Spam filters

Barracuda Email Security Gateway overview and troubleshooting tips

Barracuda is a leading email and web security vendor with products spanning email, network and application security, and data protection. Their products are used by more than 150000 businesses worldwide. Their Email Security Gateway product helps protect businesses from inbound spam, malware, phishing and denial of service attacks.

The Barracuda Email Security Gateway uses numerous layers of threat detection techniques to identify spam and other harmful messages.

  • Barracuda Reputation Block List (BRBL) (IP block list)
  • Domain and IP-based Reputation System (sender reputation)
  • Content-based (fingerprinting)
  • Bayesian analysis (language)
  • Behavioral, heuristic and signature analysis (malware and anti-virus detection)

Infrastructure

Regions

North America, Europe, Asia-Pacific

Website

Barracuda main website; Barracuda Essentials documentation

Allowlist

Barracuda has a global IP-based allowlist. Only senders that exhibit good sending practices and are CAN-SPAM compliant are eligible to be added to the allowlist through an internal Barracuda review process. Senders cannot apply to or pay to be on their allowlist.

Barracuda customers can block messages from allowlisted IPs if the administrators deem an allowlisted IP is sending spam.


Methodology

To give businesses more flexibility, Barracuda allows administrators to customize Email Security Gateway settings to fit their business needs.  This flexibility can lead to inconsistent filtering results for a sender at different businesses using Barracuda.

  • Barracuda collects data about messages classified as 'not spam' and 'spam' from Barracuda customers. When an incoming email is received at a specific Barracuda customer, the characteristics of that message are compared to known spam messages.
  • All incoming email is scanned for potential threats and assigned a spam score. The spam score measures the probability that the message is spam and ranges from 0 (not spam) to 10 (spam).
  • The default settings for filtering decisions based on the spam score are:
    • Under 3 is likely to be delivered to the recipient 
    • From 3-5 is likely to be quarantined or deferred
    • Above 5 is likely to be blocked
  • In most cases, senders receive bounce messages (non-delivery reports) from the mailbox provider for deferred and blocked messages.

Troubleshooting

  • Ensure your email system is not sending spam or viruses from an unauthorized third party.
  • Check your overall complaint rates and volumes through complaint feedback loops. Barracuda does not provide a complaint feedback loop, however, high complaint rates at other providers can signal a problem with your list quality. Barracuda factors complaints into their spam score.
  • Check the email headers of a message sent through the Barracuda Email Security Gateway. Look for headers such as "X-Barracuda-Spam-Score:" or "X-BESS-spam-score". Use the spam score guidelines above to determine how your email is perceived by the mailbox provider. Deferrals and blocks may indicate an issue with your list quality and overall sending practices.
  • Ensure you are respecting the mailbox provider's server resources. Administrators can customize connection and throughput settings for incoming email for a domain and IP.
    • They can set a threshold value for maximum number of messages per IP address allowed every 30 minutes.
    • If you exceed the value set by the administrator in 30 minutes, your message will be deferred until the next 30 minute time period.
    • If you see evidence of throttling in your SMTP codes, reduce your sending volume until the deferral messages subside.
    • Administrators can exempt trusted IP addresses from rate controls for important partnerships. Contact the email adminstrator if you are their partner and see throttling or other delivery issues.
  • Check your SMTP bounce codes to help you identify potential problems. Administrators have the flexibility of not sending bounce codes or customizing them to fit their individual needs.
    • Sending bounce codes to a sender for deferrals and blocks is the default setting.
  • Look up your IP reputation at BarracudaCentral.
    • Review the common reasons why your IP may be listed on their block list or have a poor reputation.
    • Investigate and fix any potential causes for high complaints and spam traps as they are common reasons to be blocklisted.
    • If you feel you have fixed the root cause of the issue, request removal.
  • Check IPs and domains for blocklistings. Barracuda allows administrators to accept third party block lists of their choosing, so it is best to check all of them.
    • MX Toolbox (IP)
    • Spamhaus DBL (domain)
    • URIBL (domain)
    • SURBL(domain)
    • Barracuda does not disclose which third party block lists they or their customers use, however, a listed IP or domain can indicate a problem that Barracuda may be factoring into their filtering decisions.
    • This is especially important for new IPs and domains with limited sending history.
  • Is your new IP recently recycled? Ask your email service provider (ESP) when the last time the IP had any sending volume on it prior to being assigned for your use. IPs used recently by another sender could still have a poor reputation attached to it.
    • Barracuda does not disclose how long they keep records of an IP or domain.
    • A general guideline is for an IP to have zero sending volume for at least six months prior to it being assigned to another sender.
  • Ensure you are authenticating all email with SPF, DKIM and DMARC and confirm they are passing checks at mailbox providers such as Gmail, Microsoft, and Yahoo. Barracuda uses these authentication protocols to help protect their users from domain spoofing.
  • Ensure you have valid PTR records for your sending domains. Sending domains without a PTR record may be blocked.
  • Make sure you are not sending attachments with bulk marketing email. Attachments sent to numerous recipients at the same time are likely to be perceived as spam or phishing.
    • If you want the recipient to download a whitepaper or other resource, use a link to your website where the recipient can download the document directly.
  • If you send an attachment in 1:1 communications, Barracuda will scan it for potential threats. Make sure all attachments are free from viruses and malware.
    • Ensure your attachment is not password protected because an administrator may choose to defer or block messages with password protected attachments.
  • Ensure you are using either a shared or dedicated IP address for your bulk marketing email. Do not use a dynamic IP address as they are frequently used by spammers.
  • Check your subject lines and content for potentially private information such as as credit card, social security, and driver's license numbers. These numbers could be perceived as an attempt to steal personally identifiable information from the recipient.
  • Check any domains, email addresses, web links, and phone numbers associated with your business that are embedded in your email. Make sure they are accurate. Barracuda scans this information to ensure they are associated with legitimate businesses. Misspellings or other inaccuracies could cause some of your email to be perceived as spam or a phishing.
    • For example, if your domain is: abcdomain.com and it is misspelled as acbdomain.com, it could be perceived as "typosquatting", which is a technique spammers use to steal information or spread malware.
    • If you own misspelled domain variants of domains you own for your protection, consider using a tool such as Desvio. Barracuda uses Desvio and other tools to help identify misspelled domain names.
  • Ensure you have a mix of Images and text in your email. An email sent with only an image may be perceived as 'image spam'. Barracuda has technologies that can read the text in the image, so be sure to keep image-based text relevant to the overall message.
  • If you are hosting your web properties on a free website service, redirects to another website may be perceived as an attempt to hide your identity.
    • Barracuda checks these redirects to known spammer websites, so legitimate uses for redirects are likely okay.
    • However, your email may receive extra scrutiny from some Barracuda customers if the free web property URL redirects to another website.
  • Ensure the message content is relevant to the type of communication sent. Barracuda categorizes email into groups which administrators can use to defer or block email. By default, Barracuda allows all types of emails regardless of category. So be sure you are not mixing message content to try and fool the system. Some administrators may interpret that behavior as spam or phishing. The categories are:
    • Corporate: 1:1 business communication
    • Transactional: order confirmation, invoice, receipt, shipping notice, etc.
    • Marketing: promotional mail
    • Mailing lists: email from news groups or other subscriptions services
    • Social media updates: notifications from Facebook, LinkedIn, and other social media services

Related articles

Turn your data into revenue

Whether you’re looking to optimize the performance of your email marketing, data management or sales functions, Validity is your trusted partner to ensure you’re reaching who you need to.

Company
Products
Solutions
Resources
Contact