Dealing with Newsletter and Subscription bombs
Dealing with Newsletter and Subscription bombs
ExchangeDefender now protects you from malicious subscriptions to newsletters and emails you never opted into through “Subscription (Newsletter) Bomb Protection” available at admin.exchangedefender.com. By enabling the feature all newsletter “CAN-SPAM” “legitimate sender” content that you don’t want in your mailbox will automatically be filtered out as SureSPAM by ExchangeDefender.
The Bomb Issue
Hackers are currently exploiting security issues in newsletter software that allows them to add your email address to a mailing list without validation. If you’ve signed up for anything recently you know that you’re generally sent a confirmation email to validate you own the email address — well, hackers have found a way to add your email to the list without that step. Repeated thousands of times, it gives hackers a way to blow up your mailbox through a broadcast storm by otherwise legitimate senders who cannot tell your email address from thousands of others on their mailing list.
The ExchangeDefender Solution
ExchangeDefender already has a built-in newsletter management software (where you can have all of your newsletters skip your inbox and be available for reading online). We can effectively quarantine all the newsletters for you and allow you to read them online without them hitting your inbox and putting you over the quota. With the Subscription Bomb protection we go an extra step and outright classify these newsletters you haven’t subscribed to as SureSPAM. You can still access them but they won’t bother you or damage your Inbox or productivity.
There are 3 options:
Enabled: Protection is turned on and any newsletter will be flagged as SureSPAM. We do not recommend this option as it will catch all newsletters, whether you’ve subscribed to them or not.
Disabled: No protection. This is the default setting at the moment for all domains.
Whitelisted: Protection from newsletters but whitelisted ones will still get through. This allows you to have the best of both worlds: protection from newsletters you didn’t subscribe to but newsletters you want and have whitelisted will still come through. On January 1, 2019 this will be the default setting.
What do I tell my clients?
ExchangeDefender can now protect you from SPAM being generated by legitimate newsletter and subscription providers – if someone steals your identity (your email address, name, etc) they can subscribe you to newsletters without your knowledge or permission. Because the sending and management of these lists is automated, hackers can get an innocent third party to send you thousands of newsletters to clog up your inbox, make you wait for your email to download, and just make your email experience miserable.
ExchangeDefender can detect newsletters and “legitimate marketing emails” with unsubscribe or newsletter control keywords and automatically filter it out from you. Messages aren’t gone, you can still access them through admin.exchangedefender.com in realtime and on demand, but your Inbox will stay clean.
ExchangeDefender Office Macro (OLE) Dangerous Content Filtering
ExchangeDefender Office Macro (OLE) Dangerous Content Filtering
ExchangeDefender now includes advanced protection from dangerous Microsoft Office macro code (OLE). Since usage of Office macro code is very limited (and seldom moved via email) it’s almost universally used as an attack vector by hackers who send malicious macro code embedded in Microsoft Office documents that target vulnerabilities in Outlook, Word, Excel, Powerpoint, and more.
Specifically, our service scans the following attachments for the presence of dangerous, encrypted, malformed, malicious, or suspicious code: doc,dot,pot,ppa,pps,ppt,sldm,xl,xla,xls,xlt,xslb,docm,dotm,ppam,potm,ppst,ppsm,pptm,sldm,xlm,xlam,xlsb,xlsm, and xltm. If we detect something suspicious or dangerous the message will not be destroyed or quarantined (as is the case with virus or infected attachments) – rather we just filter it to SureSPAM.
Managing Your OLE Protection
We will start strictly enforcing macro protection on January 1, 2019. However, the feature is available now and can be enabled at any time by going to https://admin.exchangedefender.com and logging in as a domain administrator (if you don’t see the setting, you aren’t logging in with your domain account but your personal or service provider account).
Click on Configuration > Policies > Phishing Options.
At the bottom of the form you will see “ExchangeDefender Office Macro Protection” section that is currently (October 2018) set to Off. The following options are available:
Off – Turns off ExchangeDefender Office Macro (OLE) protection
On – Turns on the protection but whitelisting the domain/email will bypass it
Strict – Turns on the protection and ignores whitelists
ExchangeDefender recommends this setting be configured as Strict in order to protect from spoofing where clients own domain or vendor (that doesn’t have SPF/DKIM implemented) address is used to deliver a dangerous attachment. Using “Strict” setting bypasses whitelist checks so if the message contains dangerous content it will automatically go into SureSPAM even if the domain is whitelisted.
What do I tell the users?
First, set the setting to Strict. Then, adjust the date in the message below and make sure SureSPAM settings are set to Quarantine.
“Starting with January 1, 2019, ExchangeDefender will protect you from dangerous attachments that contain rarely used Microsoft Office macro (OLE) code. If dangerous macro code is detected in an attachment, message will go into SureSPAM category and if configured to quarantine the message will be accessible at https://admin.exchangedefender.com in the SureSPAM quarantine. We have enabled the protection for you. If you ever see a familiar contact/domain but you were not expecting the message, it’s likely being spoofed/forged in order to trick you to click on a dangerous attachment. Take an extra step and contact the sender asking them if they sent you a document. If not, delete the message.”
We hope this helps keep your users more secure and in our production use so far it’s helping stop 100% of dangerous content
ExchangeDefender Introduces New SPAM Reports
SPAM Email Reports
ExchangeDefender SPAM Email Reports remain one of our most popular features and after nearly 6 years since the last major revision we’re looking to improve both the value and the functionality. For many of our end users, ExchangeDefender is the sole provider of cyber security training and information – so the responsibility of better educating our clients on the threats they are likely to face via email and web is crucial.
Then there is the look and feel of it. White collar workforce has largely gone away from dual monitor configurations to smaller portable devices on which users don’t spend the whole day in Outlook – so our email reports that were designed for the Microsoft desktop era needed a little face lift.
New ExchangeDefender SPAM Email Reports are launching on October 1st 2018 and we’ve made several significant changes to the look and feel based on user feedback.
– New reports feature “friendly” From addresses, instead of the actual From: line we’ve always used.
– Contrast has been improved as well as spacing, so finding information in the email is much simpler.
– Font size, padding, colors, etc has been modernized as well, allowing the report to look amazing on both small phone screens and large wide-screen computer displays.
On the backend, our reports and email release requests are starting to embed our support at the point of release, making sure our end users get exactly what they are expecting right away. If the message isn’t displaying correctly, or if it cannot be located, or if the message is continuously ending up in the SPAM quarantine even though the user believes they whitelisted it (99.999999999% they whitelist the disposable from tracking email which changes every time a message is sent, instead of whitelisting the domain) – our support will be there to assist them immediately without picking up a phone, without opening up a support ticket, without escalating it to the office manager or creating additional work. On demand service #ftw.
Our mission to help protect our clients from dangerous and malicious content also has to account for threats before they become problems – which is why we’re investing in training and info collateral aimed at the users so they are aware of new ways hackers are trying to exploit them. This info will be featured prominently in the service and we will cover it in detail as we ramp up production but for the time being we understand our end users have limited time and limited interest in what is going on in the world of cyber crime – so we will limit our content to 140 characters and feature relevant stuff only, nothing commercial.
If you have any suggestions or ideas for our Email SPAM Reports, please do not hesitate to let us know.
Managed Outbound Network Services
Beta Launch: Managed Outbound Network Services
ExchangeDefender is proud to announce the beta launch of our Managed Outbound Network Services – interjecting support, monitoring, and management of outbound mail delivery services. If you’ve ever had to deal with outbound delays, deferrals, rejections, SMTP channel errors, etc we will now have the ability to assist you with email delivery and facilitate problem resolution for outbound email delivery in realtime.
One of the biggest problems in troubleshooting outbound mail problems is that problems are noticed days later, and are generally resolved well before a ticket is opened. The same goes for abuse, sometimes a mail blast is caught only after hundreds of messages have been sent and domain/sender had their reputation damaged.
Tighter Restrictions Means Better Monitoring
Our new ExchangeDefender Managed Outbound Network Service involves tighter restrictions and better monitoring of email traffic by actual humans reviewing statistical models in realtime. This is not something that is possible through automation because it’s very difficult for computers to determine legitimate content from illegitimate or dangerous content. Sending patterns also change depending on the sender, time of day, day of the month, devices, etc. User may run a mail merge marketing campaign or invoice batch and send hundreds of messages in a very short period of time, blocking their access automatically would interrupt legitimate activity. By adding people to the mix, that can analyze the content and sending patterns we have the ability to stop outbound mail abuse the same way we do it on the inbound side.
“Considering that almost 30% of our support time is dedicated to outbound mail delivery inquiries,
we expect this new solution to reduce our partners and clients time significantly.”
-Vlad Mazek, CEO ExchangeDefender
The best part about the new service is that it will be free and will require no configuration or management on our clients or partners behalf. Any notices we may have to issue to end users will automatically carry our partners or clients logo and contact information and will be resolved in realtime. Historically, we know that 90% of the time our clients are not aware of an issue at all, and we hope that the new service will reduce ongoing support and technical troubleshooting struggle our partners have had to go through regarding email delivery. By catching the issue in realtime, we will also help our partners appear more proactive and able to protect their clients better during 0-day infections and outbreaks. Additionally, we will be able to minimize the damage that a single careless user or hacker can cause an entire organization by stopping an outbreak at the source.
We will be writing more about this service in August and the first beta clients will be onboarded during the 2nd week of August – if you are interested in participating please send an email to beta@ownwebnow.com and let us know!
ExchangeDefender IoT Email Relay Service
The Internet of Things
ExchangeDefender IoT has concluded it’s beta period and we’re thrilled to announce that the system will go into production this week. We have blogged about this previously and the demand for this service really surprised us – so we’re rolling with the production and adding all the new features into the beta product as the applications for this service are quite extensive. To sum it up:
ExchangeDefender’s IoT Email Relay Service
ExchangeDefender IoT Email Relay Service is a custom email smarthost (outbound relay) designed specifically for Internet of Things devices and services to securely dispatch realtime email alerts. Feature-wise:
– XD IoT Relay assigns every device has it’s own account/credentials so if one device is compromised the email capabilities of others aren’t impacted.
– XD IoT Relay is secure permitting traffic only via TLS/SSL SMTP protocol to assure security credentials cannot be sniffed on the network.
– XD IoT Relay allows dynamic IP ranges, allowing for cell/4G/LTE devices and sensors with remote/unsecure network connectivity to relay alerts.
– XD IoT Relay is compatible with every device that can send out email via SMTP/SSL (should be all of them) and is backed by our support and automated throttle management (in the event of an infection)
New feature is available in the ExchangeDefender admin portal under Domain Admin > Accounts > IoT Accounts.
Simply add a new account for each device you wish to have relay rights for (they are free for now) and configure your device to relay through outbound-auth.exchangedefender.com. Our service is globally redundant (no single point of failure) and is under our SPF/DMARC announced range.
We will be blogging more about this feature as we develop it and get a better handle of how it’s used but the feedback so far has been very positive and constructive. The biggest surprise (read: shock) is the level of unreliability of some of these devices/sensors and their rather infant API/app development – but they all know how to send email so many of our partners are looking to us to help fill the void between these devices/sensors going dark/offline and production email notification service. Many of our partners also looked to use this for printers, blogs, contact forms and a seemingly endless set of services that a remote ISP should be providing but they don’t – so when it comes to business and email people come to ExchangeDefender.
P.S. If you’d like to hear more about this feature and all the other new stuff we have set for ExchangeDefender in 2018, please download the webinar where we go into the details of how/why/what that might give you a broader perspective on how to position, sell, and implement these new features. Please click here to download the webinar.
Three Simple Ways To Begin Regulatory Compliance Archiving
Have you been putting off offering or relying on Compliance Archiving to meet regulatory compliance requirements? If so, you’re among friends as most businesses tend to view it as a form of a backup until they receive a letter from a law firm. Recently we published a quick and informal techie-free post about business continuity and we wanted to do the same for archiving because the #1 thing that will keep you out of trouble is making sure your entire organization is on the same page.
With that in mind, here are three steps that your organization needs to follow to get started with Compliance Archiving:
Step 1: Understand how your organization communicates
If you only knew what everyone did and what they had access to, things like security and compliance would be a non-issue. In the real world, organizations have a revolving door of staff, vendors, clients, laws, and projects that is constantly spinning. The notion that you can get something to manage it all, held together by IT staff and automation, is nothing short of a fantasy. Or rather, a nightmare, because you’ll get in trouble over one thing that was missed and went wrong not a million things that went right.
Our Compliance Archiving touches every message in your organization: doesn’t matter if it’s a message you sent to a client, a message you received from a vendor, or an interoffice email you sent to a coworker – we get them all. The important thing in step one is identifying the people and making sure that the way you communicate is set in stone: “We communicate with everyone through @ownwebnow.com email addresses, every ticket, every update, every inquiry, every quote, every bill pay – everything either comes from or is cc’d to an @ownwebnow.com address.”
Step 2: Get a grip on your devices, apps, and processes
Convenience is the enemy of order. And if you’re going to run a business, you cannot have everyone do exactly what they want to do. Yes, Subway will make your sandwich any way you want them to, but if you walk in and order a key lime cheesecake you’re going to be hungry. Same method applies to all the devices, apps, processes, etc. The simplest, most common sense, most effortless thing to do is to just give everyone that works on your behalf an email address on your infrastructure and have them use that email for all company communications.
If they use something else, and for some reason you wish to permit that rule change in your business, request that everything is cc’d to a local shared mailbox where you can keep ownership of it. Don’t make a big deal out of it – we get our office beer and red solo cups from Costco – and believe me we don’t have a massive asset inventory tracking system around it with people signing off on stuff left and right. We just take a picture of the receipt/order form and email to a receipts@ address – done.
Step 3: Get a regulatory compliance plan
The worst thing you can possibly do is start thinking about a plan when you’ve received a request for information or a legal hold. The good news is, step #3 is the simplest one because it’s just a matter of calling us at 877-546-0316 and talking to someone about implementing the Compliance Archiving solution. The complexity isn’t in the technology, it’s with the people and the constant sprawl of apps and devices that hold vital corporate information.
The great news about what we offer with our partners is that anything going in and out of your company can be screened, monitored, reported, and produced on demand or automatically for just a few bucks a month. The biggest challenge is knowing what to do – and you have to actually get started.
We look forward to serving you and making regulatory Compliance Archiving a breeze.
Looking for a way to spend less time on email/client support ?
Not growing as fast as you’d like, or spending too much time on email/client support? Hear our CEO’s thoughts on what is fueling our growth and how ESS is already playing a huge part in growth of managed services across our client base.
VIDEO: Live Archive keeps emails up, and running!
So here is something that has always worked for me: everyone hates outages. Regardless of why I’m invited to speak to anyone about ExchangeDefender, and the billion problems we solve, I am here to help you with just one thing: uptime. If things are working, we can sort everything out, but the fear of the new unknown solution causing downtime is the #1 thing your client is thinking about. So address it first.
Posted by ExchangeDefender on Thursday, March 29, 2018
What’s this video about? Live Archive.
So here is something that has always worked for me: everyone hates outages. Regardless of why I’m invited to speak to anyone about ExchangeDefender, and the billion problems we solve, I am here to help you with just one thing: uptime. If things are working, we can sort everything out, but the fear of the new unknown solution causing downtime is the #1 thing your client is thinking about. So address it first.
What is Live Archive?
Access your email via the cloud when outages happen.
Organizations are constantly facing internet and email outages, maintenance cycles and service unavailability. The key to productivity is being able to access your email even when outages happen Exchange Defender LiveArchive Business Continuity is the solution.
As you send and receive email, we make a copy and store it on our network – when you experience an outage you can just pull up a webmail system on your computer, tablet, or phone and continue where you left off.
Visit Exchange Defender: Email Security, Archiving, and Business Continuity solutions
Why is there suddenly a heavy demand for Encryption?
What is behind the growth in the adoption of email encryption?
Over the past year we’ve seen an explosion in sales of ExchangeDefender Email Encryption – which is a surprise given that we’ve not only had it for years but that we’ve also given it away for free. HIPAA has been around for over 20 years, dozens of other regulations that almost all companies ignore have been gone for just as long – so why now?
In one word: penalties.
Companies have long known that they can’t operate efficiently without email – and that they cannot just move files around “just to get it to them” once they see the penalties. But selling a service to someone that has avoided using or paying for it is never an easy discussion so here are the 3 quick questions that should lead you to an effective pitch in under 1 minute:
1. Who sends you encrypted messages?
2. Who could get hurt if this information went public?
3. What is your exposure? How much negligence insurance do you have?
The more they mumble, the more of those questions they cannot answer, the more details or costs or scope they don’t understand, the more they need it. End your question with this line: How comfortable would you be having this conversation in a legal deposition?
Elevator pitch: How to position ExchangeDefender Encryption as an answer to all of the above problems
→It is included in your ExchangeDefender Pro subscription and it’s transparent – no software to install, nothing to manage or configure.
→ You’ll be using the same process and same security major banks, health care providers and lawyers use – so you’ll be protected from most critical security exploits.
→ Finally, it’s dead simple to use – all your employees need to do is put [ENCRYPT] in the subject when they are sending the message. Doesn’t matter if it’s on the phone our Outlook or Outlook Web Access, it just works.
Ding. You’re done. It’s virtually impossible not to sell this service – and it’s desperately needed by anyone using email to do business or conduct confidential discussions. One more thing: Because encryption is transparent and on demand in the cloud, it also protects you when the security issue is on the recipients end – because email is never stored on their PC or device, if someone hacks their network they won’t be able to get to the info stored in your encrypted message!
If email is a business necessity then email encryption is it’s insurance policy.
If you discuss business over email, then anything confidential that should be in that email should be a matter of employee communication protocol: If you attach something sensitive to this message, you better encrypt it and CYA. This is the way things go at banks, with lawyers, with accountants, with realtors and at nearly every white collar job: Nobody wants to assume the liability so they’ll all do what it takes to protect the data.
And with high profile hacks and compromises in the news daily, is not having it worth risking the whole company?