ExchangeDefender for Users



ExchangeDefender Admin Portal gives users central access to all mail policies, SPAM quarantines, web file sharing, business continuity, and compliance archiving. From this secure site, accessible via desktop and mobile, you can manage your entire email experience and tailor it to your needs. The login credentials or password reset link will be sent to you by your IT team and you can access all services here:

ExchangeDefender Admin Portal

Login credentials and an invitation will be sent from the Own Web Now Corp portal at when the Service Provider enrolls in the service.

Navigation through the ExchangeDefender User Interface (UI) is simple, with a tool bar across the top management sections/links on the left. The rest of the UI contains the main functionality for whichever section you’re currently managing. Almost all pages will also have a tabbed interface for additional settings, ability to export the current view into a csv/pdf, and search/paging functions.

Note: Some of the settings pages can be quite long, pay attention to the scroll bars on the right, as there may be more contents below the main view. As a general rule, buttons to save any changes are located at the bottom of each page.

Users - Dashboard


ExchangeDefender session starts with the Dashboard by default where your IT blog and Announcements are displayed prominently. Above the announcements you will see tabs for NOC, SPAM, and SureSPAM quarantines if enabled by your IT team. Next to the SPAM and SureSPAM quarantines you will see a number indicating how many messages are waiting for your review in each category.


At the top of the page, in the right corner, there are controls for Give us Feedback, Quick Launch, Email addresses, and Account control for the super-user and logout. From Quick Launch you can automatically jump to any other ExchangeDefender service using the single sign-on feature and you will not be prompted for credentials again.

If you have multiple email addresses in your account, your Mail: dropdown will have recently used email addresses to help you filter your SPAM and SureSPAM quarantines and other views that depend on which email address is in use. This control is handy when you have a lot of alias/vanity addresses for multiple purposes or from multiple alias domains from subsidiaries/corporate entities.

On the left is client navigation which allows you to access control panels for all the ExchangeDefender features. Based on your service level, there may be more or less tabs exposing additional functionality and customization.

ExchangeDefender encourages you to look at Logs and change passwords frequently to eliminate the possibility of a breach / security compromise. Your IT team may have already configured password expiration policies for you, but we recommend changing the password every 90 days – if someone hacks your ExchangeDefender account they can potentially access all of your emails and browsing history, so it’s best to keep the site on lockdown and use it as your shield against hackers.

Users – Managing Aliases & SPAM Policies

ExchangeDefender uses thousands of pattern recognition algorithms, proprietary antivirus and malware detection engines, real-time blacklists, and artificial intelligence/machine learning to categorize email contents. Each time we encounter something suspicious, a score is assigned to the match and after the message has been scanned by everything the total score is calculated. Depending on how high scoring the SPAM contents of the message are, the message can be categorized as SPAM or SureSPAM.

Based on that score, if the message is 90% likely to be SPAM we flag it as SPAM. If the message is 99.9% likely to be SPAM, we flag it as SureSPAM.

Depending on how your IT department configured ExchangeDefender, you may have the ability to customize how ExchangeDefender delivers your SPAM and SureSPAM messages.

On this screen you also have the ability to add email aliases you wish to manage by clicking on + Add New .

Email addresses are listed on this screen along with current policies for SPAM and SureSPAM. If you click on the actions you will see several options:

  • Deliver SPAM – SPAM messages will have [SPAM] appended to the subject and then delivered to the user.
  • Deliver SureSPAM – SureSPAM messages will have [SURESPAM] appended to the subject and then delivered to the user.
  • Quarantine SPAM – SPAM messages will be quarantined on the ExchangeDefender web site and can be reviewed & managed using the email reports, web site, or client tools (Outlook, Desktop, Mobile).
  • Quarantine SureSPAM - SureSPAM messages will be quarantined on the ExchangeDefender web site and can be reviewed & managed using the email reports, web site, or client tools (Outlook, Desktop, Mobile). ExchangeDefender recommends this setting.
  • Delete Address - Delete will remove the email address from your profile.
  • Delete SPAM - SPAM messages will be permanently deleted. Not recommended.
  • Delete SureSPAM - SureSPAM messages will be permanently deleted.
Note: Delete action is permanent and not advised. If you configure your SPAM or SureSPAM to be deleted, those messages will be deleted at the edge of our network before being saved anywhere and ExchangeDefender does not have a mechanism to retrieve them.

Users – SPAM Settings Recommendations

ExchangeDefender recommends Quarantine SPAM and Quarantine SureSPAM options, but you should choose in accordance to your own personal preferences and your IT departments requirements. While an overwhelming majority of ExchangeDefender users has the Delete SureSPAM setting enabled, we do not recommend it because there is no way to undo a delete. Messages are simply discarded at the edge and if you ever need to troubleshoot missing delivery that could be a problem. ExchangeDefender, and the intelligence feeds we use to categorize SPAM, can occasionally make a mistake because they are automated statistical models – but ultimately it is up to you.

ExchangeDefender recommends Deliver SPAM setting for personnel that requires real-time access to their email and should not be required to wait for a Daily or Intraday SPAM report, and for personnel that is not tech friendly. By setting your SPAM to deliver, messages are delivered to the clients Inbox in real-time and if they handle sales, quotes, or other near real-time communications it’s best to leave their SPAM sorting to them (additionally, because [SPAM] will be in the subject they can just move SPAM messages using an Inbox rule).

Users – Accessing SPAM Quarantines

ExchangeDefender Admin Portal is accessible for all ExchangeDefender users from all modern desktop and mobile browsers.

ExchangeDefender Pro subscribers can access their SPAM quarantines, can use the ExchangeDefender Admin Portal, and can also access their SPAM quarantines, whitelists, blacklists, and stats via:

  • Daily SPAM Report (email digest with links to SPAM release and whitelist)
  • Deliver SureSPAM – SureSPAM messages will have [SURESPAM] appended to the subject and then delivered to the user.
  • Intraday SPAM Report (email digest with links to SPAM release and whitelist)
  • Outlook add-in (Outlook 2010 – 2019)
  • Windows Desktop (Windows 7+)
  • Chrome, Safari, and Firefox browsers on iOS and Android (tested)

Users – Managing SPAM Quarantines

ExchangeDefender Admin Portal SPAM Quarantines are accessed from the dashboard by clicking on the SPAM and SureSPAM tabs. These tabs are enabled only if ExchangeDefender is configured to quarantine SPAM and/or SureSPAM messages and you can see how many new SPAM messages are waiting by the number next to each category. Just click, select which aliases you wish to see (up top on the right) and that’s it!

SPAM Quarantine Actions – ExchangeDefender SPAM toolbar has the following actions, which can be applied to a single message or multiple messages you select by checking the box next to the sender address.

  • Release – Message will be delivered to your mail server within one minute and will show up in your Outlook, Gmail, or whichever mail software you use to read your email.
  • Trust Sender – Message will be released and the senders email address will be added to your whitelist / trusted senders list so it will not get categorized as SPAM by ExchangeDefender again.
  • Review – Message remains in the quarantine but is marked as “Read” so it will not show up in the listing or in the SPAM quarantine message counts. This is used to mark all messages as reviewed so you’re not constantly looking over the same junk mail you’ve already agreed wasn’t legitimate.
  • Show Released - Clicking on this button will reveal messages that have been previously released. If you previously used Trust Sender or Release action on a message and it didn’t arrive, you can attempt to release it again.
  • Refresh - Screen will refresh with any new messages.

User - SPAM Quarantine Management

There are additional controls on the ExchangeDefender Admin Portal that make it more useful for email power users. You can export the Quarantine to PDF/CSV format for processing, or you can print it for your records.

Additional message information is available by clicking on the (i) icon. Here you can see the actual From address used by the sender (instead of the friendly “Display name” that shows up in Outlook) so you can determine what to whitelist. You an also see the IP address the message originated from, as well as the SPAM score which is useful for troubleshooting. Severity is calculated based on how many SPAM criteria searches the message matched.

Clicking on the subject of the message will actually load it from the quarantine and displayed so you can act on it right away:

Note: ExchangeDefender makes the best attempt to render the message appropriately but with the active, suspicious, or malicious code disabled and removed. This information should be enough to give you an idea of what the message contains. It enables you to quickly Reply without waiting for it to be delivered to your email server. However, because suspicious content is blocked, the message may not render properly. We urge you to exercise caution when releasing SPAM messages to your Inbox.

Users – Trusted Senders (Whitelist)

ExchangeDefender supports user defined whitelist, a list of email addresses to be treated as trusted senders whose emails should bypass some SPAM checks and get delivered to the Inbox.

Note: Trusted Senders still cannot send dangerous or malicious content, this setting simply bypasses SPAM checking but malware, Virus, phishing, and other security checks are still strictly enforced. Even though you can trust an email address to bypass SPAM checks, nobody is trusted to send viruses or links to malicious web sites (for example, trusted senders could have their IT compromised and the first attack is generally their address book).

ExchangeDefender supports trusted senders as users (by email address) or by domain (entire web sites and organizations). Simply click on +Add New and provide the sender address you wish to exclude from some SPAM checks.

Note: New whitelist entries take up to 2 hours to propagate through the ExchangeDefender inbound network.

ExchangeDefender whitelist / trusted sender database also contains addresses that we’ve confirmed to be legitimate, as well as trusted databases from your IT department and domain / organization administrators.

Users – Blacklists (Blocked Senders)

ExchangeDefender supports user defined blacklist, a list of email addresses to be treated as blocked senders whose emails should always be categorized as SureSPAM. We discourage our users from using blacklists unless you absolutely know the email address and the domain of the sender. Simply blacklisting email addresses, you find in your SPAM quarantine is not effective, most email addresses used by spammers are disposable and unlikely to send mail again.

The first time you attempt to define a blacklist you will be shown the following warning:

Using a blacklist in combination with Delete SureSPAM action will automatically drop messages from those senders at the gateway without a trace. This configuration, while supported, eliminates our ability to do effective support troubleshooting for missing messages.

Users – Phishing Policies

ExchangeDefender Phishing Firewall (EPF) automatically secures inbound mail by rewriting HTML links so they are forced through our firewall when you click on them in Outlook, Gmail, or any web-enabled email application.

To add a new web site to the Whitelist or Blacklist click on the + Add New button.

Phishing Whitelist policies allow you to configure sites which should always bypass the ExchangeDefender Security Center ( While this setting will not prevent URL rewriting, when you click on the link the system will recognize you, check your whitelist, and automatically send you to the web site.

Phishing Blacklist policies allow you to configure sites which should always be blocked. When you click on a link that sends you to a web site on the blacklist, you will be redirected to the ExchangeDefender Security Center ( and the threat will end there.

Users – Security Log

ExchangeDefender extensively logs all security activity on the admin portal and official applications that leverage our API. In the security log you will find authentication success and failures so you can identify when a hack attempt is under way. ExchangeDefender Security personnel is also auditing these logs on an ongoing basis and sending alerts to users who experience frequent password failures.

Note: If you see a lot of failed login attempts it would be a great time to change your password and turn on 2FA/OTP.

Users – Phishing Log

ExchangeDefender Phishing logs contain activity from ExchangeDefender Security Center ( and give users the ability to see which links were clicked on.

This information is provided for security audit purposes and for tracking which sites may have led to a security breach/compromise. Because dangerous malware distributed through phishing often results in destruction of a PC and/or network, ExchangeDefender as an external resource can help you determine which links may have been involved in distributing dangerous payload.

Note: Phishing audit log is also a helpful in determining if someone else is reading your email. If you’re seeing tons of clicks on links that you do not recognize or sites you haven’t been to, change your password immediately and alert your IT department.

Users – Settings

ExchangeDefender Settings section contains all the configurable settings and preferences you can set with ExchangeDefender and make it act the way you want.

Reports – If you subscribe to ExchangeDefender Pro, you will see the Reports tab with the Reports Options, Report Schedule, and Report Contents. ExchangeDefender can generate up to two daily SPAM Reports that contain items in your SPAM quarantine.

Report Options:

  • Disable email reports - Turns off email notices about quarantined SPAM.
  • Enable daily email report – Sends a daily SPAM report with messages that were classified as SPAM or SureSPAM during the past 24 hours.
  • Enable daily and intraday email reports - Sends the daily report, and another report later in the day with the messages that were classified as SPAM or SureSPAM since the last daily report was generated.

Report Schedule allows you to configure when the SPAM report should be generated. Keep in mind that it takes 15-45 minutes to generate the report, so if you absolutely need to have the report in your inbox by certain time, set the generation time an hour in advance.

Paging: Set the number of items ExchangeDefender displays in a list. When there are more than the number of items you’ve selected to show per page, ExchangeDefender will split results into multiple pages to improve responsiveness of the user interface.

Time zone: ExchangeDefender allows you to pick your time zone, according to which reports will be generated and timestamps displayed in the Admin Portal.

  • Password: ExchangeDefender Password tab gives you the ability to update your account credentials. ExchangeDefender recommends changing your password every 90 days, or enabling OTP/2FA to improve your account security.
  • PIN: ExchangeDefender offers phone and online support (portal, chat) and our team may request PIN as a form of account verification. If you need assistance with your service provider account, you will need this. PIN is also required for our Self Service Portal at which allows you to perform frequent ExchangeDefender backend tasks.
  • Alternate Email: ExchangeDefender can send password reset links to your alternate email if you forget your password, PIN, or get locked out of your ExchangeDefender account. If you lose access to all three, the only way to reset your credentials will be through your IT department.

One Time Passwords (OTP) – ExchangeDefender supports OTP/2FA (two factor authentication) to improve account security and we encourage all users to enable it whenever possible. Users that provide a mobile phone on this page will receive a confirmation text/SMS message with a short code to enroll the device.

Once enrolled, every login to the ExchangeDefender Admin Portal will require the users email address and once provided, text/SMS message will be sent to the mobile device on record instantaneously. While your passwords can be compromised/hacked/sniffed/stolen, it’s extremely difficult for someone to have a hold of your phone as well.

Friendly From Address - ExchangeDefender allows you to enable Outlook-style From: display address so you can see the name of the sender and the email they choose (instead of the envelope From: that their mail server uses). We recommend that you disable this setting as it can be forged/faked easily in order to get you to click on download dangerous or malicious content.

Known Devices - ExchangeDefender allows you to remember known/trusted devices. When you login to ExchangeDefender Admin Portal, your device information will be saved and tracked in order to isolate unauthorized access to your account.

If you check the Notifications box, our system will email you whenever access is granted to a new device, which could alert you to a possible service compromise.

SPAM Reports

If you subscribe to ExchangeDefender Pro you can receive two SPAM email reports delivered to your Inbox with a listing of all SPAM messages that have been captured in the past 24 hours (daily report) or since the last report was generated (intraday report).

This is a convenient feature for busy people and workers on the go because it does not require you to login to the ExchangeDefender Admin Portal in order to access SPAM messages, you just get a report of messages that you didn’t have to deal with. You can then check the report occasionally and make sure nothing important got classified as SPAM due to its contents.

There are two links next to each email that give you the ability to retrieve the message:

  • Deliver Email - Message will be released from ExchangeDefender Quarantine and delivered to your Inbox within one minute.
  • Trust Sender – Message will be released and the sender’s email will be added to the trusted senders list / whitelist.
Note: This is one of the most popular ExchangeDefender features. Release and Trust Sender links will work from mobile devices, laptop, desktop and the web. Furthermore, for your convenience, these functions are available even if IP restrictions are enforced because they do not actually give you access to any configuration items or data, all they do is trigger the release of the message to your Inbox (which you clearly already have access to).