How to access ExchangeDefender Raw Email Logs
ExchangeDefender has been holding Service Provider (MSP/VAR) Focus Group meetings this week and we’re beyond excited to hear what we can build to make your and your clients lives easier with ExchangeDefender.
One of the most common pieces of feedback from the *Service Provider crowd so far has to do with log access and particularly low-level log access that can give further insight into problems and message routing.
Allow us to introduce you to Raw SMTP Mail Logs which will give our partners direct access to the low-level SMTP transaction and error logs. It’s located in the same location where you currently have service provider logs at admin.exchangedefender.com
In addition to the live search which will give you an interactive access to our logs, you can see the button to Download raw logs.
Set your search criteria (at the very least a domain name and the direction of the search: inbound/outbound) and click on the button.
Logs will get pulled from all our services and will be available for download within 24 hours. Don’t let the boilerplate distract you, almost all of our clients will get their logs within the hour.
From there you can load the logs into your favorite analytics tool and dig for the errors and problems in the mail flow.
P.S. If you’re interested in contributing to our Service Provider Focus Groups please let us know!
Q: What is the difference between “Download raw logs” and “Download .csv”?
A: .csv export will save the current search results in a .csv file that can be used with Excel and other spreadsheet products. Search logs include to/from/subject/date/score/status only and are great for centralized analysis of messages that ExchangeDefender processed. By comparison, raw logs include SMTP protocol-level transactions/errors/notices that can help diagnose delivery and routing errors. So – .csv for Excel view for business analytics, raw log SMTP transactions for technical troubleshooting.
ExchangeDefender Phishing Firewall is Live!
As mentioned previously our new ExchangeDefender Phishing Firewall went live in production at noon EST today (March 3rd, 2023) and is already rewriting URLs unique to service provider that manages the domain.
A little bit about the technology
URL / link rewriting is an industry standard used by biggest email providers to rewrite potentially dangerous URLs. When the user clicks on the link they are redirected to a Phishing Firewall site instead of the direct web site address that was in the email. The phishing firewall looks at all the domain policies, allow/block lists, exceptions, and determines if the user should be allowed to proceed to the web site.
When the messages arrive into your organization, instead of https://www.yahoo.com the URL is rewritten to something like https://exchangedefender.xdref.com/url=hash. These masked URLs are only visible to our clients, when they reply to an email the outbound network reverses the process. Outbound network replaces https://exchangedefender.xdref.com/url=hashwith the original URL.
This technology eliminates the possibility that a random hacker can deliver a payload that is one click away from the user. Additionally, it gives the user the ability to check the site reputation, check for viruses, and clearly see the URL they are going (instead of a squashed little tooltip with a 200+ character URL). Essentially, we study how people get hacked with phishing and try to eliminate those issues.
All the sites and services are fully encrypted and partners/clients do not need to worry about certificate renewals, site mappings, etc – everything is automatic and done for you. Set it and forget it just keep an eye on the logs.
Going Forward
As of March 3rd, 2023 all the URLs will be rewritten using service providers id. Main benefit of this upgrade is that it reduces the scope and likelihood that the URL gets inadvertently reported or picked up by another security service that may deem xdref.com to be a masking site for dangerous content.
Additionally, you can configure your firewall to only accept unapproved URLs after a hop through <yourspid>.xdref.com. It also gives you full visibility into everything that happens with the URL, who clicks on it, where they go, etc which is something we do for our clients to address cybersecurity compromise and trace back how it happened (very lucrative service for partners that may be interested in deploying that level of protection.
ExchangeDefender Phishing Firewall Update
Starting in March 2023, ExchangeDefender Phishing Firewall will get a more advanced and more customizable experience.
Instead of using r.xdref.com or d.xdref.com domains in URL rewriting we will be using the service provider ID as a part of the URL, for example:
https://exchangedefender.xdref.com
As you know we introduced the ExchangeDefender Phishing Firewall to protect our clients from direct security compromises (clients being sent phishing emails) and indirect reputation issues (spammers and hackers proxying/bouncing traffic on domains that don’t correctly setup SPF/DKIM). By now the URL rewriting tech is a common industry standard used by almost all major email providers to apply clients security requirements for links in emails.
We know that nearly all security compromises start with email and being able to redirect the client to a warning page & policy enforcement engine has saved countless clients from getting compromised over the years. However, just as with all things email it’s been a challenge with other providers. URLs can be maliciously submitted, misused, cracked, and in some circumstances the ISPs have hijacked the DNS of the redirection page.
To help our clients and partners reduce the risk of this, in 2023 we’re delivering more customization and flexibility to a lot of the centralized technology we’ve used over the years. It’s a double-edged sword: new domains and hostnames take time to build up a sender reputation AND a ton of mail or misconfigured network equipment can sometimes falsely flag traffic as an attack. Our hope is that with the ability to break ExchangeDefender out into smaller modules that you can host in your own cloud or elsewhere on a public cloud will help our clients fine tune their security requirements.
Just to give you an example: We have a government client on ExchangeDefender who has a strict list of approved web sites their team can visit. Their IT manages their network and web proxies but just like any other organization they get 2FA emails, password reset links, esignature requests, links to invoices, etc. By putting ExchangeDefender Phishing Firewall in front they can sandbox unapproved links (https://theirid.xdref.com/) and police, audit, and review traffic from the cloud without it ever having a chance to compromise their network and tech. It’s the same approach used by the ExchangeDefender Inbox – hackers aren’t going to stop trying to compromise you via email so it’s really just a choice between spending time on the cleanup after getting hacked or managing the threat proactively so it doesn’t cause a problem.
Whichever route you find yourself in your cybersecurity journey, we appreciate you trusting ExchangeDefender to secure your mail flow. Huge thanks to our partner and client base for giving us a ton of feedback/ideas and helping us protect your email better.
New Release: ExchangeDefender Inbox M365 Hybrid Solution
Huge and most demanded feature from our community has finally shipped.
No more PowerShell. No manual steps. It’s all automated.
When you create a mailbox on ExchangeDefender Inbox the service creates your users M365 account, enables mail forwarding, maps the email addresses correctly, updates routing and signing.
Anyone can manage Inbox with far fewer IT skills than are needed for the most basic of M365 deployments!
We’re seeing ExchangeDefender Inbox mailboxes used in companies with high turnover, in companies that are trying to save money (Inbox could save over $300 / employee every year!), for mailboxes that get a ton of traffic but are mostly for logging (necessary but rarely ever logged in), temps, external users that need email at that domain but shouldn’t be given an entire M365 license or be exposed to all the data you have on your M365.
So.. if you’ve been keeping your own Exchange server barely alive just for these types of use case that M365 isn’t ideal for (or worth the $), let’s have a call and save some of your IT budget!
How easy is it?
Login to your ExchangeDefender Inbox admin account and choose a tenant to create a user.
ExchangeDefender Inbox does all the heavy lifting under the hood instantly. Using a combination of Remote PowerShell, Microsoft Graph, and Microsoft’s API for Exchange/M365 we’re able to create the user, setup forwarding, update address books on both sides and keep everything in sync. The admin doesn’t have to deal with any of that, they just see that it’s done:
That’s all it takes to create a mailbox and share the domain with a M365 tenant in hybrid mode. Everyone is on the same domain, everyone has the same format email address, it’s practically the same thing but saves your organization up to 95% every month.
Everything on the backend is tracked and kept in compliance. Best part – we do not use delete statements anywhere so you never have to worry about ExchangeDefender Inbox creating problems and issues at M365.
Try Inbox today for free! Login to your ExchangeDefender Admin account to get started.
ExchangeDefender URL Rewriting Tips
No matter how much money you waste on cyber training, someone, somewhere, innocently or intentionally, will eventually click on a link that can take your network down.
ExchangeDefender protects you from malware and phishing threats by rewriting web traffic through our security service called ExchangeDefender Phishing Firewall. The process is very simple, we analyze the email message as it goes through ExchangeDefender and rewrite the URLs so that when you click on them on your Outlook or phone you’re redirected to a site that your organization manages and that you can customize for your personal liking.
Remember, over 91% of cybercrime starts with a link in an email! ExchangeDefender helps stop that.
We also roll up OSINT and public reputation lists that give you an idea exactly what you are being directed to. We check if the site is known for spreading malware, if there is a recent incident report, if the site is brand new – and you can quickly decide to click on a button to proceed one time or you can add it to your safe list and then you’ll automatically get redirected to the real site.
Problems and Challenges
URL rewriting is an industry standard practice and almost all large mail service providers feature similar “safe links” technology.
As helpful as it is in disarming dangerous content, it can at times cause a support issue as well when the link gets broken or when the site gets wrongly listed for hosting dangerous content (hint: we don’t host anything, we just redirect the link). The process of delisting can take some time and sometimes misconfigured devices and services can cause additional problems. Just last week we dealt with an issue at Comcast/AT&T xFinity Business SecureEdge service and the only workaround is to turn that service off.
Workarounds and Quick Fixes
The quickest way to work around this is to ask the sender to email you at your bypass email address you create for this interaction. Simply go to https://bypass.exchangedefender.com and follow the directions from there.
Optionally, but as the last recourse only you can turn off the ExchangeDefender Phishing Firewall (see https://www.exchangedefender.com/docs/domain for instructions) but doing so also lowers the level of protection and support you’ll be getting from ExchangeDefender.
We have a week of client/partner development focus groups, March 6th-7th and if you’re interested please ping us at events@exchangedefender.com. What we’re currently beta testing are provider or domain redirection portals so that you’re not stuck sharing r.xdref.com or d.xdref.com with millions of your closest email neighbors. This way any problems with the site listings or DNS hijacking (in SecureEdge’s case) would be limited to your clients and it would be easier to pick out and mitigate any malicious reporting activity.
If you’re looking to make ExchangeDefender work better for you, please join us for the focus group. We’d love to help you protect your clients mail flow better.
Migrating from ExchangeDefender to M365
If you’re currently on ExchangeDefender (our Exchange or other email services) and migrating to M365 there are a few important steps to take to make sure everything is secure and mail moves appropriately to the new destination.
Step 1: If you’re leaving our Hosted Exchange platform
If you’re leaving our Exchange first you need to remove the domain from the Service Manager. Go to https://support.exchangedefender.com and after login click on Service Manager.
From there just select your Exchange organization and click on Delete.
You will be presented with a confirmation screen, follow the instructions and system will schedule your organization for removal from our Exchange network. Next, let’s take care of ExchangeDefender.
Step 2: Moving the ExchangeDefender pointer and MX records
When you setup your M365 Exchange service Microsoft will issue you an MX record that is typically formatted like this: DOMAIN.mail.protection.outlook.com
Go to https://admin.exchangedefender.com/domain-sp-login.php and login either as the domain administrator (userid: domain.com) or ExchangeDefender Service Provider (userid: sp) and proceed to Mail Delivery tab.
On the Mail Delivery tab you should set your mail server as “Office 365, Gmail, or multihomed MX record (3rd party MX record)” and provide your M365 MX record below.
Click Save and routing tables will be updated within the hour. In the meantime please follow these instructions to lock down your M365 tenant to only allow secure email delivery via ExchangeDefender this step is required or mail will not be delivered!
This process takes only a few minutes but it’s absolutely crucial.
That’s all you need to properly deliver mail to M365 via ExchangeDefender. If you’re not interested in securing your mail flow and protecting your M365 instance from malware & phishing you can always delete all the domains and references from ExchangeDefender.
If you run into any issues please open a support request at https://support.exchangedefender.com with the M365 MX record and M365 admin credentials and we’ll take care of the process for you.
Thank you for trusting us to secure your email.
ExchangeDefender User Security Best Practices Webinar
Every month we get a ton of new ExchangeDefender users. We work harder than others to keep you safe — and we want to get you up to speed with all the unique security benefits you get with ExchangeDefender and how to best take advantage of them.
The webinar is not overly technical AND it’s a great opportunity to get any questions you may have answered by the very people that manage ExchangeDefender. Here is what we will cover:
– How to spot and manage phishing attacks
– Importance of strong passwords
– Why you need MFA/OTP and how it works
– What to do when messages bounce
– What to do when your email is down
– How to lock down ExchangeDefender
– How to deal with spoofing and identity theft
Attacks on IT are only getting more efficient and sophisticated with each passing day – and ExchangeDefender is here to help you stay secure and adopt the best practices of our most successful partners and clients.
* First webinar in series, we will post recordings in our portal on March 1, 2023 after all the live sessions have been recorded & edited.
Register for the webinar here: https://register.gotowebinar.com/register/457089402282191197
ExchangeDefender Security Best Practices
Friday, January 27th, 2023 11:30 AM EST
Security Best Practices
It’s the New Year and it’s time to beef up your security policies.
In this 30 minute webinar we will cover the basics of securing your email. From management to direct use-case scenarios, we’ll show you how to avoid getting hacked.
This is the first in the series of training webinars that we will be conducting in 2023 as we are seeing more demand for special solutions from our partners and clients alike. These days everything is tied to email, from login to purchase receipts, and we are going to show you how to handle and secure everything in between (newsletters, email automation, compliance, auditing).
Webinars will be recorded and available in our library.
Have email-related questions? Advanced configuration questions? Get your answers LIVE in the webinar on Friday, January 27th, 2023 — absolutely free!
ExchangeDefender MFA Service Upgrades
ExchangeDefender has beefed up our MFA (multi-factor authentication aka 2FA / OTP) service with addition of new vendors and a wider reach.
Setting up MFA involves either installing an authenticator app or authorizing us to send you a text message. When you login to our service the system will expect you to provide the 6 digit code that will only* be known to your trusted device. Essentially, it keeps people who only know your username and password out of your account.
While we would prefer a more secure and reliable model in which our clients rely on MFA authenticator apps over the less secure SMS, we understand that is not a practical solution everywhere and absolutely every needs this second layer of authentication when accessing mission critical systems such as email and file sharing.
As you may remember, we had an issue with SMS MFA before Christmas and thanks to some heavy lifting by our team over the holidays the new SMS infrastructure is truly global, scalable – and will be delivered by multiple providers for better redundancy (eliminating the 10DLC compliance issues).
With the retirement of ExchangeDefender Essentials and all the compromises it required, you will be seeing a flurry of new security features in the ExchangeDefender Email Security service. First of many will be the access restrictions and the ability to restrict access to ExchangeDefender services based on location, time, etc. The attacks on email infrastructure are only getting more numerous and more sophisticated by the day and traditional (or cheap) security methods are no longer viable in 2023 and certainly not beyond. We look forward to continuing the best email security money can buy and we thank you all in advance for trusting us with your email.
Tis’ the season to save your MSP business money
We’ve set the email world on fire with ExchangeDefender Inbox, it is officially our most popular service. Hardly a surprise, given how it saves people $ on IT and email at a time when almost everyone is looking to make the most out of their budget. Or as one of our clients put it:
“This Inbox business is giving me a second life for Christmas – I’ve contacted everyone that said no to Office365 in the past year and I’m winning them!”
IT Tech Consulting
With that in mind, here are top 5 ways to illustrate how ExchangeDefender Inbox is a great way to control IT costs
Low cost
It’s a no brainer, $3 for Inbox with ExchangeDefender security included is a lot less than the average $20+ most M365 clients are spending.
No “up front” pre payment
Almost everyone quotes a low monthly price – but only if you pay up front, for 12 months, right now. ExchangeDefender Inbox is a month-to-month service and you can cancel it at any time.
No additional software licensing $$$
With big business email comes big business spending since big platforms come with poor security, no backups (read the TOS/AUP people!), and management UI + tools change all the time. With ExchangeDefender Inbox your only external cost is your annual domain registration.
Lower support & deployment costs
ExchangeDefender Inbox integrates with your existing infrastructure so there is no DNS work, no onboarding, no extensive training. You’ll never have to deal with permissions, distribution group memberships, Public Folders issues – not to mention that power users are largely going to more powerful cloud offerings for cloud and collaboration so why are you spending your IT budget in a slow 90s app?
No client software licensing costs
You won’t have to go to the app store for us nor do you need an entire office suite for retail, manufacturing, farm, students, or any role that comes with an iPad. Just open the default mail app that comes for free on your device, enter your credentials, and you’re done!
Fun fact
We’re not even half way through December and you’ve made ExchangeDefender Inbox our #1 service. We cannot thank you enough for that and we hope you’re excited about the roadmap we shared in our recent webinar.
Now is the time to talk to your clients about ExchangeDefender Inbox. If the IT budget is tight, we’re the solution you need to talk about right now. Don’t be surprised you’re not getting much interest for expensive email – everyone is pitching it and clients have already said no to it for a myriad of reasons. For those that are looking to get lean, to be more secure while spending far less, Inbox is the way.