ExchangeDefender for Service Providers


Executive Summary

ExchangeDefender for Service Providers is the top level of administrative control over ExchangeDefender. With the single login, Service Providers can manage all of their companies, departments, and users’ settings from a single interface.
This secure site is located at:

Login credentials and invitation would be sent from the Own Web Now Corp portal at when the Service Provider enrolled in the service.

Navigation through the ExchangeDefender User Interface (UI) is simple with a tool bar across the top management sections/links on the left. The rest of the UI contains the main functionality for whichever section you’re currently managing. Almost all pages will also have a tabbed interface for additional settings, ability to export the current view into a csv/pdf, and search/paging functions.

Note: Some of the Settings pages can be quite long, pay attention to the scroll bars on the right, as there may be more contents below the main view. As a general rule, buttons to save any changes are located at the bottom of each page.

Each ExchangeDefender role (Service Provider, Domain/Organization, and User) will see its own customized dashboard upon login.

Service Provider – Managing Domains/Organizations.


ExchangeDefender for Service Providers can manage and add new domains and organizations by clicking on the Management tab.

To add a new domain simply click on the New Client Wizard button.

To manage existing domains and organizations, locate them in the list on the management screen. Each organization can have multiple (alias) domains. The first domain in the organization is displayed in the header row and all actual domain configuration is managed below.

Note: In ExchangeDefender we do not have a primary/secondary/alias domain infrastructure, all domains are weighted equally. The system automatically labels the new organization by the first domain that is added.

Actions for Domain Management are as follows:

  • Login – Login to the domain as the administrator of that organization to directly manage users and settings.
  • Report – Get a glance of recent domain activity.
  • Security Reset – Quickly lock down the domain by resetting credentials.
  • Secure IP – Configure IP address restrictions for portal and service access.
  • Change Configuration – Quickly adjust popular configuration items for a single domain.
  • Add Domain Alias – Add a new domain to this organization.
  • Delete – Delete the domain and all users/configuration related to it.

Service Provider – Security Reset


This screen is located under ExchangeDefender Service Provider > Management > Domain > Security Reset

ExchangeDefender for Service Providers enables service providers to quickly lock down the entire organization by mass resetting access security credentials. Security reset will provide you with the domains in the organization, mailbox totals for each domain and present you with options for New Password, User Notification, and Security Override.

New Password

ExchangeDefender allows you to pick and set the same password for all users in your organization “I want to pick the password”, or allow the service to randomly assign passwords for each user “Allow ExchangeDefender to automatically pick a new password for each user”. Picking the same password for all users is convenient for smaller organizations where you can direct everyone to reset their password – but it comes at a cost of security and privacy because now users know each other’s passwords and can use them to maliciously access mailboxes they aren’t authorized to access.

User Notification

ExchangeDefender can either notify each user on your behalf. If you select “Do not notify”, ExchangeDefender will reset all security credentials but the user will not be notified. If you select “Send a password reset link to every user” the security credentials will be reset and the user will be sent a link to configure their new password.

Security Override

ExchangeDefender Security Override is designed for service providers that want to keep a roster of all users and their security credentials. By checking this box, you will be directed to the new page where all email addresses and passwords will be printed before they are applied to the database. Please note that even though this page is encrypted and secure, if your endpoint isn’t this is a huge security compromise and ExchangeDefender does not recommend using it.

Service Provider - Secure IP Range


This screen is located under ExchangeDefender Service Provider > Management > Domain > Secure IP Range.

ExchangeDefender for Service Providers enables service providers to quickly set up IP restrictions in the event of a breach or compromise. The same setting is available on the Domain/Organization level.

By default, ExchangeDefender is accessible from anywhere. If the client has a known IP range and is primarily managing their ExchangeDefender service from an office with a Static IP address, you can restrict access to just that range by selecting “Allow access only from these IP ranges:”


By checking the box labeled “Send me an email notification every time a login attempt is made from an unauthorized IP” you can get a notice when someone is attempting to hack or compromise your account. If you do not wish to receive an email, there is also a log in the User control panel that allows you to review recent authentication failures.

Note: IP restrictions apply to the entire site with the exception of Email SPAM Quarantine Release and ExchangeDefender Phishing service. If your user is configured with IP restrictions and they click on the link to release SPAM from their quarantine on their mobile phone or outside of your restricted IP range, the message will still be released for the sake of convenience. Redirections for will also function from any IP address regardless of IP restrictions. However, clients are limited to only those exceptions, it is not possible to login or make other service modifications even if the client successfully authenticates from an unknown IP range while IP restrictions are in place.

Service Provider – Management Additional Actions


This screen is located under ExchangeDefender Service Provider > Management > Domain > Actions.

Additional actions that are not accessed as frequently are available by clicking on Actions button.

  • Change Configuration – Quickly adjust popular configuration items for a single domain.
  • Add Domain Alias – Add a new domain to this organization.
  • Delete – Delete the domain and all users/configuration related to it.

Service Provider – Change Configuration


This screen is located under ExchangeDefender Service Provider > Management > Domain > Actions > Change Configuration. It allows you to quickly change organization settings without logging in as the domain / organization administrator.

Please note that there are several tabs on the right which contain additional settings screens for General, Features, Mail Options, SPAM Options, Report Options, and Signatures.

  • Password – This is the password used by the domain/organization administrator to access and manage all the ExchangeDefender settings.
  • Administrator Name & Email –This person or department is the main contact point for ExchangeDefender for this domain. It will receive any service notifications from ExchangeDefender and the Service Provider. This information is also used to send any messages or notifications ExchangeDefender generates for the users (New account welcome, password reset links, etc).
Note: Some settings can and should be applied to the entire organization in most cases. By checking the box “Make this the default setting for all existing users.” ExchangeDefender will overwrite any changes users may have made to this specific setting.

Service Provider – Change Configuration


LiveArchive – Enable or disable ExchangeDefender LiveArchive email business continuity service.

Features – ExchangeDefender allows Service Providers to pick and choose which features are available for each organization. This enables Service Providers to create custom services and packages, charge for specific features, or outright disable functionality that they do not wish to support.

Service Provider – Change Configuration


Mail Options

Inbound IP Address – Inbound IP address (or hostname) is where ExchangeDefender delivers inbound mail that has been processed and scrubbed.

Outbound IP Address – Outbound IP address is the address from which we will allow outbound relay for outgoing email.

Advanced Settings

ExchangeDefender supports advanced routing for both Inbound and Outbound routes, allowing for complex configurations such as accepting mail from an entire subnet or multihomed routing for small businesses with multiple IP addresses from multiple ISPs (but no BGP).

While technical support for this feature is not available, it is relatively simple to configure an MX record to configure failover and redundancy in ExchangeDefender delivery to multiple IP addresses. Simply create a new MX record (with as many ISP IP addresses as you have assigned to you) and provide that hostname here.

ExchangeDefender will look up the MX record, resolve IP addresses, and proceed to attempt email delivery based on the weight of each record found. If one IP does not answer on port 25, ExchangeDefender will move on to the next one in seconds.

Warning: Not to be used with Dynamic IP address ranges. ExchangeDefender DNS caching systems may have a higher refresh interval than whatever is configured on the zone you wish to expire quickly which may cause issues with dynamic DNS that changes often.

Service Provider – Change Configuration


SPAM Life – Number of days that ExchangeDefender will keep SPAM messages and make them available for review/release.

SPAM Action – ExchangeDefender has 3 options when it comes to handling SPAM messages.

  • Tag & Deliver – When ExchangeDefender classifies a message as SPAM, it will append [SPAM] to the subject and deliver the message to the client.
  • Quarantine – When ExchangeDefender classifies a message as SPAM it will quarantine the message on our network. Users can get a daily SPAM and intraday SPAM report that gets emailed to them, or through the admin portal at , or through Outlook add-in, or through Windows Desktop client. ExchangeDefender Essentials can only access their quarantined messages via the portal. Once a message is quarantined it can be accessed, previewed, printed, replied to or forwarded, and it can also be released down to the client’s mail server on demand.
  • Delete – When ExchangeDefender classifies a message as SPAM it will delete the message. Please note that this action is not reversible , the message is discarded before being stored on any of our servers so there is no way to recover the message once it’s been deleted.

SureSPAM Action – ExchangeDefender has the same three options for handling SPAM. SureSPAM is a classification for SPAM messages that we have a 99.9% confidence that the message is SPAM based on its origin, patterns, and advanced SPAM detection.

As noted, before, checking the box “Make this the default setting for all existing users” will apply the configuration item to every user, wiping out any personal preferences users have already set.

Service Provider – Change Configuration


Report Options – ExchangeDefender Pro allows users to receive up to two daily SPAM reports that contain a list of messages that ExchangeDefender quarantined as SPAM or SureSPAM. From that email report users can quickly see all the SPAM ExchangeDefender has caught and can whitelist or release the message just by clicking on a link in the email.

  • Disable email reports – Do not send users quarantine reports at all.
  • Enable daily email report – Send user a single daily email containing all the SPAM caught in the past 24 hours.
  • Enable daily and intraday email report – Send users a single daily email containing all the SPAM caught in the past 24 hours and send an intraday report that contains all the SPAM caught since the daily report was generated. Intraday reports are meant for sales and executive personnel that needs to be reminded to check SPAM quarantines more often.

Report Schedule

  • Generate Daily report at – The time at which the SPAM report is generated. We recommend giving at least 30-60 minutes prior to the time you wish to receive the report. For example, if you want to be sure that the Daily SPAM report is in your Inbox by 9:00 AM, set the report time to 8:00 AM.
  • Generate Intraday report at – The time at which the intraday SPAM report is generated.

Report Contents – The following settings determine if we sent the SPAM report and what sort of information it contains. For clients with lots of aliases it’s best to select Report quarantines only for email addresses that have SPAM in them.

  • Report quarantines for all email addresses – ExchangeDefender SPAM report will report SPAM for every mailbox that is protected for every given user. If there is no SPAM to report, the alias/mailbox in the report will simply say “No SPAM to report”.
  • Report quarantines only for email addresses that have SPAM in them – ExchangeDefender SPAM report will only be generated and sent if ExchangeDefender caught any SPAM during the past 24 hours (or the amount of time since the Intraday report).

Time Zone – The following settings determine the time zone for the client for SPAM generation purposes. Each user can override this setting if the organization has offices in different time zones.

Service Provider – Change Configuration


ExchangeDefender enables organizations to standardize their corporate email signature or disclaimer on all outbound messages. This is a global setting for all domains in the organization and every message coming from the domain will be signed with the text and HTML markup provided here.

Note: We can also embed images and icons in the signatures, please contact us at

Service Provider – Configuration - Phishing


ExchangeDefender Phishing Firewall protects users from malicious URLs, spear phishing, and dangerous sites that are designed to compromise IT infrastructure or identity theft.

ExchangeDefender Service Providers can provide their own overall enterprise whitelist and blacklist to allow users to bypass ExchangeDefender Phishing Firewall (Whitelist) or expressly block the site from being accessed even if the user clicks on the link (Blacklist).

Service Provider – Configuration – General


ExchangeDefender for Service Providers allows extensive branding and customization for the look, feel, and function of the service. Please note that this section of the panel has multiple tabs.

  • Logo – ExchangeDefender enables you to put your logo on every page, email, and service we provide. Supported formats are png, jpg, and gif and may not be larger than 300x400.
  • Tagline – ExchangeDefender tagline is a branding option that allows you to put short text in the upper right hand side of the portal. This text is displayed on every page.
  • Product Name – ExchangeDefender can be renamed if you wish to private label the solution, or if you want to provide a friendlier name that your users are already familiar with.
  • Default Footer – ExchangeDefender footer (email, web, phishing portals) enables you to provide disclaimers, copyrights, or contact information at the bottom of every page.

Service Provider – Configuration – RSS Feeds


ExchangeDefender domain and user control panels can display up to two RSS feeds, for syndication of announcements or content from third parties or your own sites. If the feature is enabled, ExchangeDefender will periodically download the RSS feed contents and display them on the user or domain administrator pages.

Service Provider – Configuration - Terms of Service


ExchangeDefender enables service providers to link in their own Terms of Service (disclaimers, notices, etc) that are presented to each user the first time they login to ExchangeDefender.

This mechanism is used alongside with ExchangeDefender’s Terms of Service, Acceptable Use Policy, and Service Level Agreement. Without accepting the Service Provider Terms of Service, user cannot proceed to manage or configure the service giving service providers a way to protect their legal interests.

Service Provider – Configuration – Notifications



Activation Message – Activation Message is sent to the user when the domain administrator first adds the email address to ExchangeDefender. This is simply a service provider template that is copied as the default Activation Message in the domain/organization-level. Domain administrator can modify this message in their own portal.

Domain Welcome – Domain Welcome message is sent to the domain administrator when a new domain/organization is added to the ExchangeDefender.

Announcement – Some ExchangeDefender Portals (,, etc) feature an announcement section either on the dashboard or on the login screen.

Text Signature – Default service provider signature block that is applied to every new domain. Domain administrators can modify this message and setup their own branding. This signature is applied to every text outbound message the users send.

HTML Signature – Default service provider signature block that is applied to every new domain. Domain administrators can modify this message and setup their own branding. This signature is applied to every HTML outbound message the users send.

Service Provider – Configuration – SPAM Report


ExchangeDefender Daily and Intraday SPAM reports let users know which messages ExchangeDefender has classified as SPAM. If the user or domain administrator choose to quarantine SPAM messages, ExchangeDefender can send them a daily and/or intraday report containing links to release/whitelist SPAM.

These configuration items allow the service provider to brand those reports.

  • From – Display name / friendly name shown as a From address.
  • Email address – Email address the message will be sent “from”
  • Server – Server setting allows you to choose the location of the ExchangeDefender Admin portal: ExchangeDefender (for, or SecureXD (for This setting is designed for service providers that want to private label the solution.

Service Provider – Configuration – Contact Info


ExchangeDefender for Service Providers will use the contact information provided here as the default contact information for the service-related notices, advisories, etc. Whenever possible, this information is presented as the contact person for ExchangeDefender.

Service Provider – Reporting – Security Audit Log


ExchangeDefender features extensive logging, security audit reports, and searchable mail/web logs that can help service providers troubleshoot ExchangeDefender and mail delivery.

Reporting section features several tabs for Authentication Logs, Activity Logs, and Security Report.

Security Audit Log – on the service provider level the security audit log by default provides recent login activity related to the service provider account.

Service Providers also have the ability to search events by Domain or User, all from the same interface.

Service Provider – Reporting – Audit Logs


ExchangeDefender Audit Logs enable Service Providers to audit account activity, such as modifications to the service (account deletions, settings changes).  

Service Provider – Reporting – Domain SPAM Activity Report


ExchangeDefender enables service providers to quickly get a recap of email activity for each domain. This feature is available to domain/organization administrators as well and it helps illustrate what is going through ExchangeDefender (for when you have to prove that there is actual mail being processed).

Service Provider – Reporting - Mail Log


ExchangeDefender enables service providers to search through the email transaction and message logs.

ExchangeDefender separates email logs by domain and by service (inbound/outbound) and enables you to see the actual SMTP transaction logs as well as ExchangeDefender internal analytics, routing, and SPAM sorting. By looking at individual mail logs you can address any delivery failures, delivery delays, or SPAM filtering activity in real-time.

Service Provider – Settings


Detect Numerical Phishing – ExchangeDefender can detect links to IP addresses instead of web site addresses (FQDN) and highlight them if enabled.

SureSPAM Block My Domain Spoofing – we should change the label of this to “Block My Domain Spoofing” – ExchangeDefender can detect when messages from a domain hosted at ExchangeDefender are being spoofed and sent from an external fraudulent source. While this activity can be eliminated using SPF/DKIM records, if enabled this ExchangeDefender feature can be used as a failsafe and classify messages from unknown sources as SureSPAM.

Service Provider - Configuration – Phishing


Disable Message Integrity Warning – ExchangeDefender can notify the user every time it modifies a message (disarming links, removing dangerous attachments, etc) by appending [WARN] to the subject. This feature can be enabled (modify subject) or disabled (do not modify subject).

Service Providers – Settings - Security


ExchangeDefender for Service Providers has it’s own dedicated security controls. Some of these settings may seem familiar because they are under Service Provider – Configuration as new service templates that are applied when a new domain/organization is added to ExchangeDefender. The following settings explicitly manage security for the Service Provider login.

  • PIN – ExchangeDefender offers phone and online support (portal, chat) and our team may request PIN as a form of account verification. If you need assistance with your service provider account, you will need this.
  • Password – Password for the ExchangeDefender for Service Providers account.
  • Alternate Email –Alternate email address, in the event that your primary email address has been compromised, expired, or is no longer accessible. You can use the alternate email address for password reset requests.
  • Password Expiration – ExchangeDefender for Service Providers requires password changes every year in order to protect account security. If you would like to require password changes more often, set the maximum password age here.

Service Providers – Settings – One Time Passwords (OTP)


ExchangeDefender for Service Providers supports OTP/2FA (One Time Password, two factor authentication) mechanism using a known mobile device. If OTP is enabled the Service Provider will designate a mobile number to send OTP credentials to.

We strongly encourage you to enable this setting.

Note: This setting overrides OTP/2FA requirements for every access level below: If you successfully authenticate using 2FA/OTP, you will not be prompted for the credentials as you navigate down to domain/organization or user level.

Service Providers – Settings – Secure IP Range


ExchangeDefender for Service Providers supports IP restrictions, allowing you to restrict access to the portal to known IP addresses. By designating secure IP addresses from which your service provider account can be accessed from, hackers from remote locations will not be able to access the portal even if they knew your password.

We strongly encourage you to enable this setting, if technically possible.

Service Providers – Settings – Trusted Devices


ExchangeDefender for Service Providers portal can be restricted to known devices.

If you check the Notifications box, our system will email you whenever access is granted to a new device, which could alert you to a possible service compromise.

Service Providers - Announcements


ExchangeDefender for Service Providers enables service providers to display messages to users and domain administrators as they interact with the service. These announcements are displayed prominently on the login page for all of our major services such as the admin portal, Encryption Portal, Corporate Encryption, LiveArchive, Compliance Archive, and Web File Server.

Service Providers – Announcements


ExchangeDefender Announcements support HTML, images, and have a few configuration options:

  • Expiration Date – ExchangeDefender can automatically expire and remove the announcement. This is helpful when you need to make a service announcement for a short period of time and then have it automatically disappear.
  • Audience – By checking the “I want to see this announcement too” the announcement will be displayed for all users, including the Service Provider screen.
  • Include All Domains / Select Specific Domains – Announcements can be displayed to all domains or only to specific domains managed by the Service Provider. This feature allows service providers to create custom announcements scoped to a particular domain/organization.
  • Include all users – By checking “Include all users” the announcement will be displayed to domain/organization administrators and users. If this box is not checked, the announcement is only displayed to the service provider and domain/organization administrators.
Note: Announcements provide a powerful way to get your message across to other service provider personnel managing this account, domain administrators, or all users of the system. ExchangeDefender specifically designed audience scoping and automatic expiration in order to facilitate scenarios when quick announcements are needed with consideration that they should automatically expire after they are no longer relevant.