Status Page
Monitoring - Our engineering team identified an issue with some messages not being processed properly through the filter servers for certain recipients causing messages to queue. This was quickly identified and a fix was implemented, but it took some time to have all messages cleared and pushed out from the queue resulting in the delays. We certainly apologize for any inconvenience this has caused as we understand the importance of timely mail.
May 13, 17:14 CDT
Monitoring - Security Phishing Advisory Clarification
On May 11, 2021, Zix was alerted to a phishing campaign, purported to originate from Zix, as reported in a vendor blog post. This phishing campaign did not originate from Zix or its link protection service.

Our security team immediately began an investigation based upon the information presented. Based upon our analysis, the phishing campaign originated from a compromised Microsoft 365 account belonging to Authentic Title, LLC, who is not a Zix customer. This means the compromised account was manipulated to send several thousand emails targeting various domains. Only a small subset of the phishing messages were sent to Zix customers from the compromised account.

We are continuing to analyze this phishing campaign, just as we routinely monitor thousands of campaigns daily. Our threat intelligence evolves in real time as the threat landscape changes.

For more information on how these types of account compromises work, check out Malicious Office 365 Apps Are the Ultimate Insiders by Brian Krebs (https://krebsonsecurity.com/2021/05/malicious-office-365-apps-are-the-ultimate-insiders/).

Recommendations for Zix | AppRiver Customers
Customers can protect themselves against the threat activity described above by ensuring that multi-factor authentication (2FA) is enforced within Microsoft 365, limiting the 2FA to an authenticator app with SMS text as a backup.
Review your application grants, as described in the Brian Krebs article. This Microsoft document describes how to check your Microsoft 365 grants (https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants?view=o365-worldwide).

We will provide an update as new information becomes available.

Contact us if you’d like a security review of your Microsoft 365: https://zix.com/audit.
May 12, 16:05 CDT
Monitoring - The Latest update from Microsoft is below:

Title: Issue affecting viewing email content in Outlook

User Impact: Users may have been unable to view email message content within Outlook.

More info: Impact was specific to the Outlook client and users with access to other protocols, such as Outlook on the web or the Outlook mobile app, could view message content in those platforms as a potential workaround while our fix was applied.

Final status: We've confirmed that the fix successfully resolved the issue, though some users will be required to restart their email client for the change to take effect. In some circumstances, a second restart may be necessary.

Scope of impact: This issue could have affected any user attempting to view an email message in the Outlook client.

Start time: Tuesday, May 11, 2021, 1:24 PM (6:24 PM UTC)

End time: Tuesday, May 11, 2021, 10:00 PM (5/12/2021, 3:00 AM UTC)

Preliminary root cause: A recent change to systems that facilitate text display management for content within the Outlook client caused impact. A full root cause analysis will be performed by the Microsoft team and additional details will be provided in the PIR.
May 12, 07:07 CDT
Update - Title: Issue affecting viewing email content in Outlook

User Impact: Users may be unable to view email message content within Outlook.

More info: Impact is specific to the Outlook client and users with access to other protocols, such as Outlook on the web or the Outlook mobile app, can view message content in those platforms as a potential workaround while our fix is applied.

Current status: We’ve identified the underlying cause of impact and are applying a fix. This fix will reach all affected users incrementally over the course of the next four-to-five hours. Once users receive the fix, they will need to restart their email client to apply the fix. In some circumstances, users may need to restart their client a second time for the changes to take effect. We expect to complete this process and restore service for all affected users by May 12, 2021, at 3:00 AM UTC.

We encourage affected users who are able to do so to leverage the workarounds described above in the "more info" section of this post while we complete the process of fixing this problem.

Scope of impact: This issue could affect any user attempting to view an email message in the Outlook client.

Root cause: A recent change to systems that facilitate text display management for content within the Outlook client caused impact.

Next update by: Wednesday, May 12, 2021, at 3:00 AM UTC
May 11, 17:33 CDT
Update - Title: Issue affecting viewing email content in Outlook

User Impact: Users may be unable to view email message content within Outlook.

More info: Initial reports indicate that impact is specific to the Outlook client and users with access to other protocols, such as Outlook on the web or the Outlook mobile app, can view message content in those platforms as a potential workaround.

Current status: We're continuing to analyze recent updates to the environment and the associated code as we work to isolate the cause of impact. Our efforts are focused on determining the most expedient means of remediating this issue.

Scope of impact: This issue could affect any user attempting to view an email message in the Outlook client.

Next update by: Tuesday, May 11, 2021, at 10:30 PM UTC
May 11, 16:31 CDT
Update - Title: Issue affecting viewing email content in Outlook

User Impact: Users may be unable to view email message content within Outlook.

More info: Initial reports indicate that Outlook on the web is unaffected and users with access to Outlook on the web can view email messages there while we work on a solution.

Current status: We're gathering and analyzing data in an effort to isolate the cause of impact. Initial reports indicate that impact is specific to the Outlook client and users with access to other protocols, such as Outlook on the web or the Outlook mobile app, can view message content in those platforms as a potential workaround.

Scope of impact: This issue could affect any user attempting to view an email message in the Outlook client.

Next update by: Tuesday, May 11, 2021, 4:30 PM (9:30 PM UTC)
May 11, 15:59 CDT
Identified - Title: Issue affecting viewing email content in Outlook

User Impact: Users may be unable to view email message content within Outlook.

More info: Initial reports indicate that Outlook on the web is unaffected and users with access to Outlook on the web can view email messages there while we work on a solution.

Current status: We're gathering and analyzing data in an effort to isolate the cause of impact. Initial reports indicate that impact is specific to the Outlook client and users with access to other protocols, such as Outlook on the web or the Outlook mobile app, can view message content in those platforms as a potential workaround.

Scope of impact: This issue could affect any user attempting to view an email message in the Outlook client.

Next update by: Tuesday, May 11, 2021, 4:30 PM (9:30 PM UTC)
May 11, 15:51 CDT
Update - Title: We're looking into a potential problem affecting email content within Outlook

User Impact: Office 365 users may be unable to view email message content within Outlook.

More info: Initial reports indicate that Outlook on the web is unaffected and users with access to Outlook on the web can view email messages there while we work on a solution.

Current status: We're investigating a potential issue affecting users' ability to view email message in Outlook. We'll provide an update in 30 minutes.

Scope of impact: This issue could affect any user attempting to view an email message in Outlook.

EX255650, Exchange Online, Last updated: May 11, 2021 2:55 PM
Estimated start time: May 11, 2021 2:54 PM
May 11, 15:00 CDT
Investigating - We are currently investigating reports of Microsoft Outlook clients not displaying messages correctly within the Outlook client. Some customers are having success with reading their email via Online Web Access though.
May 11, 14:43 CDT
Update - April 2021 Exchange Server Security Updates

April 14, 2021

On April 13, 2021 Microsoft informed the Zix / AppRiver Hosted Exchange Team about four new critical Microsoft Exchange Server vulnerabilities. Microsoft released security updates addressing these vulnerabilities as part of the normal monthly patching cycle on the same day.

Our Hosted Exchange Team immediately began the process of implementing these security updates. The updates were deployed to our production environment starting on April 13 and finishing early April 14. Our Hosted Exchange Team continues to monitor information provided by Microsoft and will respond further as needed.

These vulnerabilities are described here:  CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483. These vulnerabilities communicated by Microsoft are all labeled as “Critical” with CVSSS scores of 9.8, 9.8,8.8 and 9.0 respectively.

These vulnerabilities do not impact customers using Microsoft 365 email services.
Apr 14, 16:25 CDT
Update - As a Microsoft partner, Zix | AppRiver received notification directly from Microsoft late Tuesday, March 2, 2021. Zix took immediate action upon being alerted to the attack, and quickly deployed software patches and scanning tools issued by Microsoft, among other remedial measures. Zix also launched an internal investigation and retained a forensic consultant to assist in its investigation, containment, and remediation efforts. Zix’s investigation has not revealed any evidence that the attackers were successful in obtaining unauthorized access to, or acquiring, the content of any customer email accounts in connection with this incident.
Apr 1, 09:50 CDT
Monitoring - Microsoft Security Advisory:

On March 2, the Microsoft Threat Intelligence Center warned in a blog post of a campaign to exploit previously unknown vulnerabilities affecting Exchange Server software.

The tech giant is tracking those vulnerabilities as follows:

CVE-2021-26855: a server-side request forgery (SSRF) bug in Exchange that allows a malicious actor to send arbitrary HTTP requests and authenticate as the Exchange server.
CVE-2021-26857: an insecure deserialization vulnerability in the Unified Messaging service that enables an attacker to run code as SYSTEM on the Exchange server once they’ve obtained admin permissions or exploited another security bug.
CVE-2021-26858: an arbitrary file write vulnerability in Exchange that could allow someone to write a file to any path on the server after they’ve authenticated themselves by exploiting CVE-2021-26855 or stealing a legitimate set of credentials.
CVE-2021-27065: a vulnerability that operates similarly to CVE-2021-26858.

Microsoft identified HAFNIUM as the primary threat actor abusing the vulnerabilities described above at the time of its security advisory.

For more information: https://zix.com/resources/blog/march-2021/least-30k-us-orgs-affected-threat-actors-targeting-exchange-bugs
Mar 8, 16:48 CST
Update - We are continuing to see and investigate degraded performance issues associated with our Secure Surf service. Our development and engineering teams have corrected some of the degraded performance, but are still working through issues that some customers are continuing to experience. Our team will continue to monitor internally and with vendors to resolve this issue fully. We apologize for any inconvenience this may cause.
Feb 8, 09:58 CST
Update - We are continuing to see and investigate degraded performance issues associated with our Secure Surf service. While on going work done by our development and engineering teams have corrected some of the degraded performance issues we are seeing we are not at an acceptable resolution yet. Our team is continuing to work internally and with vendors to resolve this issue fully. We apologize for any inconvenience this may cause.
Jan 26, 10:55 CST
Identified - This service is still experiencing performance issues. Our engineering teams are continuing to triage the inconsistencies associated with honoring the allowed site settings along with some issues associated with normal browsing. We apologize for any inconvenience this may cause.
Jan 15, 16:13 CST
Update - Our engineering and development teams are continuing to investigate this issue. Some customers using the Secure Surf service are experiencing an inability to get to some sites and manage settings. We will provide more information as it becomes available. We apologize for any inconvenience this may cause and the extended delay in getting this issue resolved.
Jan 12, 09:19 CST
Update - Our teams is continuing to investigate the issues with some customers using the Secure Surf service experiencing an inability to get to some sites and manage settings. We will provide more information as it becomes available. We apologize for any inconvenience this may cause.
Jan 11, 07:22 CST
Investigating - Our engineer and development teams are investigating issues with some customers using the Secure Surf service experiencing an inability to get to sites and manage settings. We will provide more information as it becomes available. We apologize for any inconvenience this may cause.
Jan 8, 20:20 CST
Secure Cloud Platform Operational
Customer Portal Operational
Partner Portal Operational
Billing Area Operational
Secure Hosted Exchange Operational
Exchange 2013/2016+ (EXG7) Operational
Office 365 Operational
Email Security ? Degraded Performance
Email Encryption Operational
Email Continuity Operational
Archive Operational
Web Protection ? Degraded Performance
DNS Hosting Plus Operational
Support Infrastructure Operational
AppRiver Phone System Operational
AppRiver Live Chat Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Past Incidents
May 14, 2021

No incidents reported today.

May 13, 2021

Unresolved incident: Possible Mail Delays.

May 12, 2021

Unresolved incidents: Security Phishing Advisory Clarification, Microsoft Outlook display issues with Office 365 or Exchange customers.

May 11, 2021
Resolved - This issue has been resolved per Microsoft.
May 11, 09:40 CDT
Update - May 11, 2021 6:57AM

Title: Users having multiple issues related to email flow, links within email messages and the Microsoft Defender portal

User Impact: Users may experience multiple issues related to email flow, links within emails and the Microsoft Defender portal

More info: Impacted scenarios include, but are not limited to:
- Some customers might be experiencing delays with Automated Investigations in Defender for Office 365. Additionally, Deeplink integration between these investigations and actions may not load as expected. We are working on cancelling investigations that resulted from the erroneous alerts and working on reducing latency of rest of the automated investigations and system.
- Users were previously unable to send or receive email from multiple legitimate domains such as Google, or DropBox. Messages from these domains would have been quarantined. This issue is resolved now.
- Users were unable to access links within emails as they were identified as risky. This is no longer occurring for legitimate email.
- Users may have been blocked from sending emails, if their messages were incorrectly flagged as spam or phishing attempts. We've unblocked all known impacted users.
- Users may have previously experienced latency within the Microsoft Defender portal due to large numbers of erroneous alerts. We have mitigated the performance issues related to Defender portal.

Newly sent emails and links within emails are working correctly as of Monday, May 10, 2021 2:37 PM UTC.

This is continuation of multiple communications, and users may have seen aspects of this event reported previously under EX255432 and EX255435 before the full impact of this incident was understood.

Current status: We are working on cancelling investigations that resulted from the erroneous alerts and working on reducing latency of rest of the automated investigations and system. We expect our testing and deployment process to take an extended period of time.

Scope of impact: This could potentially impact any user.

Start time: Monday, May 10, 2021, at 12:00 AM UTC

Next update by: Tuesday, May 11, 2021, at 7:00 PM UTC
May 11, 08:22 CDT
Update - Title: Users having multiple issues related to email flow, links within email messages and the Microsoft Defender portal

User Impact: Users may experience multiple issues related to email flow, links within emails and the Microsoft Defender portal

More info: Impacted scenarios include, but are not limited to:
- Users were previously unable to send or receive email from multiple legitimate domains such as Google, or DropBox. Messages from these domains would have been quarantined. This issue is resolved now.
- Users were unable to access links within emails as they were identified as risky. This is no longer occurring for legitimate email.
- Users may have been blocked from sending emails, if their messages were incorrectly flagged as spam or phishing attempts. We're working to unblock these users.
- Users may have previously experienced latency within the Microsoft Defender portal due to large numbers of erroneous alerts. We have mitigated the performance issues related to Defender portal.
- These same alerts are also causing delays in getting the latest alert and email information to admins in Threat Explorer. We're working to identify the most expedient way of restoring Threat ingestion.

Newly sent emails and links within emails are working correctly as of Monday, May 10, 2021 2:37 PM UTC.

This is continuation of multiple communications, and users may have seen aspects of this event reported previously under EX255432 and EX255435 before the full impact of this incident was understood.

Current status: We've completed reprocessing emails that were incorrectly quarantined during the impact window. We've identified a number of users that remain unable to send new messages and are working to unblock them; though, we've confirmed that no new users will be incorrectly blocked. Furthermore, we're investigating the most expedient means of optimizing Threat Explorer ingestion and resolving the ingestion delays.

Scope of impact: This could potentially impact any user.

Start time: Monday, May 10, 2021, at 12:00 AM UTC

Next update by: Monday, May 10, 2021, at 10:30 PM UTC
May 10, 16:35 CDT
Update - Title: Users having multiple issues related to email flow, links within email messages and the Microsoft Defender portal

User Impact: Users may experience multiple issues related to email flow, links within emails and the Microsoft Defender portal

More info: Impacted scenarios include, but are not limited to:
- Users may be unable to send or receive email from various domains. Some of the domains include Google.
- Users may notice legitimate messages are getting quarantined.
- Users are unable to access links within emails as they're identified as risky.
- Users may get blocked from sending emails, if their messages were incorrectly detected as spam or phish.
- Admins might see delays in getting latest alert information and email information in Threat Explorer.
- Microsoft Defender may be receiving a large amount of erroneous alerts, which could result in overall latency navigating within the Microsoft Defender portal.

Newly sent emails and links within emails are working correctly as of Monday, May 10, 2021 2:37 PM UTC.

This is an amalgamation of incidents and users may have previously seen these impacts reported under EX255432 and EX255435.

Current status: We've confirmed that newly sent emails and links within emails are working as expected. We've reprocessed emails for the most heavily impacted domains and we're monitoring email queues to ensure they deliver as expected. Once those emails email queues have drained, we'll continue to reprocess the emails on the remaining domains. Additionally, we've restored the latency issues with the Microsoft Defender portal.

Scope of impact: This could potentially impact any user.

Next update by: Monday, May 10, 2021, 3:30 PM (8:30 PM UTC)
May 10, 15:13 CDT
Monitoring - Title: Some users see legitimate email quarantined/marked as malicious in Exchange Online Protection & Defender for Office 365
ID: EX255432

Details
Title: Some users see legitimate email quarantined/marked as malicious in Exchange Online Protection & Defender for Office 365

User Impact: Users are seeing legitimate email quarantined or marked as malicious within EOP and Microsoft Defender for Office 365.

More info: Users of Microsoft Defender for Office 365 and Microsoft 365 Defender may see following additional impact:
- An increase in the number of URL related alerts for non-malicious URLs.
- An increase in the number of Zapped Phish AIR investigations within Microsoft Defender for Office
- Legitimate Emails being marked as malicious within Threat Explorer.
- Delays in getting the latest email information within Threat Explorer.

Current status: We've identified a recent change in the infrastructure that serves these scenarios that inadvertently caused impact to the service. We're in the process of deploying a fix to restore the service and then reprocess any impacted URLs.

Scope of impact: Impact is specific to users who are served through the affected infrastructure.

Start time: Monday, May 10, 2021, at 12:00 AM UTC

Root cause: Legitimate URLs are incorrectly listed within our detection rules, resulting in impact.

Next update by: Monday, May 10, 2021, at 5:30 PM UTC
May 10, 10:35 CDT
Update - Title: Some users are seeing that legitimate email is being quarantined within the Exchange Online service

User Impact: Users are seeing that legitimate email is being quarantined within the Exchange Online service.

Current status: We're continuing with delisting the legitimate URLs from our anti-spam detection.

Scope of impact: Impact is specific to users who are served through the affected infrastructure.

Start time: Monday, May 10, 2021, at 6:26 AM UTC

Root cause: Legitimate URLs were incorrectly listed within our Anti-Spam detection rules, resulting in impact.

Next update by: Monday, May 10, 2021, at 4:00 PM UTC
May 10, 08:40 CDT
Identified - Title: Legitimate email is being sent to quarantine
ID: EX255432

Service Degradation

Title: Some users are seeing that legitimate email is being quarantined within the Exchange Online service

User Impact: Users are seeing that legitimate email is being quarantined within the Exchange Online service.

Current status: We've identified that this issue is affecting a wider region and are working to delist the legitimate URLs from our anti-spam detection, to resolve the issue.

Scope of impact: Impact is specific to users who are served through the affected infrastructure.

Next update by: Monday, May 10, 2021, at 1:00 PM UTC
May 10, 07:16 CDT
May 10, 2021
Resolved - This incident has been resolved.
May 10, 10:42 CDT
Identified - We are currently investigating a reported issue where some select users on a particular filtering server may be experiencing an issue releasing emails held in their quarantine or possibly showing on their quarantine message reports.  We apologize for any inconvenience this may cause.
Apr 28, 10:47 CDT
Resolved - This incident has been resolved.
May 10, 09:18 CDT
Monitoring - Mail flow has returned to normal process speeds and we are actively engaged with Microsoft to monitor if any issues occur. We apologize for any inconvenience this may have caused.
May 7, 13:50 CDT
Investigating - We are currently investigating issues with delayed emails from our filters to Office 365. We are actively working with Microsoft to resolve this. We apologize for any inconvience this may cause.
May 6, 13:14 CDT
May 9, 2021

No incidents reported.

May 8, 2021

No incidents reported.

May 7, 2021
May 6, 2021
May 5, 2021
Resolved - This incident has been resolved.
May 5, 12:53 CDT
Investigating - We are currently investigating reports of Customer Portal performance issues. We appreciate your patience and will update as we have more information available.
May 5, 11:03 CDT
May 4, 2021
Resolved - This incident has been resolved.
May 4, 09:23 CDT
Monitoring - Our exchange team was able to restore mail flow and connectivity to our Hosted Exchange service that was affecting our Zurich data center. We apologize for any inconvenience this may have caused and will continue to monitor performance throughout the day.
May 3, 09:25 CDT
Investigating - We are currently investigating an issue with Hosted Exchange where some users may experience mail delays or issues connecting to the service. Our engineers are investigating and we will update the status as more information is available.
May 3, 05:44 CDT
May 3, 2021
Resolved - This incident has been resolved.
May 3, 09:16 CDT
Update - Our development and engineering teams are still investigating this issue to ensure that the issue is fully resolved. As an extra precaution to mitigate this issue and ensure that any email held in error the team is starting a process to perform a full rescan for that subset of customers that may have seen this issue occurring. We understand the importance of timely mail flow and sincerely apologize for any inconveniences this may have caused. Once the team has completed the full rescan we will post another status update.
Apr 16, 17:18 CDT
Update - The mail queue rescans to release valid mail that was held erroneously has been completed. We are still monitoring for any new reports and will process those immediately. We understand the importance of timely mail flow and apologize for any inconvenience this may have caused.
Apr 16, 09:34 CDT
Update - The mail queue rescans to release any valid mail that was held erroneously is still in process. We understand the importance of timely mail flow and sincerely apologize for any inconveniences this may have caused. We will continue to monitor performance throughout the evening.
Apr 15, 17:01 CDT
Update - Our team continues to monitor and test the actions put in place to correct this issue. They expect to begin a process of starting a re-scan for messages that may have been held erroneously to release valid mail.
Apr 15, 11:13 CDT
Monitoring - Our team continues to monitor and test the the actions put in place to correct this issue. They expect to begin a process of starting a re-scan for messages that may have been held erroneously to release valid mail.
Apr 15, 11:10 CDT
Investigating - Our Development and Engineering teams have identified a mail classification issue affecting mail flow for a small subset of customers. We are currently investigating this issue and working to rectify this as soon as possible. We apologize for any inconvenience this may cause.
Apr 15, 08:43 CDT
May 2, 2021

No incidents reported.

May 1, 2021

No incidents reported.

Apr 30, 2021

No incidents reported.