ExchangeDefender Phishing Firewall FAQ
ExchangeDefender Phishing Firewall officially launches tomorrow, June 12th, 2019.
Every service provider and every user will be contacted with the information about the new service. Since some users may see the redirection site, we wanted to assure everyone was aware of the service, how it works, what it looks like, and what it does to protect them.
Note from Vlad: We hate changing the user experience. We understand that every time we change anything there will be an issue, folks don’t like having their cheese moved, I get it. However, this isn’t a futile exercise in self-promotion, up-selling, cross-selling, or useless noise: we are doing this to eliminate the problem that 90% of security compromises are triggered by. This implementation comes down to ethics: If I know that something is 90% likely to hurt you, and I have the means to protect you, and I choose to let you get hurt anyhow… why would you ever do business with me or ExchangeDefender? I understand we may lose some business over this, and I am willing to make less money in order to do a better job for people that trust us with their business.
Here are the answers to some questions we’ve already received:
Q: Does ExchangeDefender PF work on every device I receive email on?
A: Yes, ExchangeDefender PF automatically encodes all links sent through our system in HTML messages and redirects them through ExchangeDefender PF. This means that the link will be secured no matter which device you use to access your ExchangeDefender-protected email.
Q: Does ExchangeDefender PF protect me from non-email links?
A: ExchangeDefender only protects you from email links in HTML messages sent to your email address through ExchangeDefender. If your mail client downloads mail from 3rd party external services (Yahoo,
AOL, Microsoft, Google) that are not protected by ExchangeDefender, you will not be protected.
Q: Is ExchangeDefender PF available in ExchangeDefender Essentials?
A: ExchangeDefender PF is only available in ExchangeDefender Pro and ExchangeDefender Enterprise.
Q: Is there any way to turn off URL encoding for specific domains or users?
A: ExchangeDefender encodes the URL at the edge, as the message is being scanned for malware and other phishing forgeries.
Q: I don’t want to see the ExchangeDefender PF warning/site, can I bypass it?
A: Yes, you can simply whitelist the domain and ExchangeDefender PF will not be displayed. Whitelisted domains are automatically displayed without ExchangeDefender PF. ExchangeDefender maintains a list of known good/legitimate domains so the likelihood that you will see a dangerous (or questionable) website is very low. Additionally, your IT department or IT Solution Provider has access to organization-wide whitelist and can bypass ExchangeDefender PF to any site you need to visit.
Q: Is it possible to still get hacked/compromised even with ExchangeDefender PF?
A: ExchangeDefender PF simply applies your organizational policies to traffic and gives you additional information about the link you have clicked on. If you ignore warnings, or if you proceed to a dangerous site as a part of your organizational policy, you can still be compromised.
Q: Is there anything special I need to do on my network in order to support the redirection?
A: No, you should not have to make any modifications to your clients network in order to support this. If you do something exceptionally unusual (we would have contacted you separately, DoD requirement) and only have an allow access policy while blacklisting the rest of the Internet, redirection happens through https://r.xdref.com domain that needs to be in the safe sites.
Q: Can I turn URL rewriting off?
A: The ExchangeDefender URL rewriting code is implemented at the edge without regard for domain/user policies. In order not to introduce delays in processing, this is a global rule. If you are concerned about your clients seeing the redirection screen, whitelist the domains they typically go through. If we get complaints about it, we will look at deploying this policy further down in the scanning path which will slow down processing times for domains that opt out of the service and that feature is already in the development queue.
Q: Can I see the copy of the messages you are sending users, so I know what to expect?
A: Here is a copy of the message in PDF and Outlook format.
Q: Will the links stay live for X number of years for compliance purposes?
A: There is no expiration date for the links, as clearly stated in our Privacy Policy we do not collect or archive the links that you click on or that we encode, they will stay in your downloaded / cached / archived messages. While many regulatory requirements have message retention policy expectations, those requirements do not extend to external content, ie: you have to archive the message, you DO NOT have to archive the documents that are externally linked on third party sites. Either way, messages will continue to redirect as long as we stay in business.
Q: Can I get a list of good/bad sites for my compliance records?
A: Please contact our compliance officer at compliance@ownwebnow.com with the letter from your regulatory body and we will do our best to provide this confidential information ASAP.
ExchangeDefender Service Provider Branding
ExchangeDefender is happy to announce the enhancement of it’s Service Provider branding options. ExchangeDefender is primarily distributed and managed by other IT Solution Providers (MSPs, VARs, IT professionals) and we have exposed as much of our infrastructure as possible for white label functionality. Starting this week, we are also encouraging you to brand messages sent by ExchangeDefender:
ExchangeDefender Email Notice Branding is available at https://admin.exchangedefender.com under your Service Provider login. Click on Configuration > Branding and you will see a section that will allow you to provide any content you’d like us to include on messages sent to users automatically.
We encourage all of our Service Providers to provide at least their basic contact information and a note in this section. While we are always concerned with our partners brand, system notices and urgent security issues may at times require us to contact the user directly. In the event that we do that, it’s helpful for the client to see your information at the top of the message instead of the bottom.
We’re also working hard on delivering additional features to ExchangeDefender sites, so if you have any suggestions or wishes, please let us know by hitting the feedback link anywhere in our system.
P.S. This feature was discussed in detail during our webinar on June 6th, 2019. Watch the webinar here: https://www.exchangedefender.com/media/XDNewPhishing.mp4
ExchangeDefender: Overhaul of Phishing Protection
ExchangeDefender is thrilled to announce the new Phishing Firewall in the cloud, going into full production – Wednesday, June 12th, 2019 for all ExchangeDefender Pro and Enterprise protected clients. The old way of highlighting, underlining, inserting warnings and so on will be removed from the service at the same time because it lacks the ability to protect clients in real-time.
The ExchangeDefender Phishing Firewall (EPF) is a real-time, active pishing protection. As ExchangeDefender processes inbound mail, it will rewrite every link to proxy it through EPF when user clicks on it. If the site is safe, the user will be automatically redirected to it and will not even know that EPF is in the way. If the site is not on the safe list, end users will see this warning:
They will have the option to just click on the link and proceed, add to whitelist (at which point they are automatically allowed through in the future) or add to blacklist.
Because of the way phishing works, and all identity theft or forgery in general, it is impossible to secure email messages in transit without making annoying modifications to the message that often distort the look and feel of it. Majority of those links are in the 95% of the mail that passes through ExchangeDefender as SPAM/SureSPAM, meaning that they would never even be seen by anyone. By moving the Phishing Firewall to the cloud, we can now secure every device and provide additional metrics and advisory on top of it to protect our clients from 0-day exploits.
This feature is provided to our clients free of charge and replaces expensive “security awareness training” solutions that users typically hate and do nothing to adequately secure the client. With Exchange Phishing Firewall we enable our clients to create custom policies, maintain whitelists, blacklists, get enterprise reporting and more. It further allows us to go one step beyond – in the upcoming releases we’ll offer the ability to display a screenshot of the site as well as link intelligence data (How long ago was the domain name registered? Where is the IP you’re about to go to located? Is the domain a close spelling error of a widely recognized site? Is the forged site just a cloud hosted Google, Microsoft or Amazon cloud service instance that is holding or redirecting you to another more dangerous location?)
If you’re currently on ExchangeDefender Essentials, we encourage you to schedule a demo with our team to check this feature out as it’s significantly cheaper than antivirus or “security training” solutions and will do a far better job. If you’re on ExchangeDefender Pro or ExchangeDefender Enterprise, you will get this feature free of charge. On Monday, June 10 we will send an email notification announcing this launch to our partners, MSPs, and Service Providers. On Tuesday, June 11 we will send an email notification to end users. Finally, on Wednesday, June 12th we will go live with the service and hope to minimize the annoyance of phishing once and for all. Email is the single most popular attack vector, with 91% of the compromises starting through a phishing attack, and we look forward to protecting all our users even better.
Phishing: Beware of Strangers
This Thursday, June 6th, we will be announcing a major overhaul in the way we deal with spear phishing SPAM. No, it’s not a mind-blowing patent-pending stroke-of-genius sort of stuff, it’s much closer to what your parents told you growing up: Don’t get into a car with strangers don’t click on links or open attachments from strangers.
In a way, ExchangeDefender has had protection from this issue for years. If you had a decent IT Solution Provider implementing ExchangeDefender for you, they would have setup your SPF record and eliminated this issue – but many don’t. Or they would have turned on ExchangeDefender protection where all messages spoofing/forging your domain would automatically get junked – almost none of them do. Which is why ExchangeDefender as a service has become less of an IT tool and more of an end user suite of services to get stuff done.
When features like this are left disabled “because they might become support issues” it becomes really difficult to secure users. But I get it, IT companies have a business to run too, which is why we’ve really stepped up our support efforts and are going to be there to help folks get things done without becoming an additional problem for the IT department. Doing so has really made us rethink how we implement features and how the service behavior needs to speak the same language as the end user. Which brings me to phishing beyond forgeries.
Can you spot a stranger?One of the new phishing protection features in ExchangeDefender will allow you to flag messages that are coming from outside of your organization. You will have two settings – to modify the subject and to modify the header of the message so when you look inside of your mailbox you’ll know what came from a stranger right away. Try it:
Even from the message listing you’ll know which messages shouldn’t even be opened. But suppose you ignored even that – you can set another warning, printed inside of the message, giving the user even more of an instruction of what to do.
Warning: Message was sent from outside of the organization. Do not click on links or open attachments if you don’t recognize the sender.
Far from subtle. And it has to be – because most people check email quickly, between tasks, or are simply interrupted by it. ExchangeDefender has your back, and we’ll make sure we alert you to possible issues before they become problems. Which we hope everyone will be aboard with.
Please join us, June 6th at Noon, for our NEW webinar featuring ExchangeDefender’s Phishing and Spoofing protection, plus see what’s new with Encryption, WFS, and Wrkoo!
Managing User Notifications
It’s no secret to anyone that’s been paying attention to this space that ExchangeDefender is getting a lot more user friendly – both in service and in design. We’ve been improving the way we communicate with our clients and our partners through efforts like embedded help, in-line training and support, real-time chat support, self service portals, NOC sites, etc
Next week we will launch a major feature in ExchangeDefender. It will address one of the biggest pain points in email security and it will give users a ton of control that will help close what is currently the biggest exploitable hole in email security: spear phishing. This will require us to give users a heads up about what they are about to see and training/documentation about how to use it to the fullest.
Which is where we have to make sure our partners are a part of the process too. During the webinar we’ll go over the details about how to insert branding and a message/note at https://admin.exchangedefender.com. This is generally not a big issue, since almost all of our partners would rather have us do more work for them than less, but if you’re really sensitive about this topic make sure you’re in the webinar to see what options you have and how to best leverage them for your own business purposes.
Looking forward to showing you all of this, and the redesigned ExchangeDefender Encryption product on June 6th at noon. https://register.gotowebinar.com/register/198414968804117507
ExchangeDefender Web File Server gets even cooler – 5 new features!
It’s been less than two weeks since we released the highly anticipated upgrade to ExchangeDefender WFS (Web File Server / Web File Sharing) file collaboration portal. The usage of the service spiked as a result of the webinar, but it has been increasing on a daily basis ever since – don’t worry, developers and IT noticed – so we’ve been cranking ever since. As usual “it would be cool if it could do ” and “I have a ton of clients that need this, can it do ?” and we’ve been working overtime at the expense of other projects to get this done correctly (it’s being developed concurrently with ExchangeDefender Encryption and some other cool stuff).
Anyhow, I wanted to take a moment to show you what we do with your feedback.
First, yes, the old UI was a little bit clunky and REALLY slow by modern standards. We’ve fixed that, but it required redesigning how we actually build the library and how you interact with it. Since the last update we have split file upload from library creation – with the idea that the person that starts the library may not be the one contributing or sharing most of the documents in it.
As you can tell, there are some new features in here – permissions and smarter email notifications to be specific. With notifications, we’ve introduced a mechanism to send you an email notice (and soon something much, much cooler) when someone downloads a file from your library, as well as a notification whenever a file is uploaded. If your document management practices haven’t changed since the last decade, you’ll probably love this.
File management, or “actual work” as we like to call it, is on the next screen and is far more interactive. You can now upload files up to 500Mb (system max will eventually be 4GB) and as long as you’ve got a decent Internet connection you’re set. Drag and drop works too.
Once you’ve got your libraries together, you can actually pick up to 3 favorites. Those will be pinned to the top of your dashboard so you can access them quickly:
Now this is where things get cool and leave old “file sharing” stuff in the dust. If you’re working with others, particularly if they are contractors or not in your organization, you’re getting notices via email. ExchangeDefender WFS supports that by default, enjoy making your Outlook even slower and less productive. I’ve got something better. See that panel on the right? It shows you recent activity. Yes, this means that once you log in you will be able to see which files got changed, which libraries you got added to, what happened. And you will be able to plow through all the files and libraries and catch up with everything within a minute.
Next we’re embedding even more chat/discussion/notes to it so you can say goodbye to having to compose or respond to emails entirely. The big idea is that organizations are always sharing files but they are either stuck with old technology or old restrictive (and often insecure) platforms to do so. Say hello to ExchangeDefender WFS. It doesn’t look to “Windows File Sharing” first, it looks at collaboration first. Cause that is what people do with documents – they work on them together – be it creative, administrative, processing, logistics – life revolves around getting data and distributing it – and we’re making sure you can do that as securely and as productively as possible while getting rid of the “traditional IT way of doing it”
Everything you see here is a result of user feedback. So please, as you use our products and services, if we can help you please tap the Feedback link that is on every page and help us build something awesome.
P.S. Oh by the way, WFS now also supports versioning and revision control/notes. You’re welcome! 🙂
Sharing files with ExchangeDefender WFS
ExchangeDefender launched the new release of Web File Server (WFS), formerly known as Web File Sharing. Our new release is more secure, more efficient, and delivers far more productivity through tons of new features. Today, I’m going to show you how to share a new library.
First, go to https://wfs.exchangedefender.com. Everything you send through this site is encrypted (as are backups, disks, passwords, etc).
Click on Libraries > Create New Library.
Pick a title, description and add a few email addresses of folks you’d like to share files with (or set up a group). You can also password protect the library (recommended) as well as setup automatic expiration if your corporate policy requires you to nuke any company files in the cloud after a certain amount of time.
Click on Create Library. Congratulations, your library is now online and your recipients will get an email (or two, if password protected) inviting them to share files.
Now it’s time to add files. Click on +Add files.. and select as many files as you wish by either selecting them with your mouse or hold Ctrl down as you click on them (for the moment the uploads are capped at 250Mb/file but you can upload as many files as you wish). Provide any comments you wish (to make it easier for folks to see what is what without having to download everything) and click on Start upload.
That’s all. Once the files have been uploaded everyone has access to them. Your clients can upload changes or new files (if permitted), and you can add more files to the library at any time. Works on the desktop as well as on any mobile device.
It’s that simple. For more info an in-depth explanation of all the options, please download the manual.
ExchangeDefender PTR & RBL Whitelisting
ExchangeDefender is opening a wider beta test of our whitelisting functionality, which allows IT Solution Providers to whitelist sender mail servers that have broken DNS (missing PTR, mismatched A/PTR records) and poor sender reputation (hosts listed on multiple RBL blacklists).
If you have a sender you would like to whitelist against these essential network tests, please open a ticket at support.ownwebnow.com with subject “Whitelist PTR/RBL: IP Address” and provide as much information in the ticket so we can accommodate this specific request. Only hard non-negotiable rejections to whitelist will be for unknown address space and dialup/consumer cable IP addresses (because due to their nature those are typically dynamically assigned address spaces that shouldn’t be relaying mail at all, they should be using their ISP mail server provided smarthost)
Requests will be reviewed and either approved (and enrolled) or rejected within 24 hours by our CSO.
Background: Inability to previously whitelist broken DNS and dynamic IP address space is rooted in our mission statement. We are here, beyond everything else, to help secure the email. We know our partners, IT Solution Providers, VARs, MSPs, etc do not have the skill set, the time to properly research underlying issues, enough data and statistical models to evaluate sender IP reputation, or even the incentive to discern how big of a security threat and compromise a specific IP address with broken DNS or poor reputation may pose to your client.
In fact, you pay us to worry about those things and keep your clients secure. But, sometimes clients like to think they know better than their technology experts, generally accepted security standards on the Internet, and ExchangeDefender. And the client is always right. But, when they get infected attachments, broadcast storm, password dumps, or other security compromises because they insisted on lowering their security – then ExchangeDefender is on the hook for securing them. And we don’t get to say “told you so” nor do we have any rapid means to fix the issue.
Since my retirement, all of those hard-line policies designed to keep clients safe beyond whatever “specific business case requirement” they may have, are slowly going away. Good news for the client, good news for the partners. Good news for us, because going forward we will start providing Email Security Engineering services – so when you get a security compromise or an usual issue and you’ve asked us to compromise your security – we will be able to address the issue on your behalf.
I choose to look at this as a positive – we will help our clients meet their business needs and get the mail they desperately need – and if something breaks we will be there to help assist with the cleanup (for a fee, of course). This, among many other service related things, is just the part of the ExchangeDefender being more responsive and service oriented when it comes to our clients demands as opposed to our expert opinion as a security policy.
ExchangeDefender’s AnythingDown.com – See How It Works!
As promised in the last webinar, we’re moving as aggressively as possible to make sure our partners have as flexible of a tool as we can imagine to communicate with clients in the event of an IT catastrophe. Or, in our case, to further increase transparency and collaboration with all our ExchangeDefender service providers so you can get better insight into our network and when we’re dealing with a lot. That said, I believe that the product/service is now production ready and we’ve already tied it up in our ExchangeDefender Enterprise product so you’ll know as we know. 🙂
Remember, ExchangeDefender’s AnythingDown.com , or https://yourserviceproviderid.xdnoc.com – is your own brandable, real-time alert system that covers ExchangeDefender managed resources as well as your own custom defined events.Â
Let’s go on a little tour, shall we?
First, here is the nearly-final look of the site. It will of course feature your logo, your contact information, and your own services but you can see that there is now a sign in section as well as nested posts – so when something is updated it’s done so in-line and can be read normally (as opposed to just seeing the latest update and not knowing what it’s about at all).
Sign in screen is for you, just provide your service provider ID and password and you’re in your own portal.
As for your users that want real-time updates via email or RSS/blog, we have a signup page (I know, I know, it’s idiotic but GDPR and EU have put this obstacle in place where we need contracts and disclosures about signing up for an email list).
Once you’ve signed in as the service provider, you will have access to manage and create new service advisories. Just click on the Add New button in the upper right corner. If you’re managing a larger NOC and have a ton of fires going on (you’re among friends, #respect) you can also search current open advisories and make sure you update the correct one.
New advisory posting is pretty flexible and gives you actually quite a bit of power to include images, links, and other multimedia. As network geeks we’re used to plain text, ASCII, 80 columns across black on white kind of alerts but in the 21st century with lots of things going on sometimes you can throw out a quick alert with a screenshot of what’s going on rather than trying to document every single detail (for example, a cloud of daily network/ISP outages as an explanation why things are moving slow or getting delayed or buffered)
And of course, you can update every service advisory.
As mentioned last month, ExchangeDefender XDNOC </a> service is all about helping us work better with the people that pay us to help protect their networks and users. I have some rather personal thoughts on that subject, which will be a matter of another post. However, when you design software and when you serve as the gatekeeper, your primary responsibility to the people you’re protecting and waking up to keep safe every day is not just to keep things going but also to keep everyone aware of what is going on to improve things – because hackers don’t take days off.
Anything down? We’re improving our NOC and communications!
When things malfunction at other companies, they blame vendors and equipment. When things malfunction at ExchangeDefender, we build products and services so we never have to deal with the problem in the first place. As a result of a DDoS attack last month, I am happy to introduce you to our new service that will improve one area in which we undoubtedly suck the most: communication.
Say hello to AnythingDown.com:
It’s an offsite NOC alert site that’s branded for you.
At ExchangeDefender we do a pretty amazing job communicating and working with our partners, it’s actually our #1 selling point, that you can come to our offices and data centers, you can work with our team and get things done. But when something breaks, that same business friendliness and accessibility is an achilles heel – clients swamp the phones demanding to be briefed on every detail, “Friends of Vlad” call every staff cell phone they can find, the staff that is there to help/coordinate/assist in technical work cannot efficiently correspond and inform every user particularly when things go down and everything isn’t working as it should.
This is where ExchangeDefender XDNOC (aka “AnythingDown.com”) helps.
It’s off site. Doesn’t rely on our networks at all.
It’s on it’s own name space. Not dependent on our DNS/registrars.
It’s branded. Your name, your image, your message.
That last bit is pretty important – we realize that our larger clients have many employees that have never heard of ExchangeDefender, ditto for our partners that don’t want to reveal ExchangeDefender is behind their branded email offering.
Not to worry, your site is already branded and you have your own Service Provider XDNOC: https://<yourExchangeDefenderSPId>.xdnoc.com
It’s yours, it’s yours for free, and we’re just getting started. For the next week or two, the site will host ExchangeDefender content only as we add in the mechanism for RSS subscriptions, linking, SMS/txt alerts, and email notifications.
But this is just the beginning. As an ExchangeDefender subscriber you will have access to this site to tweak it as necessary and to add your own NOC alerts. That’s right, we’re not just building this for ourselves, we see it as a role of central accountability for everyone that relies on our services and all the services you use to deliver a solution. We all want to keep the client happy and informed and this will help out a lot towards that goal.
Our expectation is also to have our proprietary monitoring and alert feeds published on AnythingDown.com going forward so you can see or anticipate the issues that our infrastructure is seeing even before there are tickets or human confirmation of the problems. For many that will be way, way, way too much data but we feel it’s better to present it and get more eyes on it than hide it and hope it’s handled through automation or our staff activity.
In closing, I hope this helps. I know outages and service interruptions or performance issues or networking issues all suck, nobody wants them. They come with the territory and everyone knows it – so it’s not about technology malfunctions, it’s about your communication about the IT work that is done to make it as flawless as possible. We thank you for your business and for your continued support of ExchangeDefender that makes stuff like this possible.