ExchangeDefender URL Rewriting Tips
No matter how much money you waste on cyber training, someone, somewhere, innocently or intentionally, will eventually click on a link that can take your network down.
ExchangeDefender protects you from malware and phishing threats by rewriting web traffic through our security service called ExchangeDefender Phishing Firewall. The process is very simple, we analyze the email message as it goes through ExchangeDefender and rewrite the URLs so that when you click on them on your Outlook or phone you’re redirected to a site that your organization manages and that you can customize for your personal liking.
Remember, over 91% of cybercrime starts with a link in an email! ExchangeDefender helps stop that.
We also roll up OSINT and public reputation lists that give you an idea exactly what you are being directed to. We check if the site is known for spreading malware, if there is a recent incident report, if the site is brand new – and you can quickly decide to click on a button to proceed one time or you can add it to your safe list and then you’ll automatically get redirected to the real site.
Problems and Challenges
URL rewriting is an industry standard practice and almost all large mail service providers feature similar “safe links” technology.
As helpful as it is in disarming dangerous content, it can at times cause a support issue as well when the link gets broken or when the site gets wrongly listed for hosting dangerous content (hint: we don’t host anything, we just redirect the link). The process of delisting can take some time and sometimes misconfigured devices and services can cause additional problems. Just last week we dealt with an issue at Comcast/AT&T xFinity Business SecureEdge service and the only workaround is to turn that service off.
Workarounds and Quick Fixes
The quickest way to work around this is to ask the sender to email you at your bypass email address you create for this interaction. Simply go to https://bypass.exchangedefender.com and follow the directions from there.
Optionally, but as the last recourse only you can turn off the ExchangeDefender Phishing Firewall (see https://www.exchangedefender.com/docs/domain for instructions) but doing so also lowers the level of protection and support you’ll be getting from ExchangeDefender.
We have a week of client/partner development focus groups, March 6th-7th and if you’re interested please ping us at events@exchangedefender.com. What we’re currently beta testing are provider or domain redirection portals so that you’re not stuck sharing r.xdref.com or d.xdref.com with millions of your closest email neighbors. This way any problems with the site listings or DNS hijacking (in SecureEdge’s case) would be limited to your clients and it would be easier to pick out and mitigate any malicious reporting activity.
If you’re looking to make ExchangeDefender work better for you, please join us for the focus group. We’d love to help you protect your clients mail flow better.
Migrating from ExchangeDefender to M365
If you’re currently on ExchangeDefender (our Exchange or other email services) and migrating to M365 there are a few important steps to take to make sure everything is secure and mail moves appropriately to the new destination.
Step 1: If you’re leaving our Hosted Exchange platform
If you’re leaving our Exchange first you need to remove the domain from the Service Manager. Go to https://support.exchangedefender.com and after login click on Service Manager.
From there just select your Exchange organization and click on Delete.
You will be presented with a confirmation screen, follow the instructions and system will schedule your organization for removal from our Exchange network. Next, let’s take care of ExchangeDefender.
Step 2: Moving the ExchangeDefender pointer and MX records
When you setup your M365 Exchange service Microsoft will issue you an MX record that is typically formatted like this: DOMAIN.mail.protection.outlook.com
Go to https://admin.exchangedefender.com/domain-sp-login.php and login either as the domain administrator (userid: domain.com) or ExchangeDefender Service Provider (userid: sp) and proceed to Mail Delivery tab.
On the Mail Delivery tab you should set your mail server as “Office 365, Gmail, or multihomed MX record (3rd party MX record)” and provide your M365 MX record below.
Click Save and routing tables will be updated within the hour. In the meantime please follow these instructions to lock down your M365 tenant to only allow secure email delivery via ExchangeDefender this step is required or mail will not be delivered!
This process takes only a few minutes but it’s absolutely crucial.
That’s all you need to properly deliver mail to M365 via ExchangeDefender. If you’re not interested in securing your mail flow and protecting your M365 instance from malware & phishing you can always delete all the domains and references from ExchangeDefender.
If you run into any issues please open a support request at https://support.exchangedefender.com with the M365 MX record and M365 admin credentials and we’ll take care of the process for you.
Thank you for trusting us to secure your email.
ExchangeDefender User Security Best Practices Webinar
Every month we get a ton of new ExchangeDefender users. We work harder than others to keep you safe — and we want to get you up to speed with all the unique security benefits you get with ExchangeDefender and how to best take advantage of them.
The webinar is not overly technical AND it’s a great opportunity to get any questions you may have answered by the very people that manage ExchangeDefender. Here is what we will cover:
– How to spot and manage phishing attacks
– Importance of strong passwords
– Why you need MFA/OTP and how it works
– What to do when messages bounce
– What to do when your email is down
– How to lock down ExchangeDefender
– How to deal with spoofing and identity theft
Attacks on IT are only getting more efficient and sophisticated with each passing day – and ExchangeDefender is here to help you stay secure and adopt the best practices of our most successful partners and clients.
* First webinar in series, we will post recordings in our portal on March 1, 2023 after all the live sessions have been recorded & edited.
Register for the webinar here: https://register.gotowebinar.com/register/457089402282191197
ExchangeDefender Security Best Practices
Friday, January 27th, 2023 11:30 AM EST
Security Best Practices
It’s the New Year and it’s time to beef up your security policies.
In this 30 minute webinar we will cover the basics of securing your email. From management to direct use-case scenarios, we’ll show you how to avoid getting hacked.
This is the first in the series of training webinars that we will be conducting in 2023 as we are seeing more demand for special solutions from our partners and clients alike. These days everything is tied to email, from login to purchase receipts, and we are going to show you how to handle and secure everything in between (newsletters, email automation, compliance, auditing).
Webinars will be recorded and available in our library.
Have email-related questions? Advanced configuration questions? Get your answers LIVE in the webinar on Friday, January 27th, 2023 — absolutely free!
ExchangeDefender MFA Service Upgrades
ExchangeDefender has beefed up our MFA (multi-factor authentication aka 2FA / OTP) service with addition of new vendors and a wider reach.
Setting up MFA involves either installing an authenticator app or authorizing us to send you a text message. When you login to our service the system will expect you to provide the 6 digit code that will only* be known to your trusted device. Essentially, it keeps people who only know your username and password out of your account.
While we would prefer a more secure and reliable model in which our clients rely on MFA authenticator apps over the less secure SMS, we understand that is not a practical solution everywhere and absolutely every needs this second layer of authentication when accessing mission critical systems such as email and file sharing.
As you may remember, we had an issue with SMS MFA before Christmas and thanks to some heavy lifting by our team over the holidays the new SMS infrastructure is truly global, scalable – and will be delivered by multiple providers for better redundancy (eliminating the 10DLC compliance issues).
With the retirement of ExchangeDefender Essentials and all the compromises it required, you will be seeing a flurry of new security features in the ExchangeDefender Email Security service. First of many will be the access restrictions and the ability to restrict access to ExchangeDefender services based on location, time, etc. The attacks on email infrastructure are only getting more numerous and more sophisticated by the day and traditional (or cheap) security methods are no longer viable in 2023 and certainly not beyond. We look forward to continuing the best email security money can buy and we thank you all in advance for trusting us with your email.
Tis’ the season to save your MSP business money
We’ve set the email world on fire with ExchangeDefender Inbox, it is officially our most popular service. Hardly a surprise, given how it saves people $ on IT and email at a time when almost everyone is looking to make the most out of their budget. Or as one of our clients put it:
“This Inbox business is giving me a second life for Christmas – I’ve contacted everyone that said no to Office365 in the past year and I’m winning them!”
IT Tech Consulting
With that in mind, here are top 5 ways to illustrate how ExchangeDefender Inbox is a great way to control IT costs
Low cost
It’s a no brainer, $3 for Inbox with ExchangeDefender security included is a lot less than the average $20+ most M365 clients are spending.
No “up front” pre payment
Almost everyone quotes a low monthly price – but only if you pay up front, for 12 months, right now. ExchangeDefender Inbox is a month-to-month service and you can cancel it at any time.
No additional software licensing $$$
With big business email comes big business spending since big platforms come with poor security, no backups (read the TOS/AUP people!), and management UI + tools change all the time. With ExchangeDefender Inbox your only external cost is your annual domain registration.
Lower support & deployment costs
ExchangeDefender Inbox integrates with your existing infrastructure so there is no DNS work, no onboarding, no extensive training. You’ll never have to deal with permissions, distribution group memberships, Public Folders issues – not to mention that power users are largely going to more powerful cloud offerings for cloud and collaboration so why are you spending your IT budget in a slow 90s app?
No client software licensing costs
You won’t have to go to the app store for us nor do you need an entire office suite for retail, manufacturing, farm, students, or any role that comes with an iPad. Just open the default mail app that comes for free on your device, enter your credentials, and you’re done!
Fun fact
We’re not even half way through December and you’ve made ExchangeDefender Inbox our #1 service. We cannot thank you enough for that and we hope you’re excited about the roadmap we shared in our recent webinar.
Now is the time to talk to your clients about ExchangeDefender Inbox. If the IT budget is tight, we’re the solution you need to talk about right now. Don’t be surprised you’re not getting much interest for expensive email – everyone is pitching it and clients have already said no to it for a myriad of reasons. For those that are looking to get lean, to be more secure while spending far less, Inbox is the way.
Looking for marketing collateral? Great! (Download the brochure) for Inbox today!
Top 5 ways Inbox can save you from an email disaster
We developed ExchangeDefender Inbox to save the day: In our large M365 practice we’re responsible for a ton of users and when there is a problem we have to solve it. We built Inbox as a way to mitigate the biggest M365 problems and we’ve delivered an affordable and secure way to keep email working. Here are the top five ways people are relying on ExchangeDefender Inbox every day:
1. During Outages
If M365 goes down, your ability to send and receive mail goes with it. While this is not a frequent occurence (once of twice a year so far), when it does happen it’s extremely expensive. With ExchangeDefender Inbox you just have to open a web browser and continue where you left off.
2. Working around problems
While total outages are not frequent, email issues are nearly constant. Email bounces, weird errors, missing attachments, service suspensions, billing problems – not a day goes by without some sort of an issue. With Inbox you can rely on bypass to work around bounces and you have a separate platform that is not affected by configuration or administrative work.
3. BYOD + Mobile workforce
Most of the modern workforce doesn’t sit behind top of the line PC with a ton of ram – we’re seeing more work done on mobile devices, tablets, even Chromebooks. If you want a near turnkey email operation for users you don’t want to have access to your M365 side, ExchangeDefender Inbox is a far more affordable and efficient solution (plus it works out the box with no software to purchase)
4. Permanent mailbox
Let’s face it, most mailboxes are used to store alerts, notifications, and SPAM. ExchangeDefender Inbox enables you to move those mailboxes and not flood your shared mailboxes, logs, and tenant with non-actionable email. If your device or browser is constantly timing out and you have multiple mailboxes open, ExchangeDefender Inbox will make them all move smoother.
5. Configuration problems
We saved the best for last. Every day security vendors are publishing new ways to fight fraud, and email systems require extensive upkeep. If you’re innundated with issues related to email delivery – “I never got their email, they never got my email, why was this one delayed / deleted” – try using our response: “Did you check the ExchangeDefender Inbox?” Fact is, most email delivery issues are minor and tend to resolve themselves automatically but if you run a business you can hardly afford to wait: Inbox to the rescue.
Go for ExchangeDefender Inbox, visit www.exchangedefender.com/INBOX
ExchangeDefender Inbox is rapidly becoming our #1 service and we’d love to hear how you’re using it. If you have any feedback please send us an email at inbox@exchangedefender.com and we’ll put in a good word with Santa about getting you some ExchangeDefender swag.
ExchangeDefender: Out with the old, in with the new
Long time no see, Vlad here with some good news among all the doom and gloom. We’re keeping our pricing the same in ’23 and we’re introducing a new service that will help you save $ in the new year.
Introducing Inbox
ExchangeDefender Inbox is an affordable email cloud service that helps you reduce your Office / M365 or Google email bills. Same domain, same email address/domain, and it works with every modern OS and mobile device. Designed to be reliable, secure, and affordable!
In a software world where everyone is seemingly raising prices, our team has been given an IKEA-like task to build an email platform that can scale, that can meet compliance and security requirements, and most importantly – still fit a budget. What we’ve built is a hybrid email service that ties into Microsoft and Google email services and allows you to offload the appropriate mailboxes onto our more affordable network (~$3/month/user).
As companies grow their reliance on email grows and their bill grows faster than their employee base because suddenly all sorts of devices, services, contractors, and vendors start requiring email access. Costs, maintenance, and management quickly spiral out of control. Inbox fixes that.
What’s so special about it?
ExchangeDefender Inbox is a secure, standards-based email service that is simple to configure with all modern operating systems and mobile devices. What makes Inbox special is the infrastructure that synchronizes your organization at ExchangeDefender and your organization that is hosted at Microsoft or Google. The email domain is the same, the email address is the same, <b>but the cost can be over 90% less than what you’re paying now.
The beauty of Inbox is its integration and simplicity. No DNS changes, no software installations or upgrades or upkeep, no long-term contracts. The entire platform is fully automated, keeping the address books on both sides in sync and enabling the users and services to operate as if they were all on the same network.
If your clients are asking you for proposals to help them save money in ’23, Inbox is the right tool for that job. Since we’ve launched it the Inbox service has been very popular with legal, medical, construction and seasonal-work franchises. We’re finding that most organizations that introduce Inbox to their service end up moving all the non-essential & non-executive users to Inbox and only leave the executives and in-house talent that requires all the M365/G-Suite functionality on the enterprise platform.
Sales pitch is surprisingly simple: if you only need to send around email we’re the more appropriate tool for the job and we’ll save you a ton of money.
Out with the old: Essentials
While we aren’t raising prices in 2022/2023, we are discontinuing some products at the end of the year. Those products are ExchangeDefender Essentials, SMS Proxy, Wrkoo Password Vault.
ExchangeDefender Essentials is a service that’s simply past it’s prime and in our opinion no longer delivers the level of security that is needed to protect an average email user. Majority of the email-borne threats are more related to phishing and malware attacks than they are to UCE, SPAM, and known viruses.
On January 1st, 2023 ExchangeDefender Essentials and ExchangeDefender Pro accounts will be reported on your invoices under the new SKU, ExchangeDefender Email Security.
What’s the difference between LiveArchive and Inbox?
Recently we blogged about ExchangeDefender Project: Inbox and we got a good amount of interest in the beta and just as many questions. We wanted to address the biggest one: What’s the difference between LiveArchive and this Inbox.
The biggest difference is that Inbox is intended to be used as a primary user mailbox, while LiveArchive is meant as a failover for a user whose mailbox is elsewhere (Exchange, M365, Gmail, etc)
Vlad Mazek, CEO of ExchangeDefender
LiveArchive is a great service to rely on when something goes wrong – Inbox on the other hand is meant to be used all the time. LiveArchive is solely a web mail service – Inbox enables you to connect Outlook or mobile devices to it. LiveArchive is a separate web service to which users usually forget credentials or only login when things go down – Inbox is integrated in the admin app and is accessible one click away from the SPAM Quarantines that our users access daily.
They are both great solutions to different IT challenges: LiveArchive for when things go wrong, Inbox for everyday email use. Inbox has one other massive advantage to it that we’ll announce later this fall.
We expect to offer both with ExchangeDefender Pro to reduce support traffic (clients mail tracking requests caused by mail server issues: “It’s in the Inbox”) and because everything in IT can fail and it’s always prudent to have a failover/backup with LiveArchive.
Introducing ExchangeDefender Inbox
Cybersecurity tops the list of IT concerns and spending, with email still being the most popular service with users and hackers alike: over 90% of compromises start with an email. If that sounds familiar you’ve undoubtedly had to deal with new email authorization standards, user training, troubleshooting mail flow, trying to figure out why email to or from certain people is bouncing, reconciling it all with new IT trends, cyber-insurance requirements, marketing. In a nutshell, email security is still a challenge and users just want something that works.
We’ve reimagined what the email security should look like in 2022 and we cannot wait to show it off:
ExchangeDefender Inbox Webinar
Wed, Sep 28, Noon EST
https://attendee.gotowebinar.com/register/1111619875721771023
We hope you can join us for the webinar and see just how we’ve integrated all the ExchangeDefender security and productivity services to give users a single panel of glass to make email work for them even when they have issues with email. Can’t wait till next Wednesday? Shoot us a ticket at support.exchangedefender.com and ask us to enable it for you today!
ExchangeDefender Inbox combines over two decades of email security experience with the modern, mobile-first world of countless email issues. It enables our clients to get things done with email security and work through all the issues without involving IT. Users want a quick and reliable email platform that just works – work around SPAM filters, around SPF/DKIM policies, around bounces – all while leveraging email encryption to protect sensitive data. The service has been enormously popular with our enterprise clients and now we’re bringing it to all ExchangeDefender users – see you next Wednesday!