users spam/surespam to not be displayed correctly.
– Fixed an issue where the application would Pop-up each time the application loaded.

Features – 03/10/2009
=====================
– Added an “About Form”
– Automatic version checking has been added as a feature upon viewing the about page.

There are several other minor bug fixes. If the current software is working for you there is no reason to upgrade. However, if you do experience an issue our support teams will ask you to upgrade to the latest version before working the case.

Downloads are available at www.exchangedefender.com

ExchangeDefender

For the past two weeks we have taken an unusual project: Find out why certain messages get deferred or delayed at random times to random recipients. While this task is something that we perform routinely through our support portal, my staff has taken a lot of abuse at the hands of something that is really not an ExchangeDefender issue or something we are capable of addressing.

Last week we have introduced a layer of monitoring service to ExchangeDefender that has been collecting data on failures our clients servers are experiencing. This data is being plotted for each IP address we hand off mail to. So far we have been able to identify users that have:

Inadequate Internet connections (bandwidth or reliability)

Inadequate Firewalls or routers (connections time out, get deferred or dropped randomly)

Configuration problems (lack of space, lack of resources)

We have made several adjustments to the way we deliver mail for the clients that have frequent or persistent delay problems. In each researched case we have been able to isolate the problem to the recipients servers or network not cooperating. We have attempted to replicate the scenario with servers / addresses that are not on the same ranges or networks to eliminate the possibility of network/routing causing a problem.

We are continuing our work on this because no user should be frustrated with the delays in their message delivery. If there is anything we can do to determine if these issues are persistent enough to recommend additional resources or spotlight problems that the admins or MSPs are not aware of, I’m glad to do so. It is in all our users best interest.

Sincerely,
Vlad Mazek, MCSE
CEO, Own Web Now Corp

P.S. There is only one legitimate reason for mail delays: Senders IP address is on a commercial RBL like SpamCop or SpamHaus. These messages are delayed intentionally and whitelisting does not affect the performance, they will get delayed. This behavior has been in place for a long time with ExchangeDefender and is not set to change: Senders on SpamCop and SpamHaus have been confirmed as spammers by independent parties and have not done anything to delist themselves. We can only assume that these resources are not managed and we just cannot trust mail from these hosts, even if you chose to trust the senders from those domains.

ExchangeDefender

ExchangeDefender, now in the 4th release of the product, is proud to add Client Software Suite to the portfolio of security and business continuity products covered under a single fee. Consisting of ExchangeDefender Outlook 2007 agent and ExchangeDefender Desktop agent, the suite is uniquely positioned to help users interact with ExchangeDefender without having to leave their day-to-day computing experience inside Outlook 2007 or Windows Desktop.

Click here to download ExchangeDefender Outlook 2007 Agent

Click here to download ExchangeDefender Windows Desktop

Click here to see the features overview

Click here to read technical FAQs

Click here to listen to the Client Software podcast

While the features of the two products overlap somewhat, each is designed for a specific audience. Outlook 2007 agent is primarily designed to let users interact with ExchangeDefender on demand, report SPAM that slips through and casually customize the service to their needs. Desktop agent is designed for the diehard email addict that needs hourly updates on the amount of SPAM, quick access to LiveArchive.

We will continue to develop both going forward and have plans to introduce web filtering, virus protection and web file sharing during 2009. We see attack vectors changing and becoming more social to compromise the security of more savvy technology users. With that threat, the software protecting our users must evolve as well.

As always we welcome feedback and suggestions on how to improve the software and make your clients and users more efficient and productive with our services. Please use the Development tab in our support portal to communicate directly with the development team.

Oh, did we mention that all this is FREE? Go ahead and download it now!

ExchangeDefender

Since December 15th we have been testing a new ExchangeDefender antispam engine that has gone into production last night, January 5th. The new engine improves SPAM filtering efficiency by nearly 800% and shows about 5% less false positives than the current engine.

This new system has been running in the background transparently simultaneously with our previous engine and did not impact operations. We have started to notice new trends in SPAM lately and have moved to improve filtering of the items that have not been accurately picked up by the network.

We want to thank you for submitting SPAM through our ExchangeDefender Outlook 2007 agent as that has been critical in our ability to better protect you from junk. If you have not yet deployed the new ExchangeDefender Outlook 2007 plugin, or the new ExchangeDefender Desktop please do so today. They are available for download on the homepage at www.exchangedefender.com

Enjoy your new, cleaner mailbox!

ExchangeDefender

Happy Monday! Over the weekend a ton of ExchangeDefender 4 bugfix requests went online and so far the support requests for the issues have all but disappeared. Here they are, in order of magnitude:

ExchangeDefender Email SPAM Reports

Late last week new ExchangeDefender SQL cluster for email report management went online to compensate for the growth in network capacity. Because it usually takes six to eight hours for replication to complete some reports over the weekend were generated with 0’s for SPAM totals, an error that has since been fixed.

Going forward, SPAM reports will be remain to be available but we are moving the feature to the “legacy” mode meaning we do not recommend them as the primary point of access to SPAM. By default, new accounts will have their email reports turned off unless they explicitly request the email reporting to be turned on. There will be no change to the current users and as noted above there will be far more capacity to provide current users with the reports and those that choose them forward.

Email reports have been a dark eye on the face of ExchangeDefender. Over 83% of ExchangeDefender clients have never even opened an ExchangeDefender SPAM report, and nearly 99% have never released a single piece of SPAM from them. We track these releases and have even noted that majority of the releases are forged SPAM itself.

This is why we have developed better tools to surround ExchangeDefender with – the new ExchangeDefender Outlook 2007 Addin for Microsoft Outlook 2007, the ExchangeDefender Desktop Alerts for XP and Vista as well as the realtime web portal which is scheduled for 4.0 release this fall.

ExchangeDefender Password Resends

ExchangeDefender password resend request used to lead you to a blank screen and no email. This has been fixed, passwords are being sent now without issue.

ExchangeDefender Activation Optimizations

ExchangeDefender activations now take mere seconds (it used to take about 1 second to provision a single account) which globally meant it could take approximately an hour for the address to be fully provisioned. That has been throttled down to allowing over 5,000 user activations per minute.

ExchangeDefender LiveArchive Sync

Problems with ExchangeDefender LiveArchive settings sync have been addressed and syncronization is now up-to-the minute. If you’re ever stuck waiting more than 60 seconds for a password change or a setting change you might want to close your browser and retry.

More exciting changes are on their way, to be announced tomorrow.

ExchangeDefender

It has been quite an evening at ExchangeDefender as we continue to fight the outbreak of the UPS trojan. You may have seen this:

Warning: This message has had one or more attachments removed

Warning: (UPS_INVOICE_978172.exe, UPS_INVOICE_978172.zip).

Warning: Please read the “ExchangeDefender-Attachment-Warning.txt” attachment(s) for more information.

Subject: UPS Tracking Number 6431834482

Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient’s address is not correct.

Please print out the invoice copy attached and collect the package at our office

Your UPS

What is interesting about this is that the message does look fraudulent to the casual observers and people that do domestic business with UPS. However, we have encountered this format (with attachments and all) being used by UPS Commercial shipping departments in the past, which is why messages with the specific patterns received lower SPAM scores and were allowed through.

We still stripped the attachments but the attachments inside the ZIP file are passing through AV scanners as the variants change. We are now up to over thirty definitions used to track this specific worm and have taken the following steps:

UPS messages are only processed if they come from UPS.

UPS Tracking numbers are only accepted as valid if they start with 1Z.

UPS messages instigate a callback function against UPS servers.

Dealing with these extended rulesets and checks has made mail move a little slower today as we’ve dealt with onslaught of messages while this worm becomes more prevalent. UPS is also issuing a warning on their behalf:

brownbulletin

We currently have this issue under control and it should not pose any further problems. However, expect the UPS messages to be taken with higher scrutiny and always warn users not to open executable attachments.

ExchangeDefender

It has been quite a while since we introduced a new feature to ExchangeDefender. This is mainly because we have been hard at work on ExchangeDefender 4.0 whose LiveArchive backend is completely different from the present one. But we have heard the pain and thanks to the number of very compelling arguments we now support transparent archiving of outbound mail as well as inbound mail via LiveArchive.

Service is already provisioned and active for everyone that relies on LiveArchive. You do not have to do anything to activate the outbound archiving component. This new feature brings us one step closer to giving you a fully redundant mail solution within ExchangeDefender portfolio.

For more details on LiveArchive please see the ExchangeDefender web site LiveArchive overview.

ExchangeDefender

Due to the enormous amount of feedback by our customer base we are stepping up the defense from NDRs received for the emails that were not originated by your users to begin with. This is often called NDR blowback, backscatter, fake virus or worm storm, etc. It happens when someone uses your email address to relay an enormous amount of SPAM to the remote servers and encounters a lot of dead mailboxes that may have already been removed or had their quotas filled with SPAM. Naturally, an error bounces back to you because the remote server thinks you sent it.

We have had NDR backscatter protection for quite some time but the cries from our customer base have forced us to take away our liberal stance on this issue. We are now strictly enforcing NDR legitimacy, meaning that we will only deliver NDR mail if the message was sent through one of our outbound servers. Anything else, because we cannot validate it, will be automatically thrown into the SPAM queue if you choose to quarantine SPAM messages.

Are NDRs SPAM?

No, the non-delivery receipts and delivery status notifications are not SPAM. They do not contain any unsolicited commercial communication, they are not selling anything, they are not dangerous in any way. They are annoying, very annoying when you receive a few hundred in a span of a minute. How did this happen? Well, someone you previously emailed likely got infected by a worm or a virus that searched their hard drive (mailboxes) for email addresses. It then took a random address and joined a botnet and sent thousands of messages and made them appear they came from you. Because the remote (recipient) server did not have proper SPAM protection it blindly accepted the message and issued a rejection.

How does ExchangeDefender know what passed through it and what did not?

ExchangeDefender outbound network stamps each outgoing message with a hash key. When the message is returned in a form of a DSN or NDR we check the SMTP header for the presence of our hash key, we decode it and compare with the local copy stored in our server along with the matching From: message. If the hash key matches the sender of the message the email is passed on to other filters. If it doesn’t it means that  the message is a bounce to the message you never sent in the first place because it did not go through our network and it did not get stamped.

What to do if you still keep on getting NDRs?

There are a few things:

  1. Check that you are sending mail using outbound.exchangedefender.com as your organizations smarthost.
  2. Check that you only have inbound30.exchangedefender.com as your only MX record. If you have more than one your configuration is broken, follow the deployment guide.
  3. Check that you are enforcing IP restrictions, port 25 only and from our exchangedefender.com network only.
  4. If everything looks correct and the NDR was received after Tuesday, May 10th, open a support request with the text of the NDR as well as full SMTP headers of the message for review.

Thank you for trusting us with your mail.

ExchangeDefender

The long awaited upgrades to our client software are finally out and available for download below. These updates address the issues found in the original releases that prevented the systems from rebooting in certain circumstances. This is a bugfix release only, if you’re not having problems there is no need to download them.

First up, ExchangeDefender SPAM Monitor that alerts you of SPAM waiting for you on the server:

DownloadIconTrans_thumb_3ExchangeDefender SPAM Monitor

SpamMonitor_Setup_v.1.0.2.exe
SpamMonitor_Setup_v.1.0.2.msi

 

Second, the Shockey Monkey Server Agent software designed for Microsoft Windows (2000, XP, 2003, Vista and 2008) used to collect server inventory, logs, WMI data and intelligently feed it to Shockey Monkey for managed services and asset management:

DownloadIconTrans_thumb_3 Shockey Server Agent

ShockeyServer_Setup_v.1.0.2.exe
ShockeyServer_Setup_v.1.0.2.msi

 

Two builds are provided as .exe and .msi, you only need one. The .msi build is special because it can be used to roll out the software automatically using third party management tools.

ExchangeDefender Hosted Services

With more and more misconfigured mail servers generating junk rejections we felt it was time to discuss our official policy on realtime blacklists (RBL) and the extent to which we support them.

First of all, all Own Web Now Corp mail servers and every piece of mail leaving our network is scanned for SPAM, Viruses, malware and just about everything we scan inbound mail for we also scan outbound mail for. We do not allow open/blind relaying, we disinfect anything dangerous and take every precaution to keep dangerous content off the Internet. However, from time to time something may slip. Clients still get infected with viruses, clients still use weak passwords or their systems that open up their infrastructure to worms and mail blasts, stuff happens.

OWN Network Operations monitors network activity and RBL lookups 24/7/365 and if there is an item that slipped our post and made it into an RBL (it usually takes just one piece) we immediately quarantine the user and request removal. We monitor over 100 RBLs and immediately act to make sure none of your mail is returned or bounced.

However, as more and more mail server administrators lose control over their servers, they start implementing policies that affect the ability to deliver legitimate mail to them. Because some of the best RBLs are also commercial some users stoop to stealing DNS RBL zones, longer RBL lookup caching to avoid being rate-limited and kicked off the free service, or their mail servers simply have no resources to fight with the SPAM.

Because our servers act as a transparent stateful proxies, meaning that we deliver your mail on your behalf, if there is a time that we have to return the message you will see outbound.exchangedefender.com as the server providing information on why the message was returned. This does not mean that outbound.exchangedefender.com rejected your message, it is simply quoting the error it received from the remote server.

Own Web Now Corp does not have control of the remote servers, it usually does not have a relationship or contact information for neither the sending server (you) or the recipient (where you are sending mail) so we are unable to help with any rejections that happen outside of the generally accepted rules and protocols around mail delivery. If the mail server on the other side didn’t implement their RBL directives correctly, if they are overloaded, if they manually chose to program in a configuration to reject your mail or anything out of the normal course of server management – we can’t help.

If you are seeing sources that are not adhering to these generally accepted rules such as quoting why the IP was blocked or message returned, we recommend you remove outbound.exchangedefender.com from your smarthost configuration and route messages to them directly. If that fails as well, try to contact the mail server administrator if you can locate their contact information. If you are tech savvy, you can create an SMTP connector for a given address space and route mail for particular domains directly to their mail servers, bypassing ExchangeDefender outbound proxies completely.

Just to repeat, we constantly monitor network traffic and actively keep our servers off RBLs that you can find at www.dnsstuff.com. We do everything in our power to assure mail delivery but if the configuration change on the remote end specifically interferes with that delivery that is the place you need to contact and find a way to get mail from your network delivered to theirs.