logo XD
logo Antler

ExchangeDefender Blog

ExchangeDefender

We live in interesting times when it comes to business email. The widespread abuse of email by hackers and spammers has always provided a cover for some rather shady email sending patterns used by small businesses. The rise of GDPR, CAN-SPAM, and other rules, regulations, and acts has built a financial incentive for regulators to go after businesses that violate the rules and small businesses are a sitting duck – too local and easy to track, too easy to report, and often very easy to fine.

imageEmail is quickly becoming a great source of revenue for enforcement agencies – and protecting businesses from themselves (your marketing department in particular) is a challenge so many small businesses need to get a grip on before excessive penalties threaten the very existence of the business that crosses the line even once. So congratulations MSPs, VARs and security professionals, now your SPAM and mail flow management isn’t only going to concern illegal/hacker abuse, you’re now going to be at odds with your clients and how their “unique business case scenario” that will likely get them fined out of business. Fun, right?

Management of all these new things is a subject of our upcoming webinar, next Wednesday, where we hope to give you some technical insight and practical business advice on how you can help businesses manage their email activity properly. Bring your techies and business/sales team in as well, as this affects both sides of the house. Or, you can just tell your clients not to SPAM out and hope they listen to you – my wallet thanks you in advance if you choose this route (sarcasm heavily implied).

Wed, Jun 27, 2018 12:00 PM – 1:00 PM EDT
Click here to register

To be clear, this is not another webinar about GDPR. At all. But you can use GDPR to inform your clients about the potential issues that are coming up. Big businesses and marketers are already facing the inevitable and I bet you that even with the onslaught of all the emails and notices you didn’t quite appreciate what those “notices” were meant to do in the first place. Inform you about GDPR and updated privacy policies, right? Wrong. They are being used to get you to opt back into messages that you accidentally got rolled up in the first place. And this is for things you knowingly entered into – think about how a typical small business gets it’s leads – from purchased lists to sweepstakes and raffles and “win a free lunch for your company” business card drops – all of that is about to become a nightmare for the IT department to manage and protect.

Or you could just see how we do it with Corporate Encryption and Compliance Archiving.

ExchangeDefender

As we hinted before in our Outbound IoT announcement, there are some big enhancements coming to our ExchangeDefender outbound network. The job of getting the mail delivered over the Internet is more art than science and we are looking to put more resources behind this as encryption, compliance and GDPR take over. So today, I want to briefly walk you through our vision (roadmap to follow on this months webinar) of what we’re about to offer at scale.

image

The biggest obstacle to efficient email delivery are the actual users. I know it sucks to have a finger pointed back at you but truth is most of the delivery problems aren’t caused by connectivity, routing, or SPAM filtering software, they are caused by behavior and sending patterns of users. They fall into two categories: negligence and inappropriate email usage. Negligence comes in many forms but primarily lack of security (weak passwords, unpatched servers, compromised networks/accounts) leading to a SPAM outbreak from a domain that otherwise wouldn’t be sending SPAM. Inappropriate email usage comes from users knowingly abusing their personal email accounts to send large mail merge, mailing list, commercial SPAM sort of content. Yes, everyone has a justification and an excuse for behaving the way they do and we’re not here to judge that – but machines have 0 judgement and only work off “score” that is calculated by adding points to a total until a message has enough to qualify as SPAM. If you look like a spammer, the remote system isn’t going to care much that you aren’t. We can only address these through education and we’re committed to doing that at ExchangeDefender… but, we can do even better. And that’s our vision for our supported outbound network. 

We are currently working on consolidating our entire outbound network into a single outbound.exchangedefender.com – that means saying goodbye to –corp, –jr, –int, –misc and specialty email routing services we’ve written to help address unique business requirements of our users. Starting soon, the entire network will simply allow outbound mail for person-to-person communication regardless of the message format and contents (yes, you’ll be able to use out of office (OOF) notices and autoresponders again). For non person-to-person email, we’ll use outbound-auth for devices, services, etc. For marketing (newsletters) we’ll have one as well.

The big change will be in support and an active managed postmaster. This simply means that there will now be a monkey-in-the-middle facilitating, reporting and auditing outbound mail sending patterns to assure delivery and proper routing. Say Bob from Marketing decides to do a mail blast using his Outlook and attempts to hit 5,000 contacts. All but maybe 100-200 of those messages will actually make it through our network. Say your “Password1!” security credential was compromised and someone started using your Exchange login to run a SPAM campaign – that too isn’t getting out. And the support team that will be managing this flow will be the same one that will be helping you address mail problems immediately, not as a reaction 3 days later when your domain ends up on an RBL.

That and you’ll have additional intelligence embedded in outbound mail routing to assure delivery and start realtime conversations for things that are better handled in a chat vs. email. But sssssh that’s a secret for now. Everything else about this (and the new UI) is coming in this months webinar, I cannot encourage you enough to register for it, tune in live and ask questions:

New Features Webinar
Wed, Jun 27, 2018 12:00 PM – 1:00 PM EDT
Click here to register

We believe that the division of email flow – separating machine/service/device/non-person mail from person-to-person email will give us the unique ability to more precisely deliver messages over notices and also improve our ability to get around bulk filtering that plagues us just because of the way email is routed. Getting support in there, in realtime, will make the difference between an issue being handled directly and right away as opposed to dragging on for days and offering no assurance to the client or recipient where the message went. So not only will support and client relationships improve, so will our ability to embed more features into outbound mail that will make it more effective as opposed to leaving it at “best-effort”.


Shockey Monkey Support

It’s crazy to look at the ExchangeDefender roadmap from last spring and see how well we’ve been able to integrate the vision for a fully supported communications platform for business into our existing security, compliance and encryption product suite. To be honest, this whole process started well over a year ago with our ExchangeDefender Migrations where we learned just how poorly organized and borderline mismanaged most corporate email handling has become. And all the tools that are on top of it – from Outlook to supplement chat platforms – are just making the mess bigger and compliance problem more complicated and expensive.

I’ve personally spent countless hours with my staff looking at tons of research, behavioral data, purchase patterns, market leaders (and which features people most demanded from them compared to which features they actually used the most) and that’s where we started building our new platform. And if you’ve attended any of my webinars for the past year or so, you’ve heard me repeatedly call on partners, MSPs, VARs, etc to focus on the messaging, compliance and security because that is where the money has been and will continue to be – and it won’t be something you’ll ever earn with a low end network admin hire (not to mention that we’re better and far more affordable than another body).

NewUI

I am beyond thankful for all the feedback, input and suggestions (keep them coming, as brutally honest and direct as possible – no, we don’t expect you to be cheerful if/when we cause you support problems) that are pouring in as we start to expand this product. In terms of vision of what we’re building here:

A platform for secure, compliant and organized information management, sharing and collaboration.

If that sounds like a Dilbert cartoon too heavy on jargon, what I mean is that we’re launching a series of web sites, mobile apps, web applications and automation scripts that any organization out there can plug in their email into and start assigning, prioritizing, discovering and working on issues together. We’re not just talking about b2b or b2c email either, anything that generates an email notification or a social alert or an order receipt or booking confirmation or a tweet or a Facebook update – anything that impacts your business – will be more secure, better organized and have a clear chain of custody, deadline, track record and more.

This is not a one-off upgrade that we’re thankful to be done with, this is just a piece of the overall puzzle we have for our partners to help organizations get better organized. So please, stay in the loop, and most of all understand the game plan: we aren’t building this to amuse ourselves – what you see here will be your product in another month or two and you will be able to sell, implement, customize and manage. And that kind of work pays a lot better than hard drive swapping, OS reinstall and malware license renewals.

We hope you like it. And we hope that if you don’t like it, you tell us what you need. Either way, we won’t do this without you. #team

-Vlad

ExchangeDefender Support

We’ve been getting incredible feedback since the launch of our new support portal but believe me when I say that this is just the preview of what we’ve got going on behind the scenes. As ExchangeDefender’s business model continues to shift towards security and compliance services (instead of just software/cloud) our ability to provide excellent service becomes the top goal organizationally. And it matters the most to you, our clients and partners, because we’re lifting the burden of support and platform management from you so we need to be able to provide support on a whole new level as a result of it.

On the bottom of all the new sections of the portal you will see a link that says [BETA] Give us feedback

image

Tap that link and tell us what you would like to see.

I cannot overstress the importance of us getting this right, not just for our own sake but for yours as well: support and assistance will start getting bundled and integrated into the very solutions we provide. This means that we will be using your brand, your logo, your site to deliver ExchangeDefender services on your behalf and that will include realtime communications with clients, employees, staff and anyone else with valid credentials. You will have full control over it all, along with analytics and reporting: we won’t do this without you is more than just a tagline on every webinar I’ve held in the past two years.

So please. Whatever you see, however minor, whatever idea you have, however major: I want to hear it. Developers won’t. I want us to continue providing an integrated cloud service end-to-end that continues to thrill customers instead of frustrating IT people. We’re changing the game here.

-Vlad

General

Psst. It’s time for better support.

ExchangeDefender has been working on a massive infrastructure upgrade and reengineering project since early 2017 and we’re happy to report that we’re providing better service and offerings than at any time in the past. Now we’re thrilled to announce the launch of our newest support portal that will converge email, chat and support ticket activity in a single, process-driven solution.

This means we will be able to help you better, faster, and in realtime. Tomorrow, June 1st, at noon… we will launch our new support UI:

Responsive User Interface
Our entire UI is now built on a responsive user interface that looks great no matter what device (desktop, browser, mobile, tablet) you use it from. No more smudged and unreadable fonts, no more zooming, panning and scrolling. Best of all, much faster and refresh-free UI!

Fewer Clicks, Faster Access
Hate having to click 80 times to get to what you need? So do we – and most people access ExchangeDefender on a touch-enabled device these days! We listened and designed a new portal that gets you where you need to go faster.

More Intuitive Design & User Experience
You no longer need a masters degree in CRM software to navigate around the platform, anyone can do it. No more scrolling through pages of text and form fields, everything you need it at your fingertips.

Friday, Friday, Friday… at noon!

As mentioned above, the new UI is designed to help real people, doing real work, in the real world – not just office power users on arcane hardware (don’t worry, we got shortcuts and powerups for you as well). In order to accomplish that, everything in the new interface is intuitive. Want to create a new ticket? Here is how:

clip_image002

Same behavior you have on the desktop is the same behavior you’ll have on your tablet and phone. Best part is, we are not taking anything away, just adding more useful content that is always at your fingertips. For example, take a look at the new ticket screen:

We have removed the clutter, emphasized the important announcements, improved page loading time, require far less scrolling and the elements you need will automatically load into view as you start a service support request.

clip_image004

You’ve probably seen paper after paper illustrating how much modern consumers rely on self-help and self-service sites rather than picking up the phone, sending an email or opening up a support request. With our integrated FAQ, smart answers and realtime resources (including chat) we will be able to help you with the routine and simple tasks without having to wait. Or scroll.

Working on a bunch of issues at once? Our system will now allow you to quickly access all of your tickets and see updates without opening a million tabs or scrolling for days.

clip_image006

We have added a bunch of new conveniences that allow for realtime results, automatic refresh and quick updates.

The big idea with the new portal is that many problems, projects, issues or inquiries can be handled much faster without having to switch from ticket to ticket, system to system, or screen to screen. Most of the service is simply acknowledging that the issue has been received, acknowledged, reviewed and assigned to the right person that can help right now.

If you’re used to the old way of doing things, and don’t look too closely, not much will change. It’s still all there, just much cleaner and simpler:

clip_image008

Working on tickets and on teams is now simpler than ever. We got rid of the old one-owner one-client one-issue model and can now easily add employees on this side that can help. Unlike the old days, the issue and responsibility doesn’t end at the point of assignment – everyone is still accountable to the client and now we can respond faster and work on an issue as a team.

clip_image010

You will notice that our ticket update screen has gotten a lot simpler as well. When you update tickets, you won’t see an entire page refresh either. There is a reason for that: We are moving towards full realtime portal – meaning we can start supporting users in a chat and reduce the amount of time wasted searching, navigating and waiting on the browser or page to load.

Compliance ExchangeDefender Industry News Security

ExchangeDefender, at it’s core, is all about protecting our clients: it should come as no surprise that we are big fans of GDPR. If you haven’t been inundated by GDPR, or by a million “we’ve updated our privacy policy” emails from every web site you’ve ever signed up for, or you’ve landed here simply because the deadline is tomorrow, Friday, May 25th: rest assured we’ve got you covered.

ExchangeDefender is 100% compliant with GDPR. You are covered as are your clients on ExchangeDefender and we have presence across European Union to handle any issues or complaints that come up as a result of GDPR implementation.

What you need to know

GDPR, essentially (and no, this is not legal advice), is a European Union data privacy regulation that turns the tables on marketers and gives residents of EU very specific rights and control over their personal data. The regulation is very broad in terms of scrutinizing everyone that may be holding (controller) or managing/processing (processor) personal data and ExchangeDefender fits both of those roles at times depending on the product or service we’re talking about.

image

If you’d rather do without me talking at you for 6 minutes, we have a ton of other resources that you can share with your clients. I would start with this document available for download here:

image

 

What you need to do now

1. Start by reviewing our new Privacy Policy. I know, I know, you’re done with

2. Contact us if you’re seriously building out a business around GDPR and get our marketing folks to hook you up with branded collateral (minimum client count

3. Review our GDPR collateral, particularly the webinar with the deep dive of the ExchangeDefender implementation. This is the most important thing you could do but it’s 27 minutes long and I know everyone doesn’t have that kind of time or attention span – I get it – but if you’re seriously working with us and need GDPR assistance, you will have to go through the training eventually.

Where to go next

We are very excited about GDPR and have put significant resources to design our products and services around the regulation because we believe it will have a broad impact well beyond Europe. Privacy, data integrity, right to be forgotten, right to withdraw consent, right to find out what sort of information companies have about you – those are fundamental rights in our opinion.

And if you ignore them the penalties are going to be extensive.

What we’re choosing to do at ExchangeDefender is to create a service around protecting people on the Internet – not just from SPAM but really safeguarding all communication you do as a business. Take a look at our GDPR resources and see how we can get you started on the same path – at the very least you can use our reach and resources to comply with GDPR.

Compliance ExchangeDefender General

One of the most common misconceptions we get to deal with in the email business is the notion that the almighty cloud eliminates the need for backups, redundancy, compliance archiving, and disaster planning in general. Nothing could be further from the truth so please share this checklist with your clients and decision makers so they can make informed decisions about how much protection is needed for critical business data.

image

Now, let’s tear apart the myths we hear most often:

It’s in the cloud so it’s already backed up. You will not find a single cloud service provider that will offer their backup policies in explicit detail. This is not just a matter of secrecy (exposing the network and storage design) but also of implementation: some services just don’t have a backup only a lagged copy. Never, ever, assume that your cloud provider cares about your data more than you do, it’s no coincidence that the first thing you do with every service you sign up for is a mandatory acceptance of terms of service that you’ve likely never read. Your data is your sole responsibility.

It’s in the cloud and they say it’s there forever. Sometimes marketing gets falsely associated with the actual service deliverables: “You will never have to delete email to make space” doesn’t translate into “Your email will never disappear” – all major email providers have a well documented trail of losing clients mail, deleting their mailboxes “for policy violations” and otherwise shunning any responsibility.

It’s in the cloud so someone is actively managing it. Cloud service providers manage the cloud service, management of your personal data is often the secondary concern. That sounds harsh so allow me to elaborate the top down view: Imagine your service just crashed, massive catastrophe: What is your primary concern? Restoring access to service to send/receive email, or restoring clients data from 5 years ago? Now align those priorities with the budget: What is more important to the cloud provider: service operation or access to old data? Many services are even pushing for not keeping all of your data in the cloud at all, the notion of archive boxes and focused views is all about not having the responsibility for your data.

It’s in the cloud so it meets compliance. Your regulatory compliance requires assurance that data could not have been deleted. That kind of assurance only comes with services like ExchangeDefender Compliance Archiving which archives messages before anyone has a chance to tamper or delete the data. Furthermore, the backend system for an archiving or compliance solution is radically different because of the liability: companies that insure confidential data storage are far more concerned about redundancy, backups and data loss than they are about the uptime and service availability.

Now that the myths surrounding the false sense of cloud security are shattered, let’s look over a brief plan you need to implement to safeguard your data:

1. Document everyone with access to email.
2. Come up with a policy for adding/removing employee email.
3. Identify any regulatory compliance requirements.
4. Identify business case scenario requiring long term archiving.
5. Document who has access to what and how changes are tracked.
6. Come up with a data retention and data backup plans.
7. Understand the law and security, make neccessary adjustments.
8. Designate a Compliance Officer to manage everything.
9. Test your backups and compliance archiving routinely.
10. Periodically audit everything in the previous 9 steps.

Truth is, there are hundreds of steps in cloud security management for each of the 10 items I listed above: The goal isn’t to give you a blueprint, the goal is to make you aware of complexities and the issues that can come up when the basics are ignored. If you would like the details, give us a call, email is what we do for a living and (unfortunately) our expertise is developed over the years of cleaning up our clients neglect of their email infrastructure – let us and our partners know how we can help.

Archiving Business Continuity Compliance ExchangeDefender Industry News PRO TIPS Security

ExchangeDefender Compliance Archive was designed as a blend of services and products to help organizations achieve regulatory compliance.  This complex process is always evolving with new regulatory requirements, changes in organization structure, and unique reporting requirements.

 

At ExchangeDefender we specialize in helping organizations with their eDiscovery needs. Here are the biggest fallacies we hear all the time:

 

“We have a backup”

Email backups are not sufficient for nearly any modern regulatory compliance requirements for email retention. Not only can the messages be deleted before backups run, but running reports across the entire organization is next to impossible, not to mention excessively expensive. We recently assisted a partner managing a small 15 employee office in their backup and restore process to locate a message from 5 years ago, costing the organization over $18,000 in IT labor alone.

 “We have a product/compliance service” 

Having a product or a service subscription is different from being in compliance with regulatory requirements. The difference between having a product and being in compliance is similar to “We have a CPA” and “We have filed our tax returns on time” – mistaking the two can be costly and dangerous.

“We are never going to need that” 

Most organizations downplay the importance of long term email archiving and eDiscovery. An overwhelming majority of subscribers to our eDiscovery service don’t have a specific regulatory requirement at all, they do it to effectively defend themselves from legal threats that are all too common these days. With email being the gateway for all corporate communication, it is the first place record retentions, legal holds, and subpoenas are issued for electronic records and there needs to be a system in place to effectively deliver that information.

“What we have is enough”

Regulatory compliance goes far beyond poorly interpreted recommendations and laws. It is a process of producing reports, identifying problems, and assuring that corporate communications policies are being followed, or at least addressed, in case there is an issue. If the organization does not have people in charge of managing the compliance on a monthly basis or there are no current reports searching for dangerous or sensitive content or there is no ongoing maintenance or an established incident record – the organization is likely out of compliance even if they purchased the right software or signed up for the right service at one point.

“We have a someone managing that”

Someone is not a good person to rely on when you get a subpoena and they are even more difficult to get into a courtroom. Plus, how much would you trust them to demonstrate expertise and defend the implementation of the compliance archiving and eDiscovery solution? Many organizations make a mistake of thinking that just signing up for a service or purchasing a product is sufficient for compliance but it’s really just a starting point. You need the personnel, product, service, and reporting to fully achieve regulatory compliance.

ExchangeDefender Compliance Archiving and eDiscovery are a part of a professional service that helps get your organization and its means of communication on path to achieving regulatory compliance. Whenever someone is fully confident that they have their compliance in order we simply ask them to “show me your last Compliance Officer Report” and almost everyone struggles to produce the report or even name the Compliance Officer, the processes being used for archiving, the type of data protection, or the way in which the entire process is tested and audited. With ExchangeDefender Compliance Archiving, you not only get a service, you get a partner that will work with you every step of the way in achieving your regulatory and organizational needs for proper record keeping.

ExchangeDefender

With technology you really cannot avoid disasters, all you can do is prepare and test all backup plans when things go wrong. IT people in charge of Windows systems have had so many issues with Microsoft updates over the years that Microsoft consolidated all of their patching to happen on the second Tuesday of every month – and this months update disables network cards (kb 4103718) on many Windows PCs – oops! This got us to thinking, how many of you are effectively planning and implementing all the ExchangeDefender services to resume work when disaster strikes? We make it as simple as a bumper sticker, but it’s all in the planning and effective onboarding:

livearchive

Outlook Web App/Access: Outlook Web App has almost the entire functionality of Microsoft Outlook and it’s included for free with your ExchangeDefender Exchange subscription. Problem is, most users do not know the server name or how to find it in an outage or on the road. We advise our partners to setup a splash page, a link or a dropdown on the clients web site or their own MSP site that leads the clients to the right location.

LiveArchive: LiveArchive is included in ExchangeDefender and it’s designed exclusively as a business continuity solution to be used when Exchange and other email servers go offline. Server down? Just point your browser to https://livearchive.exchangedefender.com and all your email is right there even if it’s not showing up in your Outlook due to an outage.

Mobile Device: Let’s face it, you won’t be able to pull out your monitor and workstation and take them down to Starbucks when the disaster strikes. Prepare your mobile devices to function as remote offices. You can configure both work Outlook and LiveArchive devices up front and just set them as Disabled or dormant accounts. Doing so allows you to simply “turn on” the mobile feature instead of trying to walk someone through the device setup while they are on the speakerphone and you already have their entire office waiting too.

Let’s be real for a second: We know that disasters in IT happen. Mechanical machines that these incredibly complex systems run on are prone to failure: so instead of gambling that the problem will not occur, why not just build it into the onboarding system and take care of the inevitable situation right now where you can do so at your own pace and keep everyone happy.

Archiving Business Continuity Compliance ExchangeDefender General Industry News PRO TIPS

Signing up for the Compliance Archiving service is the first step in reaching regulatory compliance when it comes to email retention and eDiscovery. The following five steps will put you on the right path of achieving and maintaining that compliance:

 

1.Understand what you need to keep and for how long.

Your regulatory/oversight body will provide details about how long you are required to hold on to your email. In our experience with Compliance Archiving, you also need to pay attention to the Statue of Limitations that your business may be liable for. Very often the discovery process for lawsuits includes legal hold requests and record requests that are longer than regulatory requirement.

2. Get the right product and implement it correctly.

Your compliance has to be all encompassing – all email must be archived. With ExchangeDefender Compliance Archiving all of your inbound, outbound, and interoffice email is collected, archived and protected in the cloud. You can search for any document at any time and be certain that it has not been tampered with and that no emails have been deleted – something that sets our eDiscovery/archiving apart from backup solutions.

3. Keep an eye on it to make sure it works

Just setting up a compliance archiving solution is not sufficient enough. there is no protection for technical negligence in regulations. You are expected to keep your mail server and everything connected to it secure. Penalties for data loss, compromised credentials, and data leakage are severe and are not a valid excuse for not having compliance.

4. Create Compliance Officer reports frequently.

Compliance Officer within your organization must create reports on a monthly basis to assure no confidential information is allowed to leave the organization. Some industries have an even more specific and severe restriction on the type of communication that can take place over email and what sort of information can be sent – compliance officers run eDiscovery reports to assure nothing confidential is being shared and address problems and exceptions routinely

5. Routinely audit the entire system to maintain compliance.

Organizations grow and change over time and remaining compliant with new regulations is key. ExchangeDefender Compliance Archiving service often sends out advisories, best practices, tips and suggestions to adjust your process because you are always expected to be in full compliance with the latest requirements. Every time you add a new employee or change your mail server configuration or new lines of business – compliance must extend to cover these new records that may be of interest to someone down the road.

“One of the biggest mistakes organizations make with regulatory compliance is thinking that it’s a service, product or a one-time effort: quite the opposite!”

 

Achieving regulatory compliance means implementing the right product, conducting routine audits, complying with changes in regulations and having full control of the environment where messages are stored as employees come and go.

In the event of an audit, you will be asked to produce record and you will be judged on your ability to provide specific records that are requested, not the best effort you made in trying to achieve compliance. Considering the fines and legal complications, it makes sense to revisit the five steps outlined here annually and make adjustments as necessary.