ExchangeDefender Domain Admin Manual



ExchangeDefender Admin Portal gives organization (domain) administrators central access to all policies, logs, configurations, service subscriptions, branding, and user management. From this secure site, accessible via desktop and mobile, you can manage your entire organization and tailor it to your specific needs. The login credentials or password reset link will be sent to you by your IT department and you can access all services here:

ExchangeDefender Admin Portal

Navigation through the ExchangeDefender User Interface (UI) is simple with a tool bar across the top management sections/links on the left. The rest of the UI contains the main functionality for whichever section you’re currently managing. Almost all pages will also have a tabbed interface for additional settings, ability to export the current view into a csv/pdf, and search/paging functions.

Note: Some of the settings pages can be quite long, pay attention to the scroll bars on the right, as there may be more contents below the main view. As a general rule, buttons to save any changes are located at the bottom of each page.

Domains - Dashboard


ExchangeDefender domain / organization administrator’s dashboard contains important information for admins to glance at every time they login to ExchangeDefender: Announcements, ExchangeDefender Blog and SPAM Trends.

  • Announcements - ExchangeDefender announcements give ExchangeDefender, service providers, and you the ability to get important service-related notices in front of all administrators and users. Domain / organization administrators can add new announcements under the Announcement section.
  • ExchangeDefender Blog – ExchangeDefender blog contains the latest information from ExchangeDefender.


  • Domain SPAM Trends - SPAM trend graphs give you an overview of recent activity for each domain protected by ExchangeDefender. Please note that these are the consolidated logs that show normalized activity, we do not report the 99.9% of the junk that is eliminated outright due to its known malicious / SPAM content (because that data skews the graphs, is irrelevant, and while it makes ExchangeDefender look great it doesn’t provide the administrator with any useful information).

Domains – Accounts


ExchangeDefender domain / organization administrators manage all user accounts from a single interface available from the Accounts tab. Across the top you will see tabs for Accounts, Compliance Officers, and IoT Accounts.

Accounts tab for domain / organization administrators has all the ExchangeDefender protected email addresses. To protect another user, click on +Add New. All users are listed below and the form supports multi-select, enabling administrators to apply the same action to multiple accounts (for example, if nobody got their daily ExchangeDefender SPAM Quarantine Report you can highlight multiple accounts and select “Resend SPAM Report”)

Email addresses are listed on this screen and domain administrators have the ability to manage them centrally. If you click on the actions you will see several options:

  • Modify Account – Modify account enables you to change account configuration and policies.
  • Manage Account – Manage Account is a superuser shortcut, clicking on this action will log you in and allow you to impersonate the user (and see what they see, for support purposes)
  • Delete Account – Deleting an account will remove the email address from ExchangeDefender as well as all their policies and data.
  • Change Password - Change Password allows you change the user’s password and select a new password. This is different from Reset Password.
  • Resent SPAM Report - ExchangeDefender Pro subscribers can setup Daily SPAM Quarantine Reports that email them the list of messages we quarantined as SPAM, this option allows you to send them the report again (the new report will be generated)
  • Reset Password - This option will send the user a reset link. Unlike Change Password, you will not be asked to pick a new password, the password will be changed to a random secure password, and the user will get a reset link to pick a new password. This is helpful if the account has been compromised or you just want to force the user to change their password for security reasons.
  • Resend Welcome - ExchangeDefender will send the original welcome email to the user as configured by the service provider.
  • Add Alias - Protect an additional email address and associate it with the selected account.

Domains - Accounts – Compliance Officers


ExchangeDefender domain/organization administrators can designate Compliance Officers that are part of the organization and are responsible for Corporate Encryption and Corporate Archiving. These solutions help organizations comply with regulatory requirements, business requirements, and notification requirements.

Compliance Officers also have additional functionality and reporting options in ExchangeDefender. Additionally, they may be contacted by ExchangeDefender and ExchangeDefender services when policies require them to be notified (Corporate Encryption alerts).

Domains – Accounts – IoT Accounts


ExchangeDefender enables organizations to connect their IoT (Internet of Things) devices to the Internet and enable email functionality. These devices range from printers, copiers, alarms, sensors, and even third-party services that generate alerts and require a local SMTP server. Since most organizations no longer have SMTP servers, ExchangeDefender provides a free SMTP gateway. In order to add a new IoT account click on +Add.


ExchangeDefender strongly encourages domain / organization administrators to create an IoT account for every device or service on the network. If one of the devices or services gets compromised (common IoT issue) they will have free access to relay mail and ExchangeDefender aggressively shuts down abuse. Because IoT devices tend to have complex configuration processes, changing the password on multiple devices should be avoided at all cost by setting up an account for each device. For this reason alone, ExchangeDefender IoT accounts are free of charge.

  • Username & Password – ExchangeDefender randomly generates the username and password for each device.
  • Description – Device or service description.
  • Disclaimers – ExchangeDefender requires strict compliance to assure security of our platform, asking you not to use the accounts for commercial/SPAM purposes or put the credentials on shared systems (Wordpress blogs/forms)
Note: Please do not use IoT accounts on shared platforms, where passwords are stored in plain text.

Domains – Policies


This screen is located under ExchangeDefender Domain > Policies.

Please note that there are several tabs on the right which contain additional settings screens for General, Features, Mail Options, SPAM Options, Report Options, and Signatures.

  • Administrator Name & Email –This person or department is the main contact point for ExchangeDefender for this domain. It will receive any service notifications from ExchangeDefender and the Service Provider. This information is also used to send any messages or notifications ExchangeDefender generates for the users (New account welcome, password reset links, etc).
Note: Some settings can and should be applied to the entire organization in most cases. By checking the box “Make this the default setting for all existing users.” ExchangeDefender will overwrite any changes users may have made to this specific setting.

Domains– Policies-Features


LiveArchive – Enable or disable ExchangeDefender LiveArchive email business continuity service.

Domains– Policies-Mail Options


Mail Options

Inbound IP Address – Inbound IP address (or hostname) is where ExchangeDefender delivers inbound mail that has been processed and scrubbed.

Outbound IP Address – Outbound IP address is the address from which we will allow outbound relay for outgoing email.

Advanced Settings

ExchangeDefender supports advanced routing for both Inbound and Outbound routes, allowing for complex configurations such as accepting mail from an entire subnet or multihomed routing for small businesses with multiple IP addresses from multiple ISPs (but no BGP).

While technical support for this feature is not available, it is relatively simple to configure an MX record to configure failover and redundancy in ExchangeDefender delivery to multiple IP addresses. Simply create a new MX record (with as many ISP IP addresses as you have assigned to you) and provide that hostname here.

ExchangeDefender will look up the MX record, resolve IP addresses, and proceed to attempt email delivery based on the weight of each record found. If one IP does not answer on port 25, ExchangeDefender will move on to the next one in seconds.

Warning: Not to be used with Dynamic IP address ranges. ExchangeDefender DNS caching systems may have a higher refresh interval than whatever is configured on the zone you wish to expire quickly which may cause issues with dynamic DNS that changes often.

Domains – Policies - SPAM Options


SPAM Life – Number of days that ExchangeDefender will keep SPAM messages and make them available for review/release.

SPAM Action – ExchangeDefender has 3 options when it comes to handling SPAM messages.

  • Tag & Deliver – When ExchangeDefender classifies a message as SPAM, it will append [SPAM] to the subject and deliver the message to the client.
  • Quarantine – When ExchangeDefender classifies a message as SPAM it will quarantine the message on our network. Users can get a daily SPAM and intraday SPAM report that gets emailed to them, or through the admin portal at , or through Outlook add-in, or through Windows Desktop client. ExchangeDefender Essentials can only access their quarantined messages via the portal. Once a message is quarantined it can be accessed, previewed, printed, replied to or forwarded, and it can also be released down to the client’s mail server on demand.
  • Delete – When ExchangeDefender classifies a message as SPAM it will delete the message. Please note that this action is not reversible , the message is discarded before being stored on any of our servers so there is no way to recover the message once it’s been deleted.

SureSPAM Action – ExchangeDefender has the same three options for handling SPAM. SureSPAM is a classification for SPAM messages that we have a 99.9% confidence that the message is SPAM based on its origin, patterns, and advanced SPAM detection.

As noted, before, checking the box “Make this the default setting for all existing users” will apply the configuration item to every user, wiping out any personal preferences users have already set.

Domains – Policies - Report Options


Report Options – ExchangeDefender Pro allows users to receive up to two daily SPAM reports that contain a list of messages that ExchangeDefender quarantined as SPAM or SureSPAM. From that email report users can quickly see all the SPAM ExchangeDefender has caught and can whitelist or release the message just by clicking on a link in the email.

  • Disable email reports – Do not send users quarantine reports at all.
  • Enable daily email report – Send user a single daily email containing all the SPAM caught in the past 24 hours.
  • Enable daily and intraday email report – – Send users a single daily email containing all the SPAM caught in the past 24 hours and send an intraday report that contains all the SPAM caught since the daily report was generated. Intraday reports are meant for sales and executive personnel that needs to be reminded to check SPAM quarantines more often.

Report Schedule

  • Generate Daily report at – The time at which the SPAM report is generated. We recommend giving at least 30-60 minutes prior to the time you wish to receive the report. For example, if you want to be sure that the Daily SPAM report is in your Inbox by 9:00 AM, set the report time to 8:00 AM.
  • Generate Intraday report at – The time at which the intraday SPAM report is generated.

Report Contents – The following settings determine if we sent the SPAM report and what sort of information it contains. For clients with lots of aliases it’s best to select Report quarantines only for email addresses that have SPAM in them.

  • Report quarantines for all email addresses – ExchangeDefender SPAM report will report SPAM for every mailbox that is protected for every given user. If there is no SPAM to report, the alias/mailbox in the report will simply say “No SPAM to report”.
  • Report quarantines only for email addresses that have SPAM in them – ExchangeDefender SPAM report will only be generated and sent if ExchangeDefender caught any SPAM during the past 24 hours (or the amount of time since the Intraday report).

Time Zone – The following settings determine the time zone for the client for SPAM generation purposes. Each user can override this setting if the organization has offices in different time zones.

Domains – Policies - Signatures


ExchangeDefender enables organizations to standardize their corporate email signature or disclaimer on all outbound messages. This is a global setting for all domains in the organization and every message coming from the domain will be signed with the text and HTML markup provided here.

Note: We can also embed images and icons in the signatures, please contact us at

Domains - SPAM Czar


ExchangeDefender SPAM Czar section is intended for email administrators that are in charge of managing and releasing infected or SPAM messages on behalf of the other users in an organization. Some smaller organizations (typically law, medical, construction) designate a person on staff that is responsible for releasing SPAM messages and infected files on behalf of other employees. Two sections of the SPAM Czar are Quarantine Search and Infected Files.

SPAM Czar - Infected Files


ExchangeDefender enables domain / organization administrators to access infected file quarantines on behalf of users. If one of ExchangeDefender’s many antivirus engines detects a threat, it is quarantined or saved on our network and the user is sent a notice that one of the dangerous attachments has been removed with a tracking id. Administrators can use the search to locate the message and get the download link.

  • Email link to option gives domain administrators to send the attachment download link via email to the user or to another party that can review it. The email simply contains the message information and the link to download the attachment.
Note: We highly discourage domain administrators and users from accessing Infected Files. Messages detected as infected have gone through multiple antivirus engines and contain executable content that nobody should be emailing.

Domains – Logs – Security


ExchangeDefender Security Audit Log features extensive logging and security audit tools that can help domain administrators track login activity for security and troubleshooting purposes. The security audit log can be done on a Domain basis or you can click on Users to show the security login by email address.

The Security Audit Log will show you the activity, user, time of the activity, and the source IP address. Security Audit Logs can help domain administrators see potential threats and attacks/hack attempts.

Note: If you see a lot of failed login attempts it would be a great time to change your password and turn on 2FA/OTP.

Domains - Logs – Phishing


ExchangeDefender Phishing logs contain activity from ExchangeDefender Security Center ( and give domain administrators access to URLs that were intercepted by the ExchangeDefender Phishing Firewall with either no or bad reputation.

This information is provided for security audit purposes and for tracking which sites may have lead to a security breach/compromise. Because dangerous malware distributed through phishing often results in destruction of a PC and/or network, ExchangeDefender as an external resource can help you determine which links may have been involved in distributing dangerous payload.

Note: Phishing audit log is also helpful in determining if there is an active infected device on your network. If you see excessive URL activity from a single PC/user that does not look credible, they could have an automated process that is actively hitting every link that passes through their email.

Domains - Security Reset


ExchangeDefender enables domain / organization administrators to quickly lock down the entire organization by mass resetting access security credentials. Security reset will provide you with the domains in the organization, mailbox totals for each domain and present you with options for New Password, User Notification, and Security Override.

  • New Password – ExchangeDefender allows you to pick and set the same password for all users in your organization “I want to pick the password”, or allow the service to randomly assign passwords for each user “Allow ExchangeDefender to automatically pick a new password for each user”. Picking the same password for all users is convenient for smaller organizations where you can direct everyone to reset their password – but it comes at a cost of security and privacy because now users know each other’s passwords and can use them to maliciously access mailboxes they aren’t authorized to access.
  • User Notification – ExchangeDefender can notify each user on your behalf. If you select “Do not notify”, ExchangeDefender will reset all security credentials but the user will not be notified. If you select “Send a password reset link to every user” the security credentials will be reset and the user will be sent a link to configure their new password.
  • Security Override – ExchangeDefender Security Override is designed for domain administrators that want to keep a roster of all users and their security credentials. By checking this box, you will be directed to the new page where all email addresses and passwords will be printed before they are applied to the database.
Please note that even though this page is encrypted and secure, if your endpoint isn’t this is a huge security compromise and ExchangeDefender does not recommend using it.

Domains – Announcements


ExchangeDefender enables domain / organization admins to display messages to users as they interact with the service. These announcements are displayed prominently on the login page for all of our major services such as the admin portal, Encryption Portal, Corporate Encryption, LiveArchive, Compliance Archive, and Web File Server. Announcements are also featured prominently on the dashboard for Domain and User portals.


ExchangeDefender Announcements support HTML, images, and have a few configuration options:

  • Expiration Date – ExchangeDefender can automatically expire and remove the announcement. This is helpful when you need to make a service announcement for a short period of time and then have it disappear automatically.
  • Audience – By checking the “I want to see this announcement too” the announcement will be displayed to Domain administrators on the dashboard. This is useful when your announcement also applies to other personnel managing this organization.
  • Include all users – By checking “Include all users” the announcement will be displayed to domain/organization administrators and users. If this box is not checked, the announcement is only displayed to the domain/organization administrators.