logo XD
logo Antler

ExchangeDefender

ExchangeDefender

We have been closely monitoring the Antispam engine since the upgrade took place on Tuesday and so far the performance is quite impressive. We are blocking more messages than ever before and the false positive ratio has gone down as well. What that means is that ExchangeDefender classifies far less legitimate messages as SPAM incorrectly once in every 800,000 messages processed.

Our SPAM training will now resume, please accept our apologies if you happened to receive more SPAM than usual over the last few days. ExchangeDefender uses automated processes to classify messages as SPAM or legitimate mail based on hundreds of thousands of rules, sender reputation, message contents and more. No message is ever screened by a human being. We do monitor honeypots (our mailboxes placed on the Internet for the sole purpose of collecting junk mail) and build message filters accordingly, so if you wish to help by anything that ended up in your inbox that looks like SPAM, forward it to spam@ownwebnow.com (if you can also include the headers that would help a lot as well)

We have already built a set of rules for SPAM that has been emerging lately, mostly Regions Bank forgeries, graffiti.net scatter, Treasury Department Circular 230 and the massive amounts of URI SPAM being distributed through Google – google.com, google.co.uk, google.co.tw and more.

“I am still receiving far too much SPAM”

First, “too much SPAM” is a relative term. If your message has been online since 1993 and is on every mailing list available, you are likely receiving thousands and thousands of messages a day. If a few slip through it is simply due to the volume of mail sent to you – SPAM arrives to you before it does to us, there is no rule to filter for it, and the message gets delivered as legitimate. As the SPAM becomes more prevalent, it starts getting blocked by ExchangeDefender. If you would like to help us filter it faster, forward the message to spam@ownwebnow.com

Second, we only guarantee SPAM filtering efficiency of 99.99% if you have IP restrictions in place. If you are accepting messages from anyone that connects to your mail server than you take ExchangeDefender out of the mail flow and we are unable to protect you. Please ask your system administrator to enforce the IP restrictions and other helpful deployment strategies described at ExchangeDefender Support.

Finally, there is a difference between SPAM and the SPAM you subscribed to. If you subscribed to many stock newsletters, mailing lists, etc, we will not consider them for a SPAM rule. These are legitimate messages and you should address the issues with the sender, not with ExchangeDefender. If that is absolutely beyond consideration, contact your system administrator and request that they put the senders domain (Constant Contact, MarketWatch, Yahoo Finance, Wall Street Journal, etc) on your domain blacklist.

“How much SPAM is too much SPAM?”

On average, a small business organization (5-30 people) receives approximately 20-50,000 messages a day. Of that ExchangeDefender automatically discards roughly 70% just on the sender reputation, multiple blacklists, address book exploits, address harvesting, etc. Of the remaining messages, SPAM tends to compromise 10% and SureSPAM traditionally takes between 80 and 90% of messages, depending on whether there are viruses or worms being spread at the moment.

Overall, ExchangeDefender keeps 96-98% of inbound mail from your mailbox. That means that the combination of legitimate mail and SPAM that is falsely classified as legitimate, accounts for 4-2% of all mail. It is normal to receive a few messages a day, for some of the older addresses and generic addresses (info@, sales@, contact@, bob@) it can be towards a dozen. Anything more than that gets investigated. Anything below that, honestly, is within the fault tolerance of the filters. Remember that these are not screened out by a third party or a live human being, and that these cannot be guaranteed in any way because there is no way to predict what is SPAM before it actually gets sent enough times. SPAM filtering and Virus filtering are not the same thing and the protection does not work the same way. For example, if we blindly filtered every “Viagra” reference no legitimate email containing that word would ever pass through. Same for word fragments, say we filtered every instance of “ass” as SPAM? How many words in the English language contain the letters “ass” in them? Pass? Class? 

Thank you for your business, thank you for your patience with the new engine rollout and we hope this blog post helps explain how the SPAM filtering works and how we can all get rid of more SPAM.

ExchangeDefender

Several questions have come up in our support portal regarding automatic software rollout of ExchangeDefender SPAM Monitor we released earlier today.

The simplest way to roll out ExchangeDefender SPAM Monitor on a managed network is through Active Directory technology called IntelliMirror, standard in Windows XP, Windows Server 2000-2008 and Windows Vista. The following page describes the basics of the Windows Installer service that can be used to roll out the software package. The process of automatically rolling software out is a complex one and is beyond this article, please contact a trained professional if this is the route you choose. We hope you can understand that we cannot support you on the basics of network management from both legal and confidentiality aspects.

There are several ways to automatically configure the ExchangeDefender SPAM Monitor service for your users, as well as update the configuration from a central location. ExchangeDefender SPAM Monitor uses the following registry hive:

HKEY_CURRENT_USER\Software\OWN\ED

There are three string keys: email, password and suspended. Suspended can be set to True or False, in order for the software to function completely the value should be set to False. Software can be automatically configured without users knowledge by including the .reg file with the cab files mentioned above and the appropriate values for the email and password keys.

ExchangeDefender

ExchangeDefender SPAM Monitor 1.0.2 is an optional upgrade for the customers that encountered instability issues with the original release. The original software did not handle 404 errors very elegantly, leading the monitor software to crash if the Internet connection was not available or wifi software launched after the monitoring service did. If you are affected by this issue, ExchangeDefender SPAM Monitor 1.0.2 is for you, if the current release is running without problems the other minor bugfixes may not be worth the download (major fix for multiple email accounts):

DownloadIconTrans

 

ExchangeDefender SPAM Monitor 1.0.2

 

 

Note: Due to popular demand we have also released .cab/.msi files as a part of the package for automatic deployment via Active Directory, Kaseya and other popular management tools.

ExchangeDefender

Our new antispam engine will be launching on Tuesday, January 15th. We have been investigating a number of SPAM patterns over the past few weeks and really building up the techology to fight what we believe is becoming the dominant strain of junk that bypasses virtually all SPAM gateways.

We don’t expect any issues with the new engine as it has been under beta test with our larger clients since Jan 1st.

ExchangeDefender Hosted Services

January 2nd, when it falls on a weekday, is the worst day of the year to send email on. From business perspective, it’s the first day of the calendar year so everyone is back and probably from more than just a few days off, some even two weeks off. From the technical side, this is also the first day of the year that IT admins come back to work, doing the tasks they do to keep the systems working, usually catching up on a few days of missed maintenance tasks.

Every year the SPAM problem gets worse. On January 2nd not only are you going to be fighting maintenance intervals that didn’t take place but also people coming back from work and catching up to days of piled up emails, where catching up means sending out even more mail. Most email servers out there are overloaded with just the SPAM problem alone, compounding a few days of email correspondence on top of it will make today the least likely day for your email message to be delivered and read.

So if you have a newsletter, a really important note, a critical deadline to meet or an important contact that you absolutely have to reach… email is not your friend on January 2nd.

Of note, ExchangeDefender is currently performing at 43% capacity (10 AM EST, -5:00 GMT)

ExchangeDefender

MyspammonToday we proudy introduce yet another way for users to conveniently get rid of Junk Mail and still have it all stored just a mouse click away, on a network far far away. ExchangeDefender Spam Monitor is a piece of .NET 2.0 software that runs on your computer and pops up a small bubble notification letting you know how much SPAM is waiting for you. If you ignore it, it goes away in seconds, if you click on it the browser pops up and logs you right into your account so you can quickly review your SPAM and go about your day.

SPAM Monitor runs as a standalone application and consumes just 74kb of memory. Double clicking on the icon brings up the configuration window that allows you to enter your ExchangeDefender email address and password. Right clicking on the icon gives you an option to suspend the agent or View Spam. Suspending the agent stops it from checking the web site and displaying hourly message counts while View Spam menu option launches the browser and gives the user access to their account.

Spamcap

The agent was designed to assist users that needed a realtime, accountable way to get to their SPAM without waiting for email reports, but who didn’t want to create desktop shortcuts. We also hope this allows our resellers to support their customers in a more efficient way – “Do you see the orange box with the X on it in the lower right hand corner? Right click and select View SPAM.”

We hope this makes Howard Cunningham happy

To download SPAM Monitor please click here.

ExchangeDefender

On December 16th, 2007 we will be releasing a massive update to the ExchangeDefender policy server, to account for a number of rather unpleasant bugs that have come up as a result of changes from 2.x to 3.0 and 3.1.

Because this is a large scale upgrade with lots of changes under the hood, there may be some temporary downtime while we roll the new system out. This downtime is only going to affect the web site https://admin.exchangedefender.com but mail will continue to flow and no other systems will experience issues. We expect the outages to last a few seconds at most as we reload one system after another.

We chose to announce this on the corporate blog instead of the Network Operations site because some of these bugs have been inconveniencing many of our users and we wanted to let you know that this bulk of updates addresses all the issues that have been brought up in our portal. Specific changelog will be posted at a later date.

This release will not have any new features and the new feature releases will resume on Jan 2, 2008. We have used the past two months to correct all the outstanding issues in the system, from nagging bugs to poor documentation, and I believe you will be very pleased with the results starting next Monday.

ExchangeDefender

We have folks at Own Web Now that do nothing but troubleshoot ExchangeDefender delivery issues all day long and we figured we’d share in the fun. This is the first draft of the document titled Troubleshooting ExchangeDefender Delivery and is meant to help the jr administrators master the art of troubleshooting SMTP.  

Download: Troubleshooting ExchangeDefender Delivery (PDF)

Covered in the document are steps to troubleshoot inbound and outbound delivery, server configuration, IP restrictions and even how to help remote senders find out where the issue may be. I have been working hard on designing a troubleshooting portal (to send sample messages, check RBLs, etc) but we thought putting the whole best practices process on paper would be very helpful an save a few trouble tickets in the process.

Take a look at it, hope you enjoy it. Feedback is always appreciated.

ExchangeDefender

Please be advised that we’re upgrading ExchangeDefender’s SQL Server backends throughout this week.

No services will be interrupted, however, you may see slight delays at times (from a few minutes to potentially 20–30 minutes if you are on a low bandwidth solution).

We expect this routine maintenance to be completed by Wednesday evening, EST.

Service work completed. We will do one final pass on Satuday evening, October 13, starting at 8 PM and ending at Midnight but all major work has been completed.

ExchangeDefender

Last month we announced full ExchangeDefender integration with MSP packages such as Connectwise and Autotask. However, the data those suites “report” is superficial at best and we have been working since to improve the reporting “eye-candy” provided by ExchangeDefender. After all, executives respond to pretty charts and we’re looking for a way to allow you to embed these onto your own web site – letting your customers see them as a part of your own suite!

But, for the time being, we are working on it hard. Here is what you can produce today: 

Executivespamreports

This is available on demand via service provider control panel and shows you the past 30 days of ExchangeDefender performance. There are four important sections. The top section breaks down the mail flow by day. We have taken your feedback and have changed the chart type to “stacked” so that the message float appears as a pile of messages. I agree that it more clearly illustrates the problem we solve, the tip of it is the actual messages that your employees would actually be reading. The second section lists the totals for SPAM, SureSPAM, Total Mail and Real Mail as well as the percentage of real messages that got through to your users. The percentage numbers are staggering, when even after discarding up to 96% of inbound mail as a virus, trojan, malware, confirmed bulk mail or known spammer piece and you still receive a single digit number out of that tiny amount of mail.. wow. Third section is for our international users that actually pay  for bandwidth. The chart identifies how much of your bandwidth went to SPAM and SureSPAM that you never would have to see. Again, totals look ridiculous.

Finally, and perhaps most importantly, the three discussion points:

Your domain vlad.net received 7,543 messages, which excludes directory harvesting attacks, denial of service attacks, known spammers, from senders on multiple blacklists. This total usually represents less than 20% of messages your mail server would have to process if you did not have VladDefender.

Your domain vlad.net received 6,507 SPAM messages, which your employees did not have to read/delete accounting for at least 3.615 hours of saved productivity*.

Your domain vlad.net received only 4,074 Kb out of 23,235 Kb that was sent to it, reducing bandwidth utilization and increasing server availability. *

We felt it was important to have an executive summary under all the graps, tables and data. While it is unusual to have an executive summary at the bottom of the report, we felt that the graphs provided such a huge visual impact that the summary up top would just have taken away from it.

What’s next?

That is totally up to you.

The goal for ExchangeDefender in 2007 has been to become more MSP friendly. 100% of the features and specifications have been driven by the MSP feedback and we continue to develop the software you are asking us for. We aim to continue.

So, take your best shot. What would make this more valuable?

One thing we are working for is embeddable statistics that you can include in your web pages or customers web pages. Remember that these graps are both animated and interactive – as well as VERY fast to generate. We feel it is crucial to present this data in a convenient and interactive form in addition to the monthly executive meeting and printed reports you may already be providing. This extends to our other products as well, these “gadgets” can play a huge part in your IT presence at your customers site and we want to make them as available and as accessible as we can.