ExchangeDefender 9 Going Live! July 28th
ExchangeDefender 9
ExchangeDefender is proud to announce that ExchangeDefender 9 will be exiting the beta stage next week and will be in production for all of our clients on Saturday, July 28th, 2018. We want to prepare our partners and clients for our rollout schedule so that everyone is ready to go for what we expect to be a very seamless and effortless transition. You can see the new version at https://admin8.exchangedefender.com and we have written about it extensively here.
ExchangeDefender 9 has been running with new infrastructure since August of 2017, new UI launched earlier in the Spring of 2018 and all the automation and functionality has been tested extensively.
To sum it up:
Brand new outbound network Brand new inbound network
All new infrastructure, network, switching and security workflows
Brand new user interface and user experience
Tons of new features
The best part of it all is that all the functionality that you already use is in the exact same place, behaving the exact same way, and yielding the exact same results. The magic is in everything around it – everything is faster, more accessible, more streamlined and has far more functionality and flexibility than before. Just as a minor example, the new user interface allows you to interact with ExchangeDefender the same way no matter whether you’re at your desktop or on your mobile phone – and you get the full feature set, not just limited mobile experience.
Rollout Schedule
ExchangeDefender infrastructure is already running on the new code and has for months. This piece of our network is under constant maintenance and monitoring and we’re certain about it’s performance. You will not see any changes here.
On Saturday, July 28th, 2018 we will switch https://admin.exchangedefender.com to the new version of the UI/UX. Users will begin to see changes nearly immediately starting with 9AM EST. There may be a period of about an hour during which some users will experience the new UI and old UI – our support desk will be available via phone, chat, Facebook, twitter and support portal at https://support.ownwebnow.com the entire weekend to handle any issues that may come up. End users will also have a direct link to us to resolve any issues so if you’re one of our partners and don’t have a 24/7 support line – consider it covered.
On Sunday, July 29th, 2018 we will conduct a routine maintenance crash test – intentionally taking down random sections of our platform in order to determine resilience. This test will be conducted at random times during the day and we do not expect it to interfere with any operations.
New documention, marketing and collateral will become available the week of July 23rd but most of it is already available at www.exchangedefender.com right now.
Thank you for your business!
Announcing New Network Operations Center (NOC) Look
ExchangeDefender is proud to announce the new look for our Network Operations Center (NOC) which includes new status pages, new blog, new look and yes – even more information you can pass on to your clients. The idea behind the redesign was to give end users and our non-IT partners a way to get an assessment of the network at a glance, a deep dive into technical issues, and to provide recent and historical service issues so that IT personnel in charge of our services can match up service problems with times that we had an issue or maintenance window.
Is there a problem?
This is generally the first question that a user will ask when they contact our partners for a service issue. And unless you follow us on Twitter @xdnoc, you probably need to check our NOC page. Here is the new look:
Our users will be able to look at the NOC page and immediately see the issue and take the next step.
What is the problem?
By the time there is an issue or the maintenance window is concluded, service notices are closed and aren’t visible to partners anymore. We had a lot of reasons for this but needless to say that it’s been one of the top complaints from our partners for years and it took us a while to figure out how to do this discretely and in a way that would be beneficial for everyone. Since support folks tend to either follow us on twitter (@xdnoc) or are living in our portal at support.ownwebnow.com, we wanted to put it in a location that would make it most actionable. You will notice quite a few changes to our support portal:
Now this screen will continue to change – but the idea is the same – if you resell or manage our products, I want you to know immediately upon logging in what the issue was and how it was resolved. You can then match up the timeline and work from there but you will get all the information in one, secure, compliant and process driven environment.
The point is – if you’re a lurker or just wondering, I want you to see if there is an issue at all. If you work with us, I want to arm you with all the information you can ever need and I want a support tech on my side to be available to you immediately to advise what to do.
Afterwards, you can read about the details on the NOC blog at www.exchangedefender.com/noc where we write up longer technical articles that nobody will ever read, but our partners find them extremely valuable because they aren’t written in technical jargon – they are meant to explain to your clients what happened, what we did, and what we’ll do next to make sure that issue doesn’t repeat.
ExchangeDefender’s New Support Groove
Psst. It’s time for better support.
ExchangeDefender has been working on a massive infrastructure upgrade and reengineering project since early 2017 and we’re happy to report that we’re providing better service and offerings than at any time in the past. Now we’re thrilled to announce the launch of our newest support portal that will converge email, chat and support ticket activity in a single, process-driven solution.
This means we will be able to help you better, faster, and in realtime. Tomorrow, June 1st, at noon… we will launch our new support UI:
Responsive User Interface
Our entire UI is now built on a responsive user interface that looks great no matter what device (desktop, browser, mobile, tablet) you use it from. No more smudged and unreadable fonts, no more zooming, panning and scrolling. Best of all, much faster and refresh-free UI!Fewer Clicks, Faster Access
Hate having to click 80 times to get to what you need? So do we – and most people access ExchangeDefender on a touch-enabled device these days! We listened and designed a new portal that gets you where you need to go faster.More Intuitive Design & User Experience
You no longer need a masters degree in CRM software to navigate around the platform, anyone can do it. No more scrolling through pages of text and form fields, everything you need it at your fingertips.
Friday, Friday, Friday… at noon!
As mentioned above, the new UI is designed to help real people, doing real work, in the real world – not just office power users on arcane hardware (don’t worry, we got shortcuts and powerups for you as well). In order to accomplish that, everything in the new interface is intuitive. Want to create a new ticket? Here is how:
Same behavior you have on the desktop is the same behavior you’ll have on your tablet and phone. Best part is, we are not taking anything away, just adding more useful content that is always at your fingertips. For example, take a look at the new ticket screen:
We have removed the clutter, emphasized the important announcements, improved page loading time, require far less scrolling and the elements you need will automatically load into view as you start a service support request.
You’ve probably seen paper after paper illustrating how much modern consumers rely on self-help and self-service sites rather than picking up the phone, sending an email or opening up a support request. With our integrated FAQ, smart answers and realtime resources (including chat) we will be able to help you with the routine and simple tasks without having to wait. Or scroll.
Working on a bunch of issues at once? Our system will now allow you to quickly access all of your tickets and see updates without opening a million tabs or scrolling for days.
We have added a bunch of new conveniences that allow for realtime results, automatic refresh and quick updates.
The big idea with the new portal is that many problems, projects, issues or inquiries can be handled much faster without having to switch from ticket to ticket, system to system, or screen to screen. Most of the service is simply acknowledging that the issue has been received, acknowledged, reviewed and assigned to the right person that can help right now.
If you’re used to the old way of doing things, and don’t look too closely, not much will change. It’s still all there, just much cleaner and simpler:
Working on tickets and on teams is now simpler than ever. We got rid of the old one-owner one-client one-issue model and can now easily add employees on this side that can help. Unlike the old days, the issue and responsibility doesn’t end at the point of assignment – everyone is still accountable to the client and now we can respond faster and work on an issue as a team.
You will notice that our ticket update screen has gotten a lot simpler as well. When you update tickets, you won’t see an entire page refresh either. There is a reason for that: We are moving towards full realtime portal – meaning we can start supporting users in a chat and reduce the amount of time wasted searching, navigating and waiting on the browser or page to load.
The false sense of cloud security: “I don’t need backups or archiving, we’re in the cloud.”
One of the most common misconceptions we get to deal with in the email business is the notion that the almighty cloud eliminates the need for backups, redundancy, compliance archiving, and disaster planning in general. Nothing could be further from the truth so please share this checklist with your clients and decision makers so they can make informed decisions about how much protection is needed for critical business data.
Now, let’s tear apart the myths we hear most often:
It’s in the cloud so it’s already backed up. You will not find a single cloud service provider that will offer their backup policies in explicit detail. This is not just a matter of secrecy (exposing the network and storage design) but also of implementation: some services just don’t have a backup only a lagged copy. Never, ever, assume that your cloud provider cares about your data more than you do, it’s no coincidence that the first thing you do with every service you sign up for is a mandatory acceptance of terms of service that you’ve likely never read. Your data is your sole responsibility.
It’s in the cloud and they say it’s there forever. Sometimes marketing gets falsely associated with the actual service deliverables: “You will never have to delete email to make space” doesn’t translate into “Your email will never disappear” – all major email providers have a well documented trail of losing clients mail, deleting their mailboxes “for policy violations” and otherwise shunning any responsibility.
It’s in the cloud so someone is actively managing it. Cloud service providers manage the cloud service, management of your personal data is often the secondary concern. That sounds harsh so allow me to elaborate the top down view: Imagine your service just crashed, massive catastrophe: What is your primary concern? Restoring access to service to send/receive email, or restoring clients data from 5 years ago? Now align those priorities with the budget: What is more important to the cloud provider: service operation or access to old data? Many services are even pushing for not keeping all of your data in the cloud at all, the notion of archive boxes and focused views is all about not having the responsibility for your data.
It’s in the cloud so it meets compliance. Your regulatory compliance requires assurance that data could not have been deleted. That kind of assurance only comes with services like ExchangeDefender Compliance Archiving which archives messages before anyone has a chance to tamper or delete the data. Furthermore, the backend system for an archiving or compliance solution is radically different because of the liability: companies that insure confidential data storage are far more concerned about redundancy, backups and data loss than they are about the uptime and service availability.
Now that the myths surrounding the false sense of cloud security are shattered, let’s look over a brief plan you need to implement to safeguard your data:
1. Document everyone with access to email.
2. Come up with a policy for adding/removing employee email.
3. Identify any regulatory compliance requirements.
4. Identify business case scenario requiring long term archiving.
5. Document who has access to what and how changes are tracked.
6. Come up with a data retention and data backup plans.
7. Understand the law and security, make neccessary adjustments.
8. Designate a Compliance Officer to manage everything.
9. Test your backups and compliance archiving routinely.
10. Periodically audit everything in the previous 9 steps.
Truth is, there are hundreds of steps in cloud security management for each of the 10 items I listed above: The goal isn’t to give you a blueprint, the goal is to make you aware of complexities and the issues that can come up when the basics are ignored. If you would like the details, give us a call, email is what we do for a living and (unfortunately) our expertise is developed over the years of cleaning up our clients neglect of their email infrastructure – let us and our partners know how we can help.
Achieving eDiscovery and Compliance Archiving requirements in 5 steps
Signing up for the Compliance Archiving service is the first step in reaching regulatory compliance when it comes to email retention and eDiscovery. The following five steps will put you on the right path of achieving and maintaining that compliance:
1.Understand what you need to keep and for how long.
Your regulatory/oversight body will provide details about how long you are required to hold on to your email. In our experience with Compliance Archiving, you also need to pay attention to the Statue of Limitations that your business may be liable for. Very often the discovery process for lawsuits includes legal hold requests and record requests that are longer than regulatory requirement.
2. Get the right product and implement it correctly.
Your compliance has to be all encompassing – all email must be archived. With ExchangeDefender Compliance Archiving all of your inbound, outbound, and interoffice email is collected, archived and protected in the cloud. You can search for any document at any time and be certain that it has not been tampered with and that no emails have been deleted – something that sets our eDiscovery/archiving apart from backup solutions.
3. Keep an eye on it to make sure it works
Just setting up a compliance archiving solution is not sufficient enough. there is no protection for technical negligence in regulations. You are expected to keep your mail server and everything connected to it secure. Penalties for data loss, compromised credentials, and data leakage are severe and are not a valid excuse for not having compliance.
4. Create Compliance Officer reports frequently.
Compliance Officer within your organization must create reports on a monthly basis to assure no confidential information is allowed to leave the organization. Some industries have an even more specific and severe restriction on the type of communication that can take place over email and what sort of information can be sent – compliance officers run eDiscovery reports to assure nothing confidential is being shared and address problems and exceptions routinely
5. Routinely audit the entire system to maintain compliance.
Organizations grow and change over time and remaining compliant with new regulations is key. ExchangeDefender Compliance Archiving service often sends out advisories, best practices, tips and suggestions to adjust your process because you are always expected to be in full compliance with the latest requirements. Every time you add a new employee or change your mail server configuration or new lines of business – compliance must extend to cover these new records that may be of interest to someone down the road.
“One of the biggest mistakes organizations make with regulatory compliance is thinking that it’s a service, product or a one-time effort: quite the opposite!”
Achieving regulatory compliance means implementing the right product, conducting routine audits, complying with changes in regulations and having full control of the environment where messages are stored as employees come and go.
In the event of an audit, you will be asked to produce record and you will be judged on your ability to provide specific records that are requested, not the best effort you made in trying to achieve compliance. Considering the fines and legal complications, it makes sense to revisit the five steps outlined here annually and make adjustments as necessary.
Looking for a way to spend less time on email/client support ?
Not growing as fast as you’d like, or spending too much time on email/client support? Hear our CEO’s thoughts on what is fueling our growth and how ESS is already playing a huge part in growth of managed services across our client base.
ExchangeDefender Become a Partner banner
New Service Manager
Our new Service Manager is now live, beta version is running on top of https://support.ownwebnow.com and after a brief period of testing, it will go live across every Shockey Monkey portal. It’s currently running in parallel with our legacy system so it doesn’t matter which one you use.
We’ll be doing a special walkthrough of the new system and discussing all the new features that you will start seeing as the new Shockey Monkey feature set makes it into the overall ExchangeDefender platform:
Service Manager Webinar
Wed, Apr 11, 2018 12:00 PM – 1:00 PM EDT
Click here to register
And since I’m on the subject of webinars… Please come and attend this one too – brand new ExchangeDefender UI (first in probably the last 7 years, rewritten from scratch) is coming this month!
ExchangeDefender 9
Wed, Apr 18, 2018 12:00 PM – 1:00 PM EDT
Click here to register
Hope to see you there.
-Vlad
CEO, ExchangeDefender
How to kill SPAM without using ExchangeDefender
65% of all emails sent are spam, what’s the solution?
At ExchangeDefender we kill SPAM for a living. We spend a ton of time and energy identifying, filtering, and destroying junk mail. If you’ve ever wondered how you could make your email experience better, even without the massive layered security that ExchangeDefender provides, these are the steps you could take today:
1. Configure strict SPF/DKIM DNS records
SPF and DKIM (DMARC) can help you protect your domain name from being used in SPAM mailbombs. Spammers will often use real email addresses and domains to send forged “spoofed” email messages and SPF/DKIM provide a mechanism for identifying which email server/platform you use. By setting up an SPF/DKIM you can tell places that are receiving email from your domain what to do if the message wasn’t actually sent from you. If your inbox is full of email bounces and non-delivery receipts, someone is using your email address to send junk mail and an SPF/DKIM record will practically eliminate bouncebacks.
2. Get rid of generic email aliases
At ExchangeDefender we manually process SPAM complaints from our customers – that’s how we train our system to eliminate messages that otherwise make it through because they are legitimate in every way we can automatically process them. The number one way to get a ton of annoying email that may be on the borderine between legitimate commercial mail and an unsolicited one: generic email aliases. If you get info@, sales@, admin@ or so on, you are painting a giant bullseye on your Inbox and practically begging to be spammed.
3. Unsubscribe from newsletters
I know, I know, everyone that has your email address supports CAN-SPAM , would never send you unsolicited mail, would never sell their client list… and even if you believe all those lies most of the time, people still get hacked. All the time! As do their ISPs and infrastructure along the way. If you want to reduce the amount of junk mail you deal with, simply reduce the number of places that have your email address. Simple!
4. Don’t click on everything in your Inbox
Sometimes SPAM gets through. Sometimes dangerous stuff from your friends and colleagues gets forwarded around. Sometimes your antivirus isn’t up to date. Sometimes the firewall virus protection is misconfigured our expired. Things happen: none are a good excuse for the simplest thing you can do: avoid clicking on anything in messages that look or seem suspicious.
5. Do not blindly whitelist major ISPs
The second biggest source of SPAM complaints at ExchangeDefender is actually completely self-inflicted: people whitelist major email providers and wonder why blatant junk mail keeps on “slipping through” as whitelisted. Go through your whitelist entries in Outlook, etc and make sure you aren’t whitelisting Gmail, Outlook, Yahoo, Verizon, AT&T, Hotmail or any of the widely used and abused email domains. Spammers know your email admin doesn’t want to deal with complaints about messages you’re getting from these platforms so they treat them more leniently – so spammers simply abuse them.
It’s really that simple – following these steps will cut your junk mail pile in half within a day. If you want to reduce it to less than 1%, ExchangeDefender is here for you for less than a buck a month or you can layer it and add more protection if you need it because time is money: but no amount of technology and automation can replace just a little bit of common sense.
Federal Trade Commission
CAN-SPAM Act: A Compliance Guide for Business
The official website of the Federal Trade Commission, protecting America’s consumers for over 100 years.
Client Support – Can’t someone else do it?
On February 1st, ExchangeDefender will officially start providing end user support for all email issues related to our platform. For our many partners and resellers this means that we will, under your name and brand, take and place calls and help your clients solve email problems. At no additional cost, across our entire Pro line of services: ExchangeDefender Pro, Exchange Pro, Compliance, and Encryption.
It just makes sense. Our entire service lifecycle is structured around ITIL, integrates into our partners support infrastructure seamlessly, is covered by our SOC1 and SOC2 audits, comes with advanced reporting, security/id, session and call recording… and a lot more that we cannot publicly disclose. But if you join me:
Wednesday, February 7th, Noon Eastern
Click here for the NDA & Instructions
This is going to be one of the denser webinars we’ve ever put together and the audience includes everyone from management down to helpdesk – what I have on deck is a layout of our service model, our scope, our escalation policies, our compliance protocol, authentication and validation service, etc. Consistency in this service is key so winging it or improvising isn’t an option.
-Vlad
P.S. I encourage you to check this thing out live. If you think this will be a service you offer down the road, this webinar (minus the Q&A) will be required viewing and the software will track attentiveness so if you even mildly care, I’d tune in or make someone at the office watch it.
Upcoming Service Changes
We have some cool new stuff going live before New Years that you need to be aware of. It’s been a very busy season for every elf in the workshop so we’re taking some time off after Christmas, please read below I promise it’s important.
Encryption
This service continues to be our focus as we bring up massive changes to UI across the product line and Compliance stuff in general for one simple reason – it’s in heaviest demand. If you aren’t building a business on it, we should talk. In the meantime, we have a huge facelift to the Encryption Notifications.
Now I don’t know about you but our old encrypted mail notifications looked more like a Nigerian Prince scam than legitimate business notifications. We now have beautiful HTML/txt email notifications for the entire notification chain and of course your colors and your logo will be front and center. After the ExchangeDefender UI upgrade is complete, this branding will be customizable down to the domain-level so that recipients can identify the organization directly instead of the MSP/VAR/reseller. Mobile looks pretty good too.
We have some new stuff happening with reporting, audit and log control that’s coming to the Compliance Officer section of ExchangeDefender launching in early 2018. If you have any feature requests, we’d love to hear them.
P.S. We know, we know, you want to send attachments through portal replies. It’s in the works. In the meantime, Web File Sharing does this stuff safely, securely and with a ton more compliance flexibility.
Fake / Vanity / Service Accounts
If you have fake, vanity, group, service, dog and generally non-person accounts in our support portal, they will be suspended next week.
We’ve announced this change several times this year and it’s going live next Wednesday. The reason is long and boring but it showed up in our numerous audits that looked at the our change control, service order and change mechanisms… and long story short, we nearly flunked it because you cannot have unidentified personnel change control of service records. Ooops.
Now I know, I know, I hear you… “But Vlad, business case scenario, my techs all need to see the upda..” – I know. And we have already solved that problem. If you have an engineering team that works as a group and all of them need to get updates when one person makes a change or request, we have a policy driven system in place to handle notifications. If you go to your company and edit company details you will see the following at the bottom:
Put any email, distribution list, PF address, etc there and every update, order, notification or (insert reason for having a vanity account) will be copied automatically. You can also check the box if you don’t want admin-level updates being sent to the group account. If you do, you will see a new checkbox on every ticket update (Admin CC) that will allow you to manually forward ticket updates for that specific ticket to your group.
Chat
While I have you on that page disabling vanity accounts (click on your profile and write down your PIN somewhere), we are going a step further in terms of support. As I mentioned on many webinars this year, our product and our service is going to get a lot more chatty and user-oriented. No, we’re not going direct or trying to cut you out of the food chain but the reality is that in order for us (and you) to be more valuable to our clients we need to communicate faster to our users when there are issues. Hence the changes to support, additional services for support handling, more features for notifications and upgrades to all the UIs and so on. One new addition that is already live is our public chat – it’s available on every page at ExchangeDefender.com in the lower right hand corner.
Tapping this button will launch a live chat and my entire company (myself included) is available on it and can be pulled in on demand. If you use your email address AND your PIN, my staff will be able to help you as if you were logged into the support system and opening a ticket. They won’t make service changes for you (see above about SOC1 & SOC2 audits) but everything else will be the same as opening a ticket.
Google Suite / Gmail Compliance Archiving..
Finally, yes we’re now providing Compliance Archiving for people on the Google business mail platform. We’ve tested and certified on the Google G Suite Business Solution ($10 and up, it should also work with the $5 one)
Reoccuring Invoices
Finally, a bit of a bugfix (with some additional functionality) that should help with billing. Many of you use our Shockey Monkey platform to manage accounts, users and to do reoccuring billing. After the system upgrade to PHP7 our infrastructure for reoccuring invoicing didn’t allow for changes to reoccuring invoices (oops) so we’ve had to go back and not just fix the issue but add more flexibility to it. Here is the new look:
The new Last Time Generated field allows you to reset the clock so to speak and rerun any invoices you may have skipped. This is very much a temporary fix but we’ve had a lot of good feedback from folks that aren’t on top of their billing that this new feature helps solve those problems so it’s staying. Lot’s of new stuff on the SM front in 2018.
2017
We hope you had a great one. For us, it’s been a rather arduous rebuilding year that has seen us make massive upgrades to our infrastructure, redesign of our data centers, upgrades to backoffice stuff, dropping a lot of vendors that weren’t up to the challenge and while I wouldn’t wish this kind of workload on any of you, I’m really in love with what we’ve been able to do this year and all the opportunities it now opens for us and for our partners. While losing some flexibility has certainly cost us some business, it has brought a lot of predictability and stability across the board. While outright replacing a lot of gear and subsystems was really painful, everything that we’ve redone has reduced our problems and issues to a nil. And while all of this has been rough at times, sticking with the process, standards, audits and the way we run the business has brought a new level of resilience and optimism that I haven’t seen here in a long time. I don’t recommend it, but the results are incredible.
With that, I’m confident that everything we have in the works now will make everyone we serve far better off in 2018. Next few years are going to be amazing as we bridge that gap between the old world of email, compliance and encryption with the new world of on-demand service and realtime communications.