ExchangeDefender Tag

Friendly Names, Finally.

You’ve only been waiting 20 years for this feature and we’re happy to finally deliver it: ExchangeDefender will now show friendly display names and email addresses, giving you a better idea of who the email sender is.

This is a slightly technical pragraph that we encourage you to skip. Every email you receive has two From: addresses. One is a “friendly from” or “header from” address that prints the name of the sender as the user configured it inside their mail software such as Outlook or Gmail. The other is an “envelope from” or “mail from / return path from” address that is used for mailer/postmaster reasons to bounce and process messages. As an email security solution, ExchangeDefender only looks at and reports envelope addressing as the friendly from can easily be spoofed and faked and generally has no impact on the underlying SPAM filtering technology, message routing, SPF/DKIM, and a myriad of other technical reasons. Two decades ago, when ExchangeDefender was first and foremost meant to be a front line defense on the edge/perimeter before allowing traffic to get to the firewall, envelope from was what I went with.

What made sense two decades ago, which is centuries in IT terms, doesn’t make sense in 2018. Today ExchangeDefender is no longer primarily an edge security service, it is prime real estate in which end users and business employees spend a considerable amount of their time managing their mail, sending documents, sending encrypted attachments, assuring compliance, collaborating, and as such the design and the content needs to show something relevant to the user (not the IT administrator power user that is likely managing things through our powerful Domain Administrator section).

Oh, and by the way, it’s also going to show up like this in our updated SPAM Reports starting in October for our ExchangeDefender Pro subscribers:

P.S. Please tune into our new feature webinar on Wednesday, October 17th, 2018 at noon EST. Lot’s of new features are coming in ExchangeDefender as we transform the product to better serve the compliance and security needs of our clients. Register Now!

 

 

 

Billing Compliance Enforcement

September marks another huge month in which we’re cleaning up some of our old “small business ways and means” and replacing them with industry standards, in every facet of our business. But before we get into that, as the changes are both service related and product related, we would again like to remind you to sign up for the big webinar we have on September 5th:

ExchangeDefender New Stuff Webinar
Wednesday, September 5th. Noon EST
https://attendee.gotowebinar.com/register/1810967512151336450

“I cannot urge you enough to attend the webinar and see the changes and improvements that are coming to our products and services. You truly need to understand the structure and the vision behind it because we’re doing the same thing we’ve always done: respond to client requests and how the marketplace dictates what people will pay for and how. So I urge you to please attend the webinar and hear directly from me what we’re up to and how you can run into fewer issues and make more money with us.”

-Vlad Mazek
CEO, ExchangeDefender

Billing Policies

None of the following policies are new or designed to impact our clients in good standing.
Our billing policy has not changed in 20+ years, but we’ve never enforced it fully, and we believe it won’t be an issue for anyone. So for the record:
– We need a 30 day notice on any services you wish to remove from ExchangeDefender (and any of our products, sites and services). We tend to be fairly flexible with this and will continue to do so.
– Any services cancelled within the last 2-3 business days of the 1st of the month will be billed on the 1st and there will be no refunds. See the 30 day policy above.
– Service cancellations will be disabled within the last 12 hours of the month. Our staff will not be able to process them via phone/tickets, they will be locked out as well.

The reason we are suddenly enforcing this policy is because we’ve noticed a significant amount of fraud related to people gaming first/last of the month (where you cancel the service on the last of the month, skip the billing cycle that runs on the 1st, then setup the new service on the 1st and get a free month). If our enforcement of our billing policies seems unfair please keep in mind that we do give you free service from the moment you sign up for the service until the 1st of the month. The other reason is that we cannot process changes and update invoices within hours of the amounts being submitted to the credit card processor.

 Late Fees

Late fees will also affect a small but persistent contingent of our client base that is trying to game and hide from what are fair business practices of paying the vendor. Because we’ve never charged late fees we have a few dozen clients that hide, provide fake credit card numbers or otherwise try to get as much free service as possible. Payment for all services is due on the 1st. If the invoice isn’t paid by the 5th (12:01 AM) invoice will automatically get a $39 late fee. If the invoice remains unpaid by the 15th (12:01 AM) the services will be suspended and subject to other legal remedies, along with an additional $69 re-connection fee.

These policies have not been enforced as a matter of personal courtesy we extended to our partners during the economic collapse of 2006-2009. Today, they require personal interaction and activity by a member of our staff, and every unpaid invoice and billing ticket about not cancelling the service in a timely manner is costing us (and our partners) which isn’t fair.

As mentioned above, these policies will not be an issue for anyone but a small handful that has been abusing the system. As a security company we are constantly being audited and leaving open invoices, not charging, late fees, policies that aren’t being enforced and so on are constantly flagged by our accounting, legal and even compliance auditors so we’re being forced to get a grip on everything. Thankfully, it won’t be much of an issue and we look forward to using freed up resources to deliver a better service to all of our clients.


ExchangeDefender 9 is off to a fantastic start, as mentioned in the previous post we’ll keep you up to date with any new bugs and fixes as we find and fix them here (http://www.exchangedefender.com/blog/2018/08/exchangedefender-9-launch-bugfix/). Great news on that front is that the entire codebase is new and thanks to new development methodology fixes for minor issues won’t take long. Neither will the addition of the new features: which is what we’d like to discuss today.

The following big features are coming in September and we’ll cover them in detail leading up to the release: ExchangeDefender encryption is getting a major upgrade in threaded conversations and ability to include attachments both ways, our support portal will begin mixing in live chat and status updates so you know immediately where your ticket is in our system and who is working on it, and we’re taking a major step forward to help you manage your security credentials.

      ExchangeDefender Encryption Upgrade

ExchangeDefender Encryption is getting a major expansion of features when it comes to handling files and conversations. Specifically, we never want you to have to leave the ExchangeDefender web site in order to communicate effectively and securely. Starting in September, we’re adding two major features to enhance our clients ability to exchange secure content with remote recipients: threaded views and attachment uploads.

Presently, only our clients (protected by ExchangeDefender) can send encrypted attachments. Soon, senders and recipients will be able to work through our portal to send encrypted contents back and forth. The way we’ll present the entire conversation will really take our clients productivity to the next level.

     Support / Ticket Live Chat

We’ve been testing a live chat/alert/popup functionality in our support portal where we can huddle up and work on the ticket in realtime with the entire team. This is a far cry from the traditional model where a ticket is accepted, assigned, worked on and completed by a single tech within a SLA mandated period of time.

In the new model, we all have the ability to work on every issue at once and quickly add relevant resources to the conversation: which is effectively what the new support is going to look like. So instead of a ticket being a single monolith of a problem that is handed from one person to the next in it’s entirety, we can now break it down into manageable pieces and a senior engineer can quickly pinpoint, triage and offer guidance that would let other technicians that are available assist the client far faster.

You will also be able to see who is viewing and working on your ticket and where/when the next update will come – this will eliminate the need for phone calls, escalation/status update requests and so on because the system is 100% reactive to what is going on – if the engineer is looking at the ticket they have a counter and they are printed on the ticket. We look forward to extending this functionality to our clients in September, we’ve been using it internally to raving reviews by our staff.

    Password Policy Enforcement

ExchangeDefender is a security product – one whose origins and some features trace back to the 90s. In the past 15 months the product has been rewritten entirely, giving us far more flexibility to help you manage your users and their passwords. In September we will start storing passwords with irreversible encryption and complying with many new technologies such as Magic Link that will make password tracking a thing of the past. Additionally we’re rolling out 2FA/OTP across ExchangeDefender with our own API to extend to other applications in the ExchangeDefender universe.

There will be many more features coming along as all our departments have stepped their game up – but these major ones will definitely change the way you work with ExchangeDefender and how much we’re able to do for you and your clients. Privacy, security and management are in the news every single night and we hope to give our clients and partners a level of control over their data that will make it easier for them to sleep at night.

 

ExchangeDefender, at it’s core, is all about protecting our clients: it should come as no surprise that we are big fans of GDPR. If you haven’t been inundated by GDPR, or by a million “we’ve updated our privacy policy” emails from every web site you’ve ever signed up for, or you’ve landed here simply because the deadline is tomorrow, Friday, May 25th: rest assured we’ve got you covered.

ExchangeDefender is 100% compliant with GDPR. You are covered as are your clients on ExchangeDefender and we have presence across European Union to handle any issues or complaints that come up as a result of GDPR implementation.

What you need to know

GDPR, essentially (and no, this is not legal advice), is a European Union data privacy regulation that turns the tables on marketers and gives residents of EU very specific rights and control over their personal data. The regulation is very broad in terms of scrutinizing everyone that may be holding (controller) or managing/processing (processor) personal data and ExchangeDefender fits both of those roles at times depending on the product or service we’re talking about.

image

If you’d rather do without me talking at you for 6 minutes, we have a ton of other resources that you can share with your clients. I would start with this document available for download here:

image

 

What you need to do now

1. Start by reviewing our new Privacy Policy. I know, I know, you’re done with

2. Contact us if you’re seriously building out a business around GDPR and get our marketing folks to hook you up with branded collateral (minimum client count

3. Review our GDPR collateral, particularly the webinar with the deep dive of the ExchangeDefender implementation. This is the most important thing you could do but it’s 27 minutes long and I know everyone doesn’t have that kind of time or attention span – I get it – but if you’re seriously working with us and need GDPR assistance, you will have to go through the training eventually.

Where to go next

We are very excited about GDPR and have put significant resources to design our products and services around the regulation because we believe it will have a broad impact well beyond Europe. Privacy, data integrity, right to be forgotten, right to withdraw consent, right to find out what sort of information companies have about you – those are fundamental rights in our opinion.

And if you ignore them the penalties are going to be extensive.

What we’re choosing to do at ExchangeDefender is to create a service around protecting people on the Internet – not just from SPAM but really safeguarding all communication you do as a business. Take a look at our GDPR resources and see how we can get you started on the same path – at the very least you can use our reach and resources to comply with GDPR.

Signing up for the Compliance Archiving service is the first step in reaching regulatory compliance when it comes to email retention and eDiscovery. The following five steps will put you on the right path of achieving and maintaining that compliance:

 

1.Understand what you need to keep and for how long.

Your regulatory/oversight body will provide details about how long you are required to hold on to your email. In our experience with Compliance Archiving, you also need to pay attention to the Statue of Limitations that your business may be liable for. Very often the discovery process for lawsuits includes legal hold requests and record requests that are longer than regulatory requirement.

2. Get the right product and implement it correctly.

Your compliance has to be all encompassing – all email must be archived. With ExchangeDefender Compliance Archiving all of your inbound, outbound, and interoffice email is collected, archived and protected in the cloud. You can search for any document at any time and be certain that it has not been tampered with and that no emails have been deleted – something that sets our eDiscovery/archiving apart from backup solutions.

3. Keep an eye on it to make sure it works

Just setting up a compliance archiving solution is not sufficient enough. there is no protection for technical negligence in regulations. You are expected to keep your mail server and everything connected to it secure. Penalties for data loss, compromised credentials, and data leakage are severe and are not a valid excuse for not having compliance.

4. Create Compliance Officer reports frequently.

Compliance Officer within your organization must create reports on a monthly basis to assure no confidential information is allowed to leave the organization. Some industries have an even more specific and severe restriction on the type of communication that can take place over email and what sort of information can be sent – compliance officers run eDiscovery reports to assure nothing confidential is being shared and address problems and exceptions routinely

5. Routinely audit the entire system to maintain compliance.

Organizations grow and change over time and remaining compliant with new regulations is key. ExchangeDefender Compliance Archiving service often sends out advisories, best practices, tips and suggestions to adjust your process because you are always expected to be in full compliance with the latest requirements. Every time you add a new employee or change your mail server configuration or new lines of business – compliance must extend to cover these new records that may be of interest to someone down the road.

“One of the biggest mistakes organizations make with regulatory compliance is thinking that it’s a service, product or a one-time effort: quite the opposite!”

 

Achieving regulatory compliance means implementing the right product, conducting routine audits, complying with changes in regulations and having full control of the environment where messages are stored as employees come and go.

In the event of an audit, you will be asked to produce record and you will be judged on your ability to provide specific records that are requested, not the best effort you made in trying to achieve compliance. Considering the fines and legal complications, it makes sense to revisit the five steps outlined here annually and make adjustments as necessary.

ExchangeDefender is getting a completely new user interface and user experience. We are very excited to get this new UI in front of all of our users and I’m happy to report that the new UI will be live next week! Here is a sneak peak:

user_dashboard_tabsuser_sureSpam_reply

domain_dashboarddomain_configuration_policies

sp_management_accounts_show_userssp_theme_DARK_BLUE

To find out more, please watch the recording of the webinar available here.

In a nutshell: Our business is continuing to evolve into helping organizations communicate smarter and more securely. This is increasingly involving systems other than email and the traditional Exchange+Outlook solution is no longer enough to meet the requirements or regulatory reporting needs of businesses. Not to mention privacy, integration, reporting, audits, legal holds: all something organizations of all sizes come to ExchangeDefender to address.

At the same time, we realize that our partners need help addressing these challenges and we are here to help and augment your existing practice and solution set. Click here to download the webinar and please let me know directly if you see anything you desperately need!

 

-Vlad

CEO, ExchangeDefender

65% of all emails sent are spam, what’s the solution?

At ExchangeDefender we kill SPAM for a living. We spend a ton of time and energy identifying, filtering, and destroying junk mail. If you’ve ever wondered how you could make your email experience better, even without the massive layered security that ExchangeDefender provides, these are the steps you could take today:

1. Configure strict SPF/DKIM DNS records

SPF and DKIM (DMARC) can help you protect your domain name from being used in SPAM mailbombs. Spammers will often use real email addresses and domains to send forged “spoofed” email messages and SPF/DKIM provide a mechanism for identifying which email server/platform you use. By setting up an SPF/DKIM you can tell places that are receiving email from your domain what to do if the message wasn’t actually sent from you. If your inbox is full of email bounces and non-delivery receipts, someone is using your email address to send junk mail and an SPF/DKIM record will practically eliminate bouncebacks.

2. Get rid of generic email aliases
At ExchangeDefender we manually process SPAM complaints from our customers – that’s how we train our system to eliminate messages that otherwise make it through because they are legitimate in every way we can automatically process them. The number one way to get a ton of annoying email that may be on the borderine between legitimate commercial mail and an unsolicited one: generic email aliases. If you get info@, sales@, admin@ or so on, you are painting a giant bullseye on your Inbox and practically begging to be spammed.

3. Unsubscribe from newsletters
I know, I know, everyone that has your email address supports CAN-SPAM , would never send you unsolicited mail, would never sell their client list… and even if you believe all those lies most of the time, people still get hacked. All the time! As do their ISPs and infrastructure along the way. If you want to reduce the amount of junk mail you deal with, simply reduce the number of places that have your email address. Simple!

4. Don’t click on everything in your Inbox
Sometimes SPAM gets through. Sometimes dangerous stuff from your friends and colleagues gets forwarded around. Sometimes your antivirus isn’t up to date. Sometimes the firewall virus protection is misconfigured our expired. Things happen: none are a good excuse for the simplest thing you can do: avoid clicking on anything in messages that look or seem suspicious.

5. Do not blindly whitelist major ISPs
The second biggest source of SPAM complaints at ExchangeDefender is actually completely self-inflicted: people whitelist major email providers and wonder why blatant junk mail keeps on “slipping through” as whitelisted. Go through your whitelist entries in Outlook, etc and make sure you aren’t whitelisting Gmail, Outlook, Yahoo, Verizon, AT&T, Hotmail or any of the widely used and abused email domains. Spammers know your email admin doesn’t want to deal with complaints about messages you’re getting from these platforms so they treat them more leniently – so spammers simply abuse them.

It’s really that simple – following these steps will cut your junk mail pile in half within a day. If you want to reduce it to less than 1%, ExchangeDefender is here for you for less than a buck a month or you can layer it and add more protection if you need it because time is money: but no amount of technology and automation can replace just a little bit of common sense.

Federal Trade Commission
CAN-SPAM Act: A Compliance Guide for Business
The official website of the Federal Trade Commission, protecting America’s consumers for over 100 years.

We are very excited to announce the launch of the new XD Service Manager that will allow our partners and their clients a much friendlier way to manage their Exchange services. This is a complete rewrite of the code – frontend and backend – and we’ve taken all the feedback and made the beast much friendlier both for smaller accounts as well as for enterprise clients with tons of users to manage directly. The goal was to entirely remove the IT department and “the PowerShell guy” from the equation and put power user tools at your disposal to quickly and effectively make changes on the mass scale.

But first, the frontend – full rewrite – with new responsive UI and controls. Previous jQuery UI that has been hacked, tweaked and kicked along for years is being replaced by this UI that will work as well on the desktop as it does on any mobile device:

screenshot1

Navigation is in line with typical modern design you’ve seen in many other web applications with ability to filter, scope, search and quickly apply changes to multiple accounts.

Actions are context-based, meaning you will not be refreshing the entire page in order to get search results or do quick changes on multiple accounts. We’ve fully extended the Exchange feature set in the new UI giving you the ability to centrally manage all aspects of your Exchange service without having to go back and forth between different screens or modules (so in that regard, it’s even easier to deal with than an Exchange management console)

image

Finally, and perhaps most importantly, the new service is very end-user friendly. While 90% of the feature requests for the new service manager came from our power users that expressed a lot of frustration with the speed and accessibility of the portal, we needed to recognize the reality of who manages IT in 2018 – it’s no longer the IT guy or the IT department – users want to be able to take control of their public folders, distribution groups, forwarding, password resets and so on – so our design had to take that into account as well:

screenshot3

As you can tell, the new Service Manager is far friendlier and uses the same wizard approach in the end-user mode that they are likely very familiar with. Because we’ve done very strict implementation on the backend (with all the regulations we are now responsible for), it’s virtually impossible for them to make a mistake. Unfortunately for some of our unskilled IT folks this means no more “Password1” or “NoSPAM” or “Princess1!” as a password going forward but everyone will be experiencing far fewer problems as a result of it.

Better reporting as well – you’ll be able to get the full overview of configuration, who uses what, where they are at and so on.

The new Service Manager goes into Beta next week (last week of March 2018) and will run in parallel with the existing Service Manager (on the same site as https://support.ownwebnow.com) as we get more feedback from our entire user base – so don’t worry about this springing up on you as a surprise. You will see the new link on the Dashboard and will have the ability to access the new infrastructure from there. Both will continue to work for at least a month.

This is also the new UI framework for Shockey Monkey: which we have been working on for a year now. The same infrastructure, MVC, UI and upgraded backend are going to be driving ExchangeDefender, SM, XD and all other services which means that you’ll very soon be managing everything from the same look and feel that will be extended to your site as well. What it ultimately means is that the new UI will follow your branding and your color schemes and no matter where in the ExchangeDefender universe your client ends up, they will be dealing directly with your brand.

And we’ll be there in a live chat to provide support and help them out with every service.

Thereby ultimately managing the entire communications, collaboration and business management platform end-to-end. Very exciting times ahead!

-Vlad

CEO, ExchangeDefender

Attachment download: New Service Manager Partner Guide (pdf).

Hey guys,
Over the past two weeks we’ve been fixing some of the little bugs and initiating some error trapping to improve the overall experience within Exchange Defender. We’ve been focusing on error trapping the account creation stage, making it easier to set up accounts correctly, and other stuff of that nature.

Updates:

• Account creation will now check for aliases before submitting, if an alias for the email address you are trying to create already exists and is tied to another account it will notify you of an issue. We’ve also configured it to check Distribution Groups, External Contacts and everything else to avoid having problems such as those pop up on account creation.

• All columns in the Service Manager are sort-able by their names, email addresses, domains.

• The Distribution Group tab now alphabetizes the list of users to make it easier to search through and search for users that are added or need to be added. The list is divided, the top of the list is email addresses added to the user group and the bottom of the list has External Contacts that have been added to the Distribution Group (each one is organized alphabetically).

• We fixed a bug with the CC Expiration Date for card holders using the year 2020. It would revert the CC Expiration date to show 2018.

• The Spam Quarantine for users now has a few options to make checking, deleting, or approving spam easier. It also has had some visibility tweaks / improvements to the message description format.

• We’ve gone through and fixed some of the errant CSS Style errors that were prevalent on some of our lesser used webpages and fixed some of the branding issues that existed on some of the pages in the admin portal.

Today I’ve published an update for LocalCloud, which addresses a few issues that would result in a failure to upload a file. This issue would only occur under certain conditions and was only prevalent in large files It’s turns out this was a result of a known bug inside the .NET framework and how it handles event notifications for the filing system. In addition to resolving this bug, I’ve also implemented a few performance enhancements that should make the application run smoother.

Download: http://www.exchangedefender.com/software/XDStorage.exe

If you’re running a previous version make sure to uninstall it first. However, we’ve upgraded to a new installation platform and all future updates will be patched automatically.

lc_androidlc_iphone

Several months ago we added the LocalCloud feature set into our ExchangeDefender mobile application for both the iPhone and Android. Now you have the ability to access your files from your desktop, mobile workstation and practically any mobile device!

 

 

If you have never heard of LocalCloud, it’s a cloud based storage solution for documents. It recognizes multiple file types and is 100% compatible with office applications. You can share documents between computers and even allow other individuals access to your files. With multiple access points comes great responsibility, for this we have access control. This feature allows you or another individual to “check-out” files to prevent accidental overwrites while the data is exchanged in the cloud.

lc_desktop