ExchangeDefender Policy Engine Bugfix

We recently started receiving complaints about certain users not having their SPAM and SURESPAM filtering policies applied correctly. For example, user would select to quarantine their SPAM and delete their SURESPAM but mail would still arrive in the inbox with the subject modified as [SPAM] or [SURESPAM].

As of 10 AM EST this bug has been fixed. If you have your mail set to quarantine on either of the SPAM presets the rules will be applied correctly. If that does not happen consistently and correctly please open up a support ticket at https://support.ownwebnow.com

Note: The issue was related to the legacy network policy server not syncronizing filtering rule tables in correct order. It would treat its local database as the most up-to-date one and would never apply the newer policies. This issue has been fixed.

Addressing recent increase in PDF SPAM

As you may have noticed over the last few days, there has been a huge increase in PDF SPAM. This spam is generally identified as a single message, with attached PDF containing JPEG image SPAM. This pattern easilly bypasses most appliances that have no ability to handle the processing power needed to decode images, much less those encoded inside a PDF file. Not that we’re gloating, but there are only 24 hours in a day and its not enough to talk about how different ExchangeDefender behavior is compared to RandomSpamApplianceFromTaiwan.

At the moment, there are also several unique characteristics to these images:

• they are all 7bit encoded.
• they all use a single useragent associated with the Mozilla Thurderbird mail software.
• they are all blank messages with no text in the body.
• the attachment matches the filename mentioned in the subject.
• pdf file is a legitimate PDF file with no publishing information except for a single JPEG

Based on all that its relatively trivial to trap these messages, however, we expect the pattern to continue and to escalate into making these messages seem more legitimate. While these PDFs are not dangerous in nature they can be annoying and your users should be warned to never open any attachments from contacts they do not trust/know.

As always, thank you for your business and we’ll keep your mail clean for you.

ExchangeDefender gets tougher on NDR and Backscatter

Over the past year we have seen a steady increase in NDR traffic. We’ve done something about it previously but have since gotten far more aggressive on it to the point that virtually every fake bounce will be automatically quarantined.

It’s important to understand the motivation behind the spoofing and massive NDRs they produce. There are two ways in which spammers abuse the NDR system: one is to steal identity and the other is to diminish the confidence in the SPAM filtering solution. The first is quite easy, they want to use a legitimate sender address so that the remote servers will accept the mail. To combat this you can easilly enable SPF/SenderID on your domain and never worry about it. The second is a little more involved/contrived and involves systematically taking apart the ability of the “installed” SPAM filtering solution to adequately sort out mail. Most installed SPAM filtering solutions (the ones you install on your server) and appliances alike (that are devices on your network) build reputation models based on how often legitimate mail comes from certain addresses and IP blocks. They also build local bayesian databases that index known SPAM and non-SPAM; As such, by flooding the server with mail from all over the place those databases the reputation scores become increasingly less reliable – a process more commonly known as poisoning.

So what are we doing and how does it benefit you? Assuming you are using our outbound servers to relay messages, your messages will contain special tracking that will match up what we have in our internal databases. If an NDR is received with that tracking in tact, the message is allowed through. If the NDR is received without that tracking that means that the message didn’t come from you, from your server, that it was spoofed – and it adequately goes into the SPAM quarantine where you’ll likely let it die.

ExchangeDefender Conference Call: April 19 & 20

Dear Partners, Customers, Friends,

We are holding a conference call next Thursday and Friday to discuss the new services offered by ExchangeDefender. Major areas of discussion will focus the new Live Archive feature (simultaneous Exchange & secure webmail delivery with 7 days trailing archive) and ExchangeDefender Agent (desktop alerts so you don’t have to wait for daily email reports). As this will conclude the rollout of major v3 feature sets I will also briefly describe the upcoming changes of the stuff that’s out there and little incremental features we expect to be delivering during Spring & Summer 2007.

Two conference calls, same content, not mandatory, recorded:
April 19 – Thursday – 7PM EST (23  – 24 GMT)
April 20 – Friday – 9AM EST (13 – 14 GMT)

Conference dialin number and access code:
Conference Dial-in Number: (605) 990-0400
Participant Access Code: 684592#

No registration necessary, not confidential information, attendance is not required.

ExchangeDefender for Service Providers (Video)

Earlier last week we completed the beta of ExchangeDefender for Service Providers and many of our partners have been working on customizing their portals and adding new accounts. So far the feedback has been awesome, we’ve gotten a lot of suggestions for the product enhancement that we’ll be announcing soon. I (Vlad Mazek) have unfortunately been under the weather for the past week so I have not had a chance to share with you just what these new Service Provider features bring. Allow me to do so now, here is a demo video in Flash or Windows Media format:

Check out these videos demonstrating ExchangeDefender SP:

ExchangeDefender for Service Providers (wmv)

ExchangeDefender for Service Providers (flash)

These new admin panel interfaces present our first sign of committment to the service provider partnerships we have formed over the years in that we’re allowing you to completely rebrand the service to match your corporate identity. We are actively seeking feedback on additional reporting and auditing requirements so we may add more intelligence to how you manage your customers SMTP security. We cannot repeat this enough: we are out to create the most comprehensive SMTP security solution without the traditional complexity these systems, including ExchangeDefender, have had in the past. Talk to you soon at our next partner conference call!

-Vlad Mazek, MCSE
CEO, Own Web Now Corp, CEO

ExchangeDefender v3 Released – Video Tour & Guide

ExchangeDefender v3 has replaced the old ExchangeDefender v2. This release is a big source of pride for us is that the interface guidance was given by actual ExchangeDefender users who wanted to be more efficient as they go through the mail. We’ve managed to simplify the interface even further to really make security management as seamless as possible.

Don’t believe me? Check out this video: ExchangeDefender v3 Video Tour (5 minutes)

Once you’re done watching the video, get the guide/manual. You won’t need it, ExchangeDefender v3 is way too easy to use but some people like to hold paper and we understand.

Thanks to all that made this release possible, in particular three folks outside OWN that worked very hard to bring you this thing: Rich Walkup, Judy Schmidt and Pablo Averbuj. It is absolutely amazing when your own customers take the time to improve the product because they like what it does and want it to work better: and to that end thanks to all the customers for all the feedback, guidance and testing. Thank you for helping us get to this point.

What’s next? Well, MSP stuff this week, agents hit next week, Live Archive feature (which is absolutely revolutionize how you think about SMB messaging continuity) and more all coming online over the course of the next month or so. The goal behind ExchangeDefender v3 is ambitious – we aim to be the most feature-packed easy-to-use, over-hyphenated mail security service out there!

ExchangeDefender for MSPs Conf Call

First of all thank you all for testing ExchangeDefender v3. We have received a ton of feedback which we look forward to integrating into the product very rapidly. After all, that is why we took such a long time to redesign the service – to make it more responsive to both security and business needs.

Tomorrow (Thursday, March 22, 2007) the new ExchangeDefender v3 interface will become the default interface for all ExchangeDefender users, administrators and managers. Attached is a PDF guide that you are welcome to distribute to your users and system administrators. If you would like to brand it you are more than welcome to download the Microsoft Word 2007 document from here and apply your own themes and branding:

PDF: http://www.ownwebnow.com/downloads/ExchangeDefender-v3-Guide.pdf
Word: http://www.ownwebnow.com/downloads/ExchangeDefenderGuide.docx

Additionally, we have two conference calls this week targeted specifically at our resellers, MSPs and system administrators. Even though ExchangeDefender is easily the most widely used SMTP security software for managed service providers, the v2 version of it was not very MSP friendly. As a result ExchangeDefender v3 was designed from the ground up with MSP plugs and APIs. I would like to invite you to the two conference calls I will be holding this week to both invite you to our MSP beta control panels (official launch March 30th) and discuss just where we are heading with MSPs in the coming year. These calls are happening tomorrow and Friday, to register please go here:

Registration URL:
http://www.ownwebnow.com/launch.asp
Event 1: Thursday, Mar 22 — 23:00 – 24:00 GMT (4PM – 5PM PST, 7PM – 8PM EST)
Event 2: Friday, Mar 23 — 14:00 – 15:00 GMT (9AM – 10AM EST)

I hope to see you there. Both events are optional and represent our efforts to work closer with our partners and provide the information and support you have asked for. V3 is just the first step.

ExchangeDefender v3 Goes Live at http://v3.exchangedefender.com

Better late than never; I know I told you to expect this last week but it took us several days to think up a clever URL:

ExchangeDefender v3:

http://v3.exchangedefender.com

The site functions and looks very much like the current v2. There are more features, certain features actually work and the entire framework integrates into the overhaul that ExchangeDefender went through in the November – January timeframe. Please pardon the caps:

THIS SITE USES LIVE DATA.

The purpose of the site is to give you an idea of the new look, new features, new direction we are taking with the product. I hope you can take a moment to take a look at the site, tell us what you like, what you don’t like, and what you want more of. We have rewritten much of the stuff from scratch to provide for realtime updates across our global network and that will allow us to provide applications that both users, administrators and managed service providers are asking for.

The official and only place to ask questions and provide v3 feedback are the Own Web Now forums; To register for the forums please go to: http://www.ownwebnow.com/forums and click on register. Email support@ownwebnow.com the username you selected during the registration and they will approve you.

The code is live, working and functional. We expect this to replace the current control panels by the middle of next week. Expect emails from me with documentation, kb site, videos, and so on over the next week or so.

Conference Day

Remember that today is the big ExchangeDefender v3 Conference Day. We’ll have four phone conference sessions for partners and customers to ask questions and provide feedback on what you’d like to see ExchangeDefender. We’ll be sharing our roadmap for the next year and the new direction that ExchangeDefender will be going in.

Event 2: 14:00 – 15:00 GMT (9AM – 10AM EST)
Event 3: 17:00 – 18:00 GMT (Noon – 1PM EST)
Event 4: 23:00 – 24:00 GMT (4PM – 5PM PST, 7PM – 8PM EST)
Event 1: 6:00 – 7:00 GMT (1AM – 2AM EST), Wednesday, March 7th

You should have received an invitation along with the conference phone numbers and access codes. If you have not received an invitation please contact us directly for access.

Update on the v3 announcement by tomorrow after we discuss it with our partners and customers.