ExchangeDefender 2019 Best Practices – What worked?
2019 has been a challenging, yet rewarding year for ExchangeDefender with the development, and full release of brand-new UI upgrades (Support and Admin), along with 20+ new features to maximize our profitable service portfolio.
Our CEO Vlad Mazek will be leading an informative discussion about the most successful strategies in 2019. We’ve covered a lot about our strategy and it’s been refreshing to see so much adoption of the new services.
- New ways that our partners are finding a way to win with ExchangeDefender,
- Opportunities to protect and serve clients on Office 365/AWS/Google, and the new services we’re bringing out of beta in 2020.
Join us on Monday, December 23rd at Noon Est for our final webinar of the year. We’d love to share with you what we’ve learned, as our partners have grown their business to larger corporate contracts. 2019 was a year of progress and learning, and we’ve received a ton of experience with direct clients and would love to share our success strategies that you should be taking advantage of as well.
How to Protect Yourself from Domain Spoofing and Phishing with ExchangeDefender
At ExchangeDefender we want you to be safe online. One of the biggest and best steps you can take towards that goal is to both protect your domain from being “spoofed” (forged by a spammer) and to block any such forgeries from arriving into your mailbox.
About Spoofing
Spammers and hackers routinely abuse domains that do not have a SPF or DKIM record. They configure their email software to use your domain name for a SPAM campaign or to launch sophisticated phishing attacks. If you’ve ever received an email from yourself, or from a forged government or corporate entity, you’ve been a victim of spoofing. If you’ve ever received thousands of rejections and delivery receipts for messages you never sent, you’ve been a victim of spoofing. Because so many domain owners do not take responsibility for their DNS configuration, this is the most widely abused mechanism.
Good news is, ExchangeDefender can help protect you from these attacks and brand misuse through implementation of SPF, DKIM, and our corporate policies.
SPF (Sender Policy Framework)
ExchangeDefender uses SPF to verify that the email is coming from a source that your organization trusts to send messages. This is typically your email server, our email server, and sometimes a business application (like a hosted CRM) that sends email using your domain name. All others get rejected as forgeries.
How do you setup your SPF record? Simply go to wherever your domain name is hosted (your name server) and add this TXT field to your zone. You may need assistance from your ISP, domain registrar, or whoever is actually running your name servers. If you don’t know who that is, or they are too difficult to use, ExchangeDefender will host your domain free of charge. The TXT record will not have a hostname and the value should be set to the following:
Hostname:
Record type: TXT
Value: v=spf1 include:proxy.exchangedefender.com -all
DKIM (Domain Keys)
ExchangeDefender uses DKIM to validate automated digital signatures. We also sign messages for all customers that rely on ExchangeDefender to send outbound mail (pretty much everyone). This is a 2 step process similar to SPF.
Step 1: Request public key
Go to https://support.ownwebnow.com and open a ticket requesting signatures of your outbound mail. Please specify which domains you wish to sign because each domain must have its own set of keys.
Step 2: Create a DKIM public record
Go to wherever your DNS is hosted and just like in SPF, create a DKIM record:
Hostname: default._domainkey
Record type: TXT
Value: v=DKIM1; k=rsa; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0SXzBGHoJcBVKyNEntvTiMtoSIH4uiuY6i5hzF47
A2eYb4pB/gtsHpP1vpDgzZvwVLz65nQwnm4wvSFsarKwCyWYyvGwPvBd9+v2Jcrk5dsfHioUDZo5oSvbRY
+e8AD7eo42A/pYdgZxL9KRyZbMsCtHJrAqvYB6LZP0SFVvkYQIDAQAB
Important: This is just an example. You will need to use your own public key generated in Step 1 and provided by us. Also, the value of the TXT record has to be on the same line, if there are any line breaks (if you copy it from an email or web page) please remove them.
Step 3: Update the ticket with us to test deployment
After the DNS record has been created for your domain, we will validate it and if configuration is valid we will start signing your outbound messages going through ExchangeDefender.
After the DNS record has been created for your domain, we will validate it and if configuration is valid we will start signing your outbound messages going through ExchangeDefender.
ExchangeDefender Policy
While we encourage all of our clients to implement both SPF and DKIM, we understand that there are sometimes business scenario cases under which this is impossible. If you find yourself in this predicament you should immediately change where your name servers are hosted and take full control of your organizations identity online. But if that is still something you may not be able to do, ExchangeDefender can still protect you from phishing attacks and spoofing launched using your own domain name. If you’ve ever received email from yourself or from a colleague (but the email actually came from a server in Poland) then this setting will help you.
Go to https://admin.exchangedefender.com and login as the domain administrator (username is your domain name).
Click on Security Settings > Phishing
Under “Flag External Emails” click on Enable and then Save.
After this setting is applied, all messages from your domain that were sent from outside of the ExchangeDefender network will go into the SureSPAM quarantine. Just tell users not to trust, whitelist, or release messages that are coming from your own domain because they are certainly not legitimate.Note: This is the option of last resort and will not stop hackers or spammers from abusing your domain for phishing, spamming, or hacking. However, it will stop those messages from arriving directly into your users mailbox. If you already have a valid SPF record (with -all, not ~all) and DKIM in production, this setting is not necessary as ExchangeDefender will automatically reject messages that fail SPF/DKIM validation.
If you have any questions or concerns about ExchangeDefender and implementation of SPF, DKIM, or phishing policies please feel free to contact us.
Upcoming Work: Outbound Network Upgrade
We will be moving new outbound infrastructure into production. The new infrastructure will be used as the platform to provide ExchangeDefender NextGen services.Our outbound network is massively redundant and there will be no outages. If you are currently scoping to individual servers, please remember that we do not support that configuration and that you must use outbound(-jr, -xd, -corporate, -auth).exchangedefender.com as your smarthost.
Time:
Wednesday & Thursday
October 23-24, 2019
10PM – 2AM EST
Impact:
No impact on SLA or performance
Scope:
Outbound network Dallas
Outbound network Los AngelesServices affected:
outbound, outbound-jr, outbound-corporate, outbound-auth
Description of work:
Migration of mail queues to new infrastructure, announcing new servers from the outbound IP ranges.
ExchangeDefender: Expanding Security Portfolio
Our last webinar announced our strategy for expanding the level of protection we offer to our ExchangeDefender users that goes far beyond just email. Our three-pronged approach will now include software, services, and training. We are best known for our email security service “ExchangeDefender” but as the email threats escalate in frequency and evolve in complexity, it is time to add a software component.
Over the past decade we have been developing Wrkoo (codename: “Shockey Monkey”), a business management solution centered around helpdesk and service delivery. As that product has grown to better manage accountability and task tracking, it became a perfect solution for us to use to help our ExchangeDefender users be more secure. Specifically, ExchangeDefender knows about your preferences and security policies – Wrkoo has the capabilities to help your entire organization work better together to create a more secure environment. You will see this distinction and the advantage in action later this week when we announce the Password Vault.
Our implementation is very simple and straight-forward. Every ExchangeDefender Pro protected organization will get it’s own Wrkoo portal (ex: https://exchangedefendercom.wrkoo.com) absolutely free of charge. All the users in ExchangeDefender will automatically be added to the Wrkoo portal and same login credentials will work on both sites.
As we add business-level features that help improve user security, they will be available via https://admin.exchangedefender.com portal under the Shortcuts dropdown (same place you find your Web File Server, LiveArchive, ComplianceArchive, Encryption, etc) as well as via direct login to the Wrkoo portal. This will help our clients quickly navigate between their files, passwords, archives, and all other services.
ExchangeDefender admin portal has been designed from the standpoint of email security and corporate policy enforcement and it is very quick, efficient, and easy to use. Once you look at securing your business beyond just SPAM filtering, things get complex and importance shifts to communication, training, and overall awareness. These are the areas that Wrkoo shines at through its calendars, tasks, tickets/cases/issues, knowledge base, and the ability to help the entire organization communicate and be on the same page. It really is a perfect medium to help everyone in your business manage their information in a more secure and practical user -friendly way.
Our mission remains the same: to keep you safe online. As the threats evolve and management of compliance, reporting, audits, and training becomes more complicated – our solution is there to help you scale and address those issues without spending more money. ExchangeDefender and Wrkoo are here to make that possible.
ExchangeDefender Invoices Got A Makeover!
We have listened to our partners and decided to redesign our invoicing system so it works better for our partners. One of the many benefits of having both Wrkoo and ExchangeDefender teams working together, (more details in our next webinar on September 10th, 2019) is that we can take great ideas from all sorts of businesses and adapt them to serve our IT partners better. Specifically, new ExchangeDefender invoices will be grouped by client:
This will give you a clear indication of how many services each client is subscribed to, what type, amount, etc. For deeper dives by your CPA, you can filter and group by service and client so you can get exactly what you’re looking for (by default everything is sorted alphabetically, by the client):
And for the full details, just tap the title:
We’ll shortly be adding the ability to move services around, adjust titles, and for even more functionality as well as branding options you will have the ability to customize literally everything in your own Wrkoo portal.
Wrkoo and ExchangeDefender teams have been rolling out new features, listening to our partners needs, and you’re going to start seeing a lot of new features that result from that one-of-a-kind collaborative effort.
The best news though – as this is just a taste of what is coming – you’ll have to tune into our webinar on September 10th at NOON EDT. Trust us, you’re going to love what we’ve got coming!
Managing ExchangeDefender Automatic Account Enrollment
ExchangeDefender recently launched the Automatic Account Provisioning system that replaces our old ExchangeDefender XDSync. The new system automatically finds email addresses that are sending out messages and sends a welcome message to provision the account – the CIO/MSP get a report with a summary of changes and essentially automates the entire process.
For compliance purposes we’re making it super easy to keep track of this process and we’re even providing some tools to help manage accidental activation – for licensing purposes if the email address sends emails out it’s considered a billable user (only inbound aliases/distribution groups/contacts are free)
As a CIO/Service Provider
If the email address was provisioned through the automation process, you will see an icon A next to the email address in your portal. To manage the accounts you’ll have to hop down to the Domain Administrator.
As a Domain Administrator
Domain Admin control panel at https://admin.exchangedefender.com gives you more granular controls over Automatic Account Provisioning. Under the Accounts section you will find the same A icon next to the accounts that were provisioned automatically.
If these accounts were provisioned by mistake and these are not valid users, you can Block them. Blocking an account does two things: it removes the user from the block list so it doesn’t continue to get provisioned after it is deleted and it blocks messages from that user / device / service from relaying mail.
To find users that were blocked from automatic activation (in case that address becomes a regular mailbox/sender in the future) you can click on the Blocked Addresses tab:
Reporting and activity regarding accounts is still in the same place for both admin levels under the Accounts menu. Accounts that were provisioned through automation will show that they were created by ExchangeDefender Automation, and Blocked Addresses will show the name of the admin that blocked them.
What about deletions? What about turning this system off entirely?
We’re working on it – stay tuned! We’re obviously curious why anyone would want this turned off so if you have a legitimate reason (other than it makes it difficult to cheat on licensing) please let us know. If you have a legitimate use for a service/device to relay mail out, you can always configure it with a free IoT account in ExchangeDefender.
We are also currently working on automatic deletions (based on usage patterns) that will be configurable on a per-domain policy. For example, you’ll have the ability to deactivate accounts that have not sent out any email in 3 months.
ExchangeDefender Account Provisioning Live
As noted nearly two months ago, ExchangeDefender is starting Automated ExchangeDefender Provisioning. In the long, long ago when everyone ran their own Exchange servers, ExchangeDefender offered XDSync to automate creation of ExchangeDefender users as soon as they were added to the Active Directory.
Fast forward to 2019: Few people still run their own Active Directory and most users are now on cloud-based email services that don’t use Active Directory. This puts a burden on our CIO/MSP/IT personnel that has to manage users manually – so we solved that problem with ExchangeDefender. Here is the user experience.
Automated Provisioning – User Experience
When ExchangeDefender detects a new email address from your domain sending outbound mail, it will automatically provision the account for you. This way nobody has to deal with the account management and maintenance, nor do they have to filter and audit the list as local accounts, distribution groups, etc do not send out external emails anyhow. If they do, from the licensing standpoint, it’s treated as a user. When we detect a new user, they get this email:
The email contains branding and contact information of an MSP if the client is managed by an MSP. Otherwise, only the domain administrator and ExchangeDefender basic contact info is provided.
At this point, the user is added and configured for ExchangeDefender services according to the domain defaults the IT department configured for this domain.
Clicking on the “Complete Enrollment” button takes the user to the website to setup basic settings. This part is actually VERY cool and something our clients have been begging for – something that shows the user how to actually use the product.
The enrollment wizard is only 2 steps long and gets the essential settings that 99% of users change.
Setup your password, tell us what to do with SPAM, tell us what time you want the email report (if enabled by CIO/MSP/IT) and that’s it – user is done. We’re also working on additional customization/templating of the welcome emails which should be launching later this year.
Password Security Policy Enforcement & Enhancements
Over the past year we’ve been introducing enterprise security measures to help protect our clients from an increasing volume of attacks. Email is the single most abused gateway for email threats – with 91% of corporate breaches starting through email – and it’s only getting worse.
If you’ve used Yahoo, MySpace, or hundreds of popular free web sites (go to https://haveibeenpwned.com/ to see how/who exposed your data) your credentials and other information is available on the web. Hackers are using these passwords and personal information to guess their way into other sites that haven’t been breached – so if you use the same or similar password (or only change the site id, or one number or letter to make it different) then you’re making it very simple for hackers to get into your account.
And we get it. Dealing with security, passwords, and locking down online services is time consuming. But as the company whose main purpose and mission is to keep you secure – we want to help save you time and make it easier for you to be secure.
For the details on all the stuff we’ve got coming in September, we’d like to invite you to our webinar:
ExchangeDefender Security Upgrade
Tuesday, September 10th, 2019
https://attendee.gotowebinar.com/register/6898777257651237900
In the meantime, we’re going to help our partners and clients not make things “stupid easy” for hackers – by globally resetting ExchangeDefender passwords that are older than 1 year. We’ll do this on September 1st, in a very minimally intrusive way, and for those that don’t use ExchangeDefender on the daily basis (and mainly just release SPAM from quarantines) the password change won’t affect them.
Using an OTP/2FA or VPN services or all the free features that are built into ExchangeDefender to keep you secure is obviously our preferred way but as we’ve noted – the realities of SMB concern for IT security – so we need to try something else. We really hope our partners and clients can take the time to attend the September Webinar, as we believe the stuff we’ve built will help lock down your organization and make security manageable again.
ExchangeDefender Phishing Firewall (EPF): Scary Truth behind Phishing
ExchangeDefender Phishing Firewall has been a huge success in it’s initial roll out and I wanted to take a moment to bring you up to speed on our progress and our end goal: to eliminate phishing and spear phishing as a threat to our clients. I do not intend to mince words here, this is the #1 threat out there – 90% of all compromises and breeches start with a phishing email. Stopping it, as an email security company, is our #1 job and I’m happy to report that initial results are stunning.
Little bit of a rewind: Until now the most popular way to fight phishing and spear phishing was through “education” – there is an entire cottage industry of supposed “phishing education”, testing, refreshers – and it all revolves around training people to hover over links in Outlook, what not to click, what to read. It will not surprise you that such “training” is practically worthless, but they say that a picture is worth a thousand words so here is our phishing book:
In the 48 hours following 4th of July weekend in United States, dangerous links in the email were clicked on over 770,000 times.
Without ExchangeDefender Phishing Firewall, these links would have redirected our clients to dangerous sites that likely would have lead to a compromise or a security breach. So much for training.
What’s even more telling is that, even with our firewall in place, 164,000 people decided to proceed to a dangerous site anyhow.
If more than 1 out of 5 clicks in your email will take you somewhere dangerous, how well is your training performing?
With ExchangeDefender Phishing Firewall we are enabling companies to setup policies, restrict access, provide intelligence as the user clicks — and we provide logging giving you an idea who attempted to trash your organizations network.
The scary truth behind phishing is that training is only useful in blatantly apparent cases – the kind that will NEVER even get to your inbox. Our SPAM filtering detects dangerous email content and filters it out before it has a chance to get to your Inbox. The stuff that we can flag as dangerous – thanks to user reporting, audits, and look-ahead scanning is far more sophisticated than anything we could pack into a SPAM filter – and it gives your users real intelligence on what they are about to click on. You cannot expect users to remember all their training and to be a web security analyst – their job is acting on the email.
Our job, is making sure the emails get to them clean and free of dangerous malware. Once they click on the links in the email – we are going one step ahead – and leveraging our industry relationships (data feeds and infosec sharing of dangerous content) to make sure you know exactly what you’re clicking on.
Phishing is immensely profitable and far more effective than any other form of hacking – the user literally clicks and gives the hacker the keys to the network – and our ExchangeDefender Phishing Firewall helps remove the danger and reduces phishing to merely an annoyance.
The numbers speak for themselves.
Sincerely,
Vlad Mazek
CEO
ExchangeDefender
ExchangeDefender Phishing Firewall – Report Issue
ExchangeDefender Phishing Firewall continues to impress in terms of performance and user engagement – it’s catching dangerous content and keeping users safe from phishing attacks that often result in security compromises and breaches. Phishing accounts for over 90% of IT compromises, and as we’ve written before more than 1 out of 5 links our clients click on have lead them somewhere dangerous. With those numbers it’s clear to see why hackers are relying on phishing as the first and most effective form of attack – people will click on anything!!! And as intrusive as EPF seems to some (thank you for your feedback), our development team has been working overtime since the launch to make ExchangeDefender Phishing Firewall out of the way when it should be, and in your face when something dangerous shows up.
The goal of ExchangeDefender Phishing Firewall is to keep you safe from potentially dangerous sites and out of the way the rest of the time. You can keep up with our Dev fixes over at https://www.anythingdown.com and keep sending us your feedback. We love to hear it and we love improving the service so it can help keep you and your business safe. We also like to hear what you want us to add to the service that would make it more valuable. One such piece of feedback helped build a “Report Issue” feature:
If you click on something that you don’t recognize and you can’t tell what it is – DO NOT CLICK ON THE LINK – we are here for you. Our security concierge will open the link in an isolated virtual environment and see what kind of data is being sent back-and-forth. You will get a response, generally within minutes, with either a thumbs up or thumbs down. How cool is that?
Keep the suggestions coming, we love making ExchangeDefender Phishing Firewall the key part of your defense from phishing.