Hack the Future: RSVP for the ExchangeDefender Hack-a-ton
We will, we will hack you!
Please join us for a special ExchangeDefender virtual event.
Friday, September 13th, 2024 – 1 PM EST
https://attendee.gotowebinar.com/register/3500231937112410199
You will be among the first to hear about our new line of business that we are currently building in public. See how you can get involved and profit from the platform we’re putting in our partner’s back pocket.
Remember that more than 90% of corporate security exploits start with a phishing email. We’ve done everything possible to keep those messages out of your Inbox and now have something new to announce.
See you next Friday 🙂
LiveArchive Cloud Considerations: It Works Everywhere!
Over the past month we’ve been holding LiveArchive Workshop Series with clients who want to get LiveArchive deployed and staff trained in under 1 hour. It’s going well and the question we get the most is: “Will it work on Azure/Linode/Oracle/___?!” Yes, it works with ALL public and private clouds because it’s built on top of open source technology standards that everyone offers. In order to deploy LiveArchive you’d follow the same principles and steps outlined in our Cloud Backend Setup at Amazon AWS, Microsoft Azure, Oracle Cloud, Google Cloud (even if you host it yourself on your own network/hardware). All public clouds offer containerized services and the Docker containers that make up LiveArchive are mariadb:latest, minio/minio:latest, and exchangedefender/livearchive-webmail:latest.
Navigating IT Politics
Now that you know ExchangeDefender LiveArchive works on all the popular cloud providers, it’s time to pick one. Here are 3 things to keep in mind:
1) Your choice will typically be controlled by the clients existing infrastructure and vendor policies – if they are an all Microsoft shop you’ll likely be deploying LiveArchive on Microsoft Azure. Regardless of your choice of cloud vendor, you will still get the same LiveArchive performance and keep in mind that full source code for the entire stack is available here: https://github.com/exchangedefender/livearchive-webmail. Having access to the code gives you the ability to optimize, customize, and future-proof your setup.
2) You will need access to DNS. In order to deploy LiveArchive you will need to create a CNAME for the LiveArchive UI which is required in order to request an SSL certificate.
3) You will need to allow several network policies on your choice of public or private cloud. Specifically, you will need to allow tcp ports 80/443 for the web services and you will need to allow tcp ports 9000/3306 to our LiveArchive network so that we can store your messages and message metadata. Cost is also an important criteria for many organizations so we recommend researching cloud cost calculators
This way you can see who will give you the best bang for the buck currently vs. over time as your organization grows. If you’re trying to keep the costs to a minimum your best option is going to keep minio and MariaDB services self-hosted or on semi-dedicated/VPS/colo deployment and to only put the LiveArchive Web UI in the cloud.
We look forward to seeing you in our workshops, and keep in mind you can get it going in under 10 minutes just by following these steps!
5 Reasons Why You Need Live Archive Email Backup
In the fast-paced world of business, safeguarding your critical communication is non-negotiable. That’s where Live Archive Email Backup steps in, offering a comprehensive solution to address the evolving challenges businesses face today.
1. Security at the Forefront
Value the security of your business data with Live Archive. Safeguard your critical communication from potential threats, ensuring the integrity of your business information is maintained at all times.
2. Fortify Against Ransomware
In the battle against crypto-locking threats, Live Archive becomes your shield. Protect your email backups, ensuring your data remains accessible even in the face of a compromise. It’s the ultimate defense strategy for your digital assets.
3. Long-Term Email Preservation
Ensure the continuity of your business with Live Archive’s long-term email preservation. Back up and archive email data for extended periods, meeting regulatory and business continuity requirements seamlessly.
4. Budget-Friendly IT Solutions
Navigate the complex IT landscape with ease by choosing Live Archive—a cost-effective email backup solution. It provides robust protection without straining your IT budget, making security accessible to businesses of all sizes.
5. Storage Flexibility for Your Needs
Your data, your choice. Live Archive offers storage flexibility, allowing you to store your critical information on the cloud, on-premises, or both. Tailor your backup strategy to suit your business needs effortlessly.
Live Archive Email Backup is the key to unlocking peace of mind in your business operations. Prioritize security, accessibility, and longevity—choose Live Archive for a reliable and comprehensive email backup solution. Your data deserves nothing less.
Improved SPAM Release Security: Quick Release
ExchangeDefender is giving users more power to lock down their valuable data. Now that ExchangeDefender handles business continuity and backups for M365/Gmail tenants there is even more information in ExchangeDefender that demands more flexibility with security policies. First, let’s talk about the upcoming feature that allows you to lock down your ExchangeDefender SPAM Quarantine Report activity.
Bit of background: ExchangeDefender Quarantine Reports are an immensely popular ExchangeDefender feature (coming up for an upgrade this spring btw!) that sends users a list of quarantined messages with a set schedule. Users tend to rarely look in Junk Items or review SPAM unless they are waiting for something so this is a cool feature that our users just love. Scroll down the list of quarantined messages and release or trust just by tapping the link. Super convenient, but does it meet your security requirements?
ExchangeDefender Quick Release feature now enables you to choose between convenience and a more secure release process. For many organizations, having the message released or get added to trusted senders with just a click is a huge time saver and user convenience. But if your Microsoft M365 / Gmail account gets compromised (which happens ALL the time) or you deploy a new security/business/CRM (mostly AI stuff) that scans links then this “convenience” can turn into an Inbox packed with SPAM messages that some hacker/service inadvertently released.
If this happens to you, know that ExchangeDefender can help with the “Secure Release” setting. By enforcing Secure Release, when the user clicks to release or trust a message they will be prompted to authenticate before they can release/trust the message. This way if you get hacked or install link scanning/crawling software in your tenant will not be able to access the messages without a password.
Now please, go setup your favorite authenticator app with ExchangeDefender MFA (next up, you can set it to be mandatory/required)
Webinar Digest 8/16: Unveiling 7 New Features in ExchangeDefender
Watch the full webinar episode >> Click here!
In a dynamic and informative session, our recent webinar shed light on the latest advancements in email management and security. Hosted on August 16th, participants gained a comprehensive understanding of key features and innovations that are set to reshape the way we interact with our email systems. Here’s a recap of the highlights from this engaging event:
1. Seamless Integration: LiveArchive Meets Inbox
A major focal point of the webinar was the integration of LiveArchive, our innovative business continuity solution, directly into the Inbox interface. This strategic move not only enhances user experience but also provides a streamlined pathway to essential features, ensuring business continuity even in the face of disruptions.
2. Long-Term Archiving Redefined: Introducing LiveArchive
Anticipation filled the virtual room as LiveArchive’s impending launch as a long-term archiving service was unveiled. Participants were introduced to this game-changing solution, designed to preserve crucial data over extended periods, elevating archiving capabilities to new heights.
3. Empowerment through Insights: Quarantine Email Reports
The introduction of Quarantine Email Reports was met with excitement. Attendees discovered how this addition empowers users with deeper insights into email management and security, enabling more informed decisions and improved communication management.
4. Crafting Policies with Precision: Enhanced Policy Creation
One of the webinar’s hands-on segments demonstrated the process of crafting allow policies for domains such as @xdreports.com and @xddiagnostics.com. This procedure showcased the delicate balance between streamlined communication and robust security measures.
5. File Sharing Made Effortless: WEBSHARE for Large Attachments
Participants were introduced to the upgraded support for large attachments through the WEBSHARE feature. This enhancement offers a more efficient and seamless method for sharing files within the platform, simplifying collaboration without compromising on security.
6. Simplified Security Configuration: Default Domain Security Policy Wizard
Navigating the complexities of security policies became a breeze as we explored the Default Domain Security Policy Wizard. Attendees gained a firsthand experience of how this user-friendly tool streamlines the configuration of essential security policies, ensuring a safer digital environment.
7. Unveiling Loopback Services: Insights and Applications
A deep dive into Loopback Services rounded off the webinar. From roundtrip latency testing to policy enforcement and delivery testing, participants gained insight into these multi-faceted services. Moreover, the critical role they play in phishing education and attack simulation highlighted their value in fortifying cybersecurity defenses.
In closing, the webinar provided an illuminating exploration of the evolving landscape of email management and security. Participants departed armed with knowledge and insights that will shape their strategies for more effective communication and enhanced protection. We extend our gratitude to all attendees for their active engagement and look forward to continually revolutionizing the way we interact with our digital communication systems.
Trusted sender keeps on ending up in SPAM
One of the most common complaints we get from our clients has to do with allow/whitelist policies and to make the long story short this happens because of the way your service provider configured ExchangeDefender. The long story, technical background, and best practices are outlined at https://www.exchangedefender.com/docs/whitelist. It usually sounds like this:
“I keep whitelisting this email address that sends me my OTP password / password reminder / login code / transaction confirmation / newsletter and they keep on ending up in SPAM!”
This happens for clients that configure ExchangeDefender to block email forgeries and spoofing.
You see, the email address that is showing up in ExchangeDefender and your Outlook/Gmail is not the actual email address that the message was sent from. Large volume emails (OTP, password reminders, notifications) are not sent by humans, they are computer generated and there is a random email address for every notification they sent out (so when/if it bounces they can track it).
These automated email addresses tend to have a long randomly generated identifier in them and generally look like this:
010001890676a389-ee862f60-d7ea-4ba1-a113-f16935e2afeb-000000@amazonses.com
But in your Outlook/Gmail the spoofed/faked email appears to have come from DoNotReply@someotpsite.cz which has the domain you trust and attempt to allow/whitelist. If you pull up the SMTP headers from the quarantined email you can see this email address in the envelope-from field:
Received: from inbound10.exchangedefender.com (65.99.255.114) by
owa.exchangedefenderdemo.com (10.10.10.5) with Microsoft SMTP Server (TLS) id 14.3.498.0;
Thu, 29 Jun 2023 05:23:03 -0400
Received-SPF: pass (inbound10.exchangedefender.com: domain of 010001890675c389-ee862f60-d7ea-4ba1-a113-f16935e2afeb-000000@amazonses.com designates 54.240.77.69 as permitted sender) receiver=inbound10.exchangedefender.com; client-ip=54.240.77.69; helo=a77-69.smtp-out.amazonses.com; envelope-from=010001890676a389-ee862f60-d7ea-4ba1-a113-f16935e2afeb-000000@amazonses.com; x-software=ExchangeDefender SPF;
Authentication-Results: inbound10.exchangedefender.com; dmarc=pass (p=quarantine dis=none) header.from=someotpsite.cz
Authentication-Results: inbound10.exchangedefender.com;
dkim=pass (1024-bit key) header.d=someotpsite.cz header.i=@someotpsite.cz header.b=”QPv3HP79″;
dkim=pass (1024-bit key) header.d=amazonses.com header.i=@amazonses.com header.b=”MsX8RGl7″
Received: from a77-69.smtp-out.amazonses.com (a77-69.smtp-out.amazonses.com
[54.240.77.69]) by inbound10.exchangedefender.com (8.14.7/8.14.7) with ESMTP
id 35T9M86a030204
<demo@exchangedefenderdemo.com>; Thu, 29 Jun 2023 05:22:09 -0400
From: <DoNotReply@someotpsite.cz>
To: <demo@exchangedefenderdemo.com>
Subject: ConnectWise Manage Security Code
…
Solving this issue requires your ExchangeDefender admin to decide how permissive they want to be of email forgeries and fakes. ExchangeDefender provides two ways to manage this in the ExchangeDefender Domain Admin app at https://admin.exchangedefender.com (see documentation)
Option 1: Allow email from the bulk email network
ExchangeDefender enables you to automatically pass through messages coming from specific bulk/spam mail providers. It’s located at https://admin.exchangedefender.com under Advanced Features > Bulk Mailer Policy:
In our example SMTP header the message came from AmazonSES so if you change the policy from Scan to Allow, ExchangeDefender will simply deliver these messages to your mailbox without quarantining it as a forgery/spoof (which it is).
Option 2: Choose a relaxed From: policy
This is a less secure option that will allow forgeries and effectively lowers your security level to that of M365/Office365 – and we strongly discourage you from doing that. However, if the client requires it you can get it done under Advanced Features > From: Policy:
Summary
If you’re seeing notification emails in your SPAM quarantine even though you’ve trusted the sender repeatedly, it’s doing so because the message is being spoofed and your admin has configured ExchangeDefender to block that activity. You can relax the security restrictions by choosing to either allow the bulk mail network or you can build your trust rules on the less-secure From: address.
Our team is always here to help but they aren’t allowed to guess without seeing the SMTP headers first – so if you ever run into an issue that you’d like us to take a look at grab the headers and provide them at https://support.exchangedefender.com and we’ll advise from there.
Troubleshooting Email Delivery with ExchangeDefender Logs
Modern email delivery has become complex in order to eliminate scams and minimize the impact of cyber threats. Unfortunately, those complexities can impact mail delivery: “I sent them an email and they never got it!!!”
First point the user to https://bypass.exchangedefender.com service that’s included with ExchangeDefender. Our users love it because they don’t have to wait on the tech issue to get sorted, they can send the mail right away (and it tends to have a far better delivery success rate because we strip everything that typically trips up SPAM and security filters).
Second, find the problem in the mail and error logs.
You can of course use our interactive mail log (tracing) search to locate the message and see where the problem may be. For larger tenants, we recommend downloading the logs so you can go through them faster on your PC:
ExchangeDefender can help identify the issue through our detailed Raw SMTP logs and Mail Error logs
Log access gives you raw access to everything we have on our backend but you get it faster (as our support doesn’t have access to your data including logs, and getting the access approved internally takes time).
If log analytics isn’t your thing please contact us about the ExchangeDefender Managed Service where you’ll have your own postmaster managing all these issues for you (service must be enrolled before requesting support).
Email delivery problems can be complex and at times out of your control. This is why we always first recommend going to bypass.exchangedefender.com (and ExchangeDefender Inbox) so you can actually do your work. After that, grab the logs and see what the problem is. As always, we’re happy to help!
Protect Your Privacy with Disposable Tracking Emails
Do you ever wonder who is selling your email address to marketing companies? Or do you ever sign up for services and sites while checking things out but don’t want to end up on every email they send until the end of time? Gave your email address for a 10% off discount? Used it with a sketchy parking lot?
We’ve all been there.
Wouldn’t it be nice to be able to come up with an address on a whim? I’m at Subway and they want my email:
“Yeah, that’s subway+vlad@exchangedefender.com“
ExchangeDefender now let’s you do this on a whim there is nothing to set up. Just add any tag+ to the front of your email address and that’s it. Yep, any text you can imagine. Tie it to a specific search like pi+orders+vlad@exchangedefender.com so you can create an Inbox filter rule and potentially automation based on the address alone.
Message is still subject to your security policies so if it’s safe it will come right to your inbox.
Yeah but how do I unsubscribe?
You can do the traditional click & pray that the unsubscribe site is 1) up and 2) works.
The cool thing about tracking emails is that they are integrated in admin.exchangedefender.com and you can see a report similar to the daily quarantine report. Here you can see who is sending messages to which disposable address.
ExchangeDefender shows you where the sender got your email address from and where your data may have been compromised or sold.
You have even more flexibility with the address. If you’re starting to get a lot of abuse at the address, just click on the <b>Stop</b> button and we’ll bounce any email sent to that address tag+ address.
Changed your mind? Hit play and the address will be reactivated as usual.
Inbox, your company email’s emergency plan
We just released a brand new email solution called ExchangeDefender Inbox. You may have seen the beta floating around. It’s official, the commercial product is here and we are absolutely delighted. Inbox is the result of a decades of email issues, and security mishaps.
It is a hybrid of both a standalone email and security all in one. That’s right, you can access your email, and your ExchangeDefender security all in a single pane.
Inbox, what is it?
ExchangeDefender Inbox is a modern and secure email platform that helps you work when your email stops working. It is a safe alternative to your Outlook and Gmail platforms. Inbox is meant to rescue you when your (primary) email goes down. It is your email’s backup plan when things go terribly wrong like email outages, technical difficulties, email delivery issues and so much more!
How does it work?
Inbox takes your email and actively makes copies of it. When email passes through ExchangeDefender, it makes it possible for you to access recent messages in real-time. It is a very cool feature because it works independently of your email hosting. So, if your Outlook goes down, you can simply login to your Inbox to send and receive email while experiencing service outages.
What can Inbox do?
I am so glad that you asked. It has so many features but here are the most noteworthy: you can send and receive email,
you can send secure encrypted messages, and you can bypass any security policy with Bypass. Imagine combining your email and security together for a safe, stress-free email experience!
ExchangeDefender Inbox is unlike any solution on the market. It is an enterprise-grade email continuity solution that saves the day when your email is down, or unreliable. Inbox is flexible in the sense that it has the ability to work as a standalone email, as well as with most email platforms like Outlook, Gmail, and Yahoo.
New Release: ExchangeDefender Inbox M365 Hybrid Solution
Huge and most demanded feature from our community has finally shipped.
No more PowerShell. No manual steps. It’s all automated.
When you create a mailbox on ExchangeDefender Inbox the service creates your users M365 account, enables mail forwarding, maps the email addresses correctly, updates routing and signing.
Anyone can manage Inbox with far fewer IT skills than are needed for the most basic of M365 deployments!
We’re seeing ExchangeDefender Inbox mailboxes used in companies with high turnover, in companies that are trying to save money (Inbox could save over $300 / employee every year!), for mailboxes that get a ton of traffic but are mostly for logging (necessary but rarely ever logged in), temps, external users that need email at that domain but shouldn’t be given an entire M365 license or be exposed to all the data you have on your M365.
So.. if you’ve been keeping your own Exchange server barely alive just for these types of use case that M365 isn’t ideal for (or worth the $), let’s have a call and save some of your IT budget!
How easy is it?
Login to your ExchangeDefender Inbox admin account and choose a tenant to create a user.
ExchangeDefender Inbox does all the heavy lifting under the hood instantly. Using a combination of Remote PowerShell, Microsoft Graph, and Microsoft’s API for Exchange/M365 we’re able to create the user, setup forwarding, update address books on both sides and keep everything in sync. The admin doesn’t have to deal with any of that, they just see that it’s done:
That’s all it takes to create a mailbox and share the domain with a M365 tenant in hybrid mode. Everyone is on the same domain, everyone has the same format email address, it’s practically the same thing but saves your organization up to 95% every month.
Everything on the backend is tracked and kept in compliance. Best part – we do not use delete statements anywhere so you never have to worry about ExchangeDefender Inbox creating problems and issues at M365.