ExchangeDefender Phishing Firewall Tag

As mentioned previously our new ExchangeDefender Phishing Firewall went live in production at noon EST today (March 3rd, 2023) and is already rewriting URLs unique to service provider that manages the domain.

A little bit about the technology


URL / link rewriting is an industry standard used by biggest email providers to rewrite potentially dangerous URLs. When the user clicks on the link they are redirected to a Phishing Firewall site instead of the direct web site address that was in the email. The phishing firewall looks at all the domain policies, allow/block lists, exceptions, and determines if the user should be allowed to proceed to the web site.

When the messages arrive into your organization, instead of https://www.yahoo.com the URL is rewritten to something like https://exchangedefender.xdref.com/url=hash. These masked URLs are only visible to our clients, when they reply to an email the outbound network reverses the process. Outbound network replaces https://exchangedefender.xdref.com/url=hashwith the original URL.

This technology eliminates the possibility that a random hacker can deliver a payload that is one click away from the user. Additionally, it gives the user the ability to check the site reputation, check for viruses, and clearly see the URL they are going (instead of a squashed little tooltip with a 200+ character URL). Essentially, we study how people get hacked with phishing and try to eliminate those issues.

All the sites and services are fully encrypted and partners/clients do not need to worry about certificate renewals, site mappings, etc – everything is automatic and done for you. Set it and forget it just keep an eye on the logs.

Going Forward

As of March 3rd, 2023 all the URLs will be rewritten using service providers id. Main benefit of this upgrade is that it reduces the scope and likelihood that the URL gets inadvertently reported or picked up by another security service that may deem xdref.com to be a masking site for dangerous content.

Additionally, you can configure your firewall to only accept unapproved URLs after a hop through <yourspid>.xdref.com. It also gives you full visibility into everything that happens with the URL, who clicks on it, where they go, etc which is something we do for our clients to address cybersecurity compromise and trace back how it happened (very lucrative service for partners that may be interested in deploying that level of protection.

Ever since we committed to ExchangeDefender Phishing Firewall as a core feature in ExchangeDefender, we knew that the biggest user benefit will be a trusted cyber-security expert available as a part of the solution. ExchangeDefender redirects all links that pass through ExchangeDefender through our firewall, giving users that click on a suspicious link in their email more information about the suspicious site – for example, if you clicked on a link in an email from Bank of America and are actually going to a web site in Poland, it might be an issue. But who do you turn to when there is an issue?

ExchangeDefender Chief Security Officer is just a click away and so far we’ve handled over a thousand inquiries from our clients and partners. If you’re looking at a link and you cannot tell why we intercepted and flagged the content, just click on the yellow button and fill out a form.

Within 24 hours you’re guaranteed a response from our team. The turnaround average so far has been just 18 minutes!
What happens on the back-end is actually quite hands-on: first we investigate the original email and compare the context with the link target, location, etc. We then open the link in a sandbox (safe environment without additional network connectivity and no data) to see what sort of information the web site collects and attempts to send. We then rephrase it in a non-techie user-friendly way and help the client out.

We’ve been overwhelmed with both skepticism and compliments as a result – turns out most users do not expect a response and are pleasantly surprised when an actual human emails back with useful information. We’ve gotten compliments on our turnaround time, usefulness of information, saving the user from dangerous content, as well as thankful comments about the frustration that phishing in general creates – as we’ve been fine tuning xdref.com our users are seeing it less and less and when they do see it we are happy to help.

The overall value of the service cannot be overstated – we’ve saved our CIOs, partners, MSPs, IT guys and gals hundreds of hours in investigative work alone. We got our clients a security audit that allowed them to continue to work quickly. Not to mention about all the bad links that likely would have lead to a breach or security compromise – that the users and techs never had to deal with.

P.S. Included in ExchangeDefender Pro at no additional cost. If you’re still frustrating your clients with “training” programs/videos/whitepapers that SPAM filters catch and junk anyhow – stop wasting your clients time and moneyExchangeDefender Phishing Firewall is a better, more effective, more affordable solution.