oAuth Launch Scheduled for May 19th, 2022
In January 2021 we launched *our oAuth implementation* to help clients get rid of passwords. On May 19th, 2022 our legacy systems (existing email/txt 2FA/MFA) will be shut down and all ExchangeDefender services will rely on oAuth for authentication. Clients will not see a major difference and will login the same way they always have at https://admin.exchangedefender.com:
The new authorization backend will help improve the security of all users that rely on ExchangeDefender to keep them safe: better password policies, no need to reauthenticate every time you visit our services, support for hardware authentication devices and tokens, support for software authentication such as Google/Microsoft/Authy authenticator solutions, and a lot more.
The era where someone can get access to all your data just by guessing or hacking your password is coming to an end. More importantly, industry standards and cybersecurity insurance underwriters are requiring 2FA/MFA and this is a huge opportunity for our partners to deploy a more secure access to the arguably most insecure and public endpoint in every organization: email.
We look forward to keeping all your data secure and your users safe from dangerous email exploits.
DMARC Deployments Completed
We want to thank so many of you that finalized the DMARC deployments during #CyberMonth of October. Special thanks to the thousands of clients that trusted us to update their DNS zones on their behalf, we know that DNS work can be complex and inconsistent from provider to provider, and getting it completed will eliminate countless mail flow problems (many that you’re probably not even aware of).
DMARC compliance allows us to keep you in our priority routing, assures delivery to major email service providers, improves mail flow & delivery, and most importantly – keeps us in your corner when there is a problem. (non-compliant domains are considered a broken deployment and restricted to service inquiries).
What all the DNS work and troubleshooting has turned up is that far too many of our clients and partners do not have the required skill set to properly deploy, maintain, and secure their DNS. This is not a one-off project: your domain name and DNS are your organizations primary identification on the Internet and just like people email you verification links when you sign up for the service, cloud applications are requiring custom DNS records for ownership verification.
In October we launched an ExchangeDefender DNS Service, at just $19/month, that will cover all the work related to your DNS including SSL certificate work, Dynamic DNS, DNSSEC, and whatever DNS standard comes up next.
Through the end of 2021, we are offering our ExchangeDefender DNS Service for just $19/month and we are waiving the setup fees. Contact us today to get this added to your account, as it will cost you exponentially more in troubleshooting and lost business the first time you have an issue.
ExchangeDefender Invoices Got A Makeover!
We have listened to our partners and decided to redesign our invoicing system so it works better for our partners. One of the many benefits of having both Wrkoo and ExchangeDefender teams working together, (more details in our next webinar on September 10th, 2019) is that we can take great ideas from all sorts of businesses and adapt them to serve our IT partners better. Specifically, new ExchangeDefender invoices will be grouped by client:
This will give you a clear indication of how many services each client is subscribed to, what type, amount, etc. For deeper dives by your CPA, you can filter and group by service and client so you can get exactly what you’re looking for (by default everything is sorted alphabetically, by the client):
And for the full details, just tap the title:
We’ll shortly be adding the ability to move services around, adjust titles, and for even more functionality as well as branding options you will have the ability to customize literally everything in your own Wrkoo portal.
Wrkoo and ExchangeDefender teams have been rolling out new features, listening to our partners needs, and you’re going to start seeing a lot of new features that result from that one-of-a-kind collaborative effort.
The best news though – as this is just a taste of what is coming – you’ll have to tune into our webinar on September 10th at NOON EDT. Trust us, you’re going to love what we’ve got coming!
ExchangeDefender Account Provisioning Live
As noted nearly two months ago, ExchangeDefender is starting Automated ExchangeDefender Provisioning. In the long, long ago when everyone ran their own Exchange servers, ExchangeDefender offered XDSync to automate creation of ExchangeDefender users as soon as they were added to the Active Directory.
Fast forward to 2019: Few people still run their own Active Directory and most users are now on cloud-based email services that don’t use Active Directory. This puts a burden on our CIO/MSP/IT personnel that has to manage users manually – so we solved that problem with ExchangeDefender. Here is the user experience.
Automated Provisioning – User Experience
When ExchangeDefender detects a new email address from your domain sending outbound mail, it will automatically provision the account for you. This way nobody has to deal with the account management and maintenance, nor do they have to filter and audit the list as local accounts, distribution groups, etc do not send out external emails anyhow. If they do, from the licensing standpoint, it’s treated as a user. When we detect a new user, they get this email:
The email contains branding and contact information of an MSP if the client is managed by an MSP. Otherwise, only the domain administrator and ExchangeDefender basic contact info is provided.
At this point, the user is added and configured for ExchangeDefender services according to the domain defaults the IT department configured for this domain.
Clicking on the “Complete Enrollment” button takes the user to the website to setup basic settings. This part is actually VERY cool and something our clients have been begging for – something that shows the user how to actually use the product.
The enrollment wizard is only 2 steps long and gets the essential settings that 99% of users change.
Setup your password, tell us what to do with SPAM, tell us what time you want the email report (if enabled by CIO/MSP/IT) and that’s it – user is done. We’re also working on additional customization/templating of the welcome emails which should be launching later this year.
ExchangeDefender Phishing Firewall User Benefits
ExchangeDefender Phishing Firewall has had an outstanding first * X days * protecting our clients from phishing. While the roll-out of such a massive service is always going to be a challenge, we cannot be more thankful for our users and the relationship that has lead to tons of feedback, bug fixes, new features, and a meteoric rise in additional security that everyone enjoys.
Just as a reminder, ExchangeDefender Phishing Firewall is an always-on phishing protection for email and web. As someone emails you phishing content, in hopes that you’d click on it and give away credentials and download malware, ExchangeDefender both helps keep that email sanitized and quarantined so that it never gets to your Inbox to be clicked on. But that’s not a fool-proof process, nor is it realtime – a site that was safe when the email was sent could have just been hacked and dangerous content uploaded – but we’ve got you protected there too: when you click on any suspicious site in ExchangeDefender scanned messages you will be directed to our firewall site, instead of directly to the suspicious content. Once you’re there, you are further protected by your corporate policies, and you’re given additional information that helps you determine if the site is dangerous or not. Once you’re sure you can either whitelist or blacklist the site and you’ll never be interrupted again.
How cool is that? Well, it’s so cool that during just the first two (2) days of use, ExchangeDefender Phishing Firewall caught 770,000 clicks on suspicious sites that aren’t one of the top 5,000 Internet domains – and 164,000 requests proceeded to known dangerous stuff.
When you’re dealing with email and dangerous links, you need every bit of security and intelligence in your corner and ExchangeDefender Phishing Firewall delivers that:
It’s always on, always scanning your messages
There is nothing to configure, setup, install, or buy
It works on Outlook, Gmail, and any other email service
It protects you on your desktop, laptop, tablet, and anywhere else you click on links
It gives you a database of known dangerous/suspicious sites
It protects you by isolating patterns/data from ExchangeDefender’s reputation table
It secures you by leveraging data-sharing relationships we have with the worlds largest security vendors
It logs your activity so you can backtrack and identify dangerous activity
It gives your business ability to setup custom policies and block/allow access as needed
It gives you control over which sites to whitelist and blacklist so you’re not interrupted
It learns what you click on and how so you don’t have to manage a whitelist
Most importantly, it gives you access to our Chief Security Officer infrastructure where you can Report an Issue and have our team help evaluate a potentially dangerous link.
Not only are we doing everything to keep you safe and secure online, we’re literally available in person to assist when necessary. We know that every feature/block isn’t going to be loved by everyone, we know that every change can grind some folks the wrong way, we know that it’s not going to be perfect – but we’re in your corner, we’re here for you, and keep on sending us feedback so we can build this into a security service everyone loves as much as ExchangeDefender.
Thank you for your business and have a SAFE day on the Internets :slightly_smiling_face:
ExchangeDefender discontinues free migrations for Office365 and Google GSuite
ExchangeDefender has assisted partners and clients with migrations from third party platforms onto our award winning platform. On July 31st 2019, we will schedule our last third party migration onto the ExchangeDefender network and will only support them under special projects going forward.
We’re sure this will disappoint some of our clients and partners that have hoped to bring their clients to our network, unfortunately this work is simply too expensive to deliver free of charge. Over the years we have given our prospects incentives – free licensing, free third party migration tools, free hosting, etc and we were able to do so on the back of deep expertise across other platforms.
But just as we continue to decommission our own older versions of Exchange clusters and third party email systems, the rest of the world is doing likewise. We feel like everyone that was truly interested in a smooth transition has made or scheduled that move already. Clients that have waited on 5+ year old infrastructure probably did so because of customized workflows, third party integrations, older versions of integrated software that doesn’t support Exchange 2016/19, etc. Keeping the immense staging, data transfer, and consulting resources on hand for legacy platforms is expensive and is needed as we roll out new features for ExchangeDefender. SplitMX, Multiroute and duplicate delivery will no longer be supported by ExchangeDefender, on our network or on Office365/Google/3rdparty.
We’ve been mentioning the sun-setting of this service since early 2018, and if we’ve missed anyone there are still 2-3 weeks during which we can swing almost anything over. Past that, we will offer migrations to ExchangeDefender as a part of our enterprise services contract.
Thank you for your business and we’ll continue working hard to keep you in love with ExchangeDefender. If you want to join the fun, let us know by August 1st, 2019.
Phishing Firewall: Should I click on that link?
It is our pleasure to introduce you to the ExchangeDefender Phishing Firewall support services. While the launch of the XDPF has been rocky, we’ve received nothing but glowing reviews about it and the potential behind it to solve other email related issues (more on that in the webinar). Now that most of the dust is settled, we’re moving on to expanding this service to better serve and protect our users and the first feature out of the gate is the most obvious question a user would ask their IT/security person:
“Is this link safe to click on?”
Prior to ExchangeDefender Phishing Firewall deployment, nobody would even think of such a question. You clicked, and if you clicked on something malicious, boom you’re pwn3d. Now you’re presented with the link, the path, and you suddenly have a choice to make: “Do I trust this site?” – well, sometimes it’s hard to guess and we’re here to help. When you click on an HTML link, you will be taken to the ExchangeDefender Security Center and there will be a new yellow button there labeled “Report Issue”:
If you click on the yellow button you will be presented with a form to provide additional comments and contact information. After you provide the minimal required information, a service request will be sent to a human being at ExchangeDefender that will evaluate the link for you:
We will basically look at the link and the email data (sender, charset, SPAM data, reputation) as well as the link destination. The link will be opened in a virtual sandbox environment and we will look for any obvious payload that is automatically downloaded or data requested from the browser. We will then report back to you in an email within 24 hours and let you know what we found.
Obviously, we will also be using the same form for any support or issue management, basically setting up the ExchangeDefender Phishing Firewall as a managed, supported, and facilitated service end-to-end.
We will be discussing this feature in far more detail during the webinar on July 10th, 2019: https://register.gotowebinar.com/register/5418502553065819404 but in general terms this is a huge commitment to us that requires us to be available as a Security Officer whenever our clients need us. As a result of managing both the email and the web security incidents, we now have far more data and reputation information that can rely on to help secure our clients in near real-time. As it becomes harder and harder to know who to trust, businesses need security expertise and analysis provided on demand so they can get back to work – phishing is far too profitable and as the #1 attack vector leading to breaches and compromises, it is only going to get worse. With ExchangeDefender, you have a trusted partner that is there to help beyond just another automated security layer, our power is in the people.
Automated ExchangeDefender Provisioning
Keeping up with ExchangeDefender subscriptions used to be relatively easy back in the day when everyone had their own server.. and while we still proudly support XDSync, the new usage scenarios and new platforms are making user management a chore for IT people and those in charge of reconciling billing alike.
Starting with July 2019, ExchangeDefender will automate the provisioning, billing, and enrollment of new users automatically.
How will it work? How ExchangeDefender will be monitoring outbound flow of mail from the organizations that are protected by ExchangeDefender. Whenever we encounter a new email address sending email, we will check the existing users table and if we find someone new we’ll start the enrollment process. It will work as follows:
(1) ExchangeDefender finds a new email address on a protected domain.
(2) ExchangeDefender creates a new account and provisions default domain security policy.
(3) ExchangeDefeneder sends the user a welcome email with an enrollment link.
(4) ExchangeDefender sends the domain administrator and CIO (or service provider) a notification.
That’s it, we’re keeping it that simple. And since you never get billed for ExchangeDefender accounts added in the middle of the month you can always correct any mistakes and lock down mailboxes that get created as a result of a security breach for example.
FAQ
Q: Will the bill for the new user be prorated?
A: We never bill during the partial month, so if you sign up a new user on the 14th, they will not be billed for the service for the part of the month.
Q: Will this automatically categorize printers, devices, etc?
A: Printers and smart devices are free if they are setup as an IoT device.
Q: What if this is just an alias on someone else’s account?
A: In ExchangeDefender, inbound aliases are free (terminated employees email addresses, vanity accounts, department or distribution groups, etc) as long as they are associated with another users account. If for some reason they both receive AND send mail, those accounts under our licensing model are indistinguishable from users and must be billed as such.
Q: Will I have the chance to review the new additions?
A: Yes, you will get an email from enrollment@exchangedefender.com when the account is added and remember, you will not be billed for it until the 1st of the month. So long as you delete the account more than 72 hours before the end of the month, it will not be billed.
Q: What will the user experience be like?
A: Identical to the way it is now. They will receive the same welcome email they would get if you manually added them at https://admin.exchangedefender.com
Q: So which address should they email to start the enrollment?
A: Any address you wish.
Q: How about automatically deleting accounts that aren’t being used? A: We are working on it. As we’re dealing with folks email (and compliance, encryption, archiving, contacts) automatic deletion is never a good idea but we realize that billing and account management is a pain. The way we’re currently designing it is with the expectation that the domain owner will set an inactive date in the portal. Any user that hasn’t sent email in the quarter or in a year (depending on policy) will automatically be removed from the active roster and you’ll be able to nuke them all through a review process.
New look for ExchangeDefender SPAM Release & Re-directions
It’s been about a decade since our last face-lift to the end-user facing part of ExchangeDefender – suffice to say, lot’s of cool new things are possible with the web technology that wasn’t possible in the past. So, allow me to introduce you to the ExchangeDefender Security Center!
As of Thursday, June 27th, when you attempt to release a SPAM message,
you will see our new security center:
Of course, yours will look a little different. If you have ExchangeDefender from a service provider, it may have their color scheme. You can still upload your own logo (at https://admin.exchangedefender.com).
The idea here is to help connect our self-service portals https://www.exchangedefender.com/ss, our chat, our alerts, and documentation into one spot so when an issue comes up we can help the end user right then and there.
Remember that all of this stuff is data driven, so if you’re one of our partners we encourage you to put up your own announcements, deploy the XD NOC for your organization so your branding is preserved, work with our account managers, etc.
Going forward, this will be the default view for unauthenticated connections – so WFS, Encryption Download, SPAM release, and the Phishing Firewall Redirect.
P.S. How do IP restrictions play into this? They don’t. If you have ExchangeDefender enabled only for Trusted Devices and admin portal locked down to the enterprise IP range, the site will still allow the user to release SPAM from the quarantine no matter where they are (think mobile device access). For other functionality, once they click on Login the same 2FA/OTP/Known Device/IP Restrictions are in play.
ExchangeDefender Phishing Firewall FAQ
ExchangeDefender Phishing Firewall officially launches tomorrow, June 12th, 2019.
Every service provider and every user will be contacted with the information about the new service. Since some users may see the redirection site, we wanted to assure everyone was aware of the service, how it works, what it looks like, and what it does to protect them.
Note from Vlad: We hate changing the user experience. We understand that every time we change anything there will be an issue, folks don’t like having their cheese moved, I get it. However, this isn’t a futile exercise in self-promotion, up-selling, cross-selling, or useless noise: we are doing this to eliminate the problem that 90% of security compromises are triggered by. This implementation comes down to ethics: If I know that something is 90% likely to hurt you, and I have the means to protect you, and I choose to let you get hurt anyhow… why would you ever do business with me or ExchangeDefender? I understand we may lose some business over this, and I am willing to make less money in order to do a better job for people that trust us with their business.
Here are the answers to some questions we’ve already received:
Q: Does ExchangeDefender PF work on every device I receive email on?
A: Yes, ExchangeDefender PF automatically encodes all links sent through our system in HTML messages and redirects them through ExchangeDefender PF. This means that the link will be secured no matter which device you use to access your ExchangeDefender-protected email.
Q: Does ExchangeDefender PF protect me from non-email links?
A: ExchangeDefender only protects you from email links in HTML messages sent to your email address through ExchangeDefender. If your mail client downloads mail from 3rd party external services (Yahoo,
AOL, Microsoft, Google) that are not protected by ExchangeDefender, you will not be protected.
Q: Is ExchangeDefender PF available in ExchangeDefender Essentials?
A: ExchangeDefender PF is only available in ExchangeDefender Pro and ExchangeDefender Enterprise.
Q: Is there any way to turn off URL encoding for specific domains or users?
A: ExchangeDefender encodes the URL at the edge, as the message is being scanned for malware and other phishing forgeries.
Q: I don’t want to see the ExchangeDefender PF warning/site, can I bypass it?
A: Yes, you can simply whitelist the domain and ExchangeDefender PF will not be displayed. Whitelisted domains are automatically displayed without ExchangeDefender PF. ExchangeDefender maintains a list of known good/legitimate domains so the likelihood that you will see a dangerous (or questionable) website is very low. Additionally, your IT department or IT Solution Provider has access to organization-wide whitelist and can bypass ExchangeDefender PF to any site you need to visit.
Q: Is it possible to still get hacked/compromised even with ExchangeDefender PF?
A: ExchangeDefender PF simply applies your organizational policies to traffic and gives you additional information about the link you have clicked on. If you ignore warnings, or if you proceed to a dangerous site as a part of your organizational policy, you can still be compromised.
Q: Is there anything special I need to do on my network in order to support the redirection?
A: No, you should not have to make any modifications to your clients network in order to support this. If you do something exceptionally unusual (we would have contacted you separately, DoD requirement) and only have an allow access policy while blacklisting the rest of the Internet, redirection happens through https://r.xdref.com domain that needs to be in the safe sites.
Q: Can I turn URL rewriting off?
A: The ExchangeDefender URL rewriting code is implemented at the edge without regard for domain/user policies. In order not to introduce delays in processing, this is a global rule. If you are concerned about your clients seeing the redirection screen, whitelist the domains they typically go through. If we get complaints about it, we will look at deploying this policy further down in the scanning path which will slow down processing times for domains that opt out of the service and that feature is already in the development queue.
Q: Can I see the copy of the messages you are sending users, so I know what to expect?
A: Here is a copy of the message in PDF and Outlook format.
Q: Will the links stay live for X number of years for compliance purposes?
A: There is no expiration date for the links, as clearly stated in our Privacy Policy we do not collect or archive the links that you click on or that we encode, they will stay in your downloaded / cached / archived messages. While many regulatory requirements have message retention policy expectations, those requirements do not extend to external content, ie: you have to archive the message, you DO NOT have to archive the documents that are externally linked on third party sites. Either way, messages will continue to redirect as long as we stay in business.
Q: Can I get a list of good/bad sites for my compliance records?
A: Please contact our compliance officer at compliance@ownwebnow.com with the letter from your regulatory body and we will do our best to provide this confidential information ASAP.