60+ days of Barracuda Spam Filtering

It has now been 60+ days of using Barracuda Spam Filtering. We were testing and using the Virtual Machine version, v300. As I said the my 30 days of Barracuda Spam Filtering, installation was fairly straight forward.


Now that a few of our more critical domains here at NetworkX [aka CarlC Internet Services] are using the Barracuda, we are seeing more and more blocking. The Barracuda still does some things I just don’t quite understand, and I will show you what I mean later, but overall, it’s finally getting the hang of it. My original argument was “Is $1500 really the right price for this product, compared to the fact you can create an open source version for just time and effort?”. Now, I feel like it maybe worth the $1500.


Each domain appears to be taken separately. What I mean is, I can see where one domains spam is another domains valid email. After adding a real estate company to the spam filter, their domain wants emails with “refinance now” and “lower interest rates” to come through because those are from valid businesses trying to reach the real estate company. Another car club domain we host would not want that. It is nice to see that the Barracuda appears to look at domains individually.


What I do like more and more about Barracuda is the Outlook plug in. While the Barracuda can send emails every day to say “Uh, Is this spam or not?”, you can click on an immediate “YES/NO” button in outlook.


Now for something just mind boggling… While I can see at times a spam that’s being sent to 5 different people in the same domain, Barracuda will block it say 3 times, let the forth go into quarantine and then block the fifth. I’ve seen this a few times, and it’s kind of mind boggling. The message was 100% spam, but for some reason the 2nd or 3rd or 4th try is the magic. At least it did stop the 4 out 5 messages.


Combo punch… Where I really see this shine is when I use TMDA behind the Barracuda. TMDA is best explained here: www.tmda.net . Yes, TMDA is old because, it works and works well. I like that if a possible spam message gets past Barracuda, TMDA is going to block it. What Barracuda has done is limited the TMDA size to a few per day now. I can easily see what’s in TMDA and decide “yes, allow this email address access or no, tell the Barracuda to stop this kind of silly stuff”.


And just maybe… I have noticed the attacks, or should I say attempts, against sending spam to a domain that’s been on the Barracuda for over 40+ days seems to decrease. I’m starting to wonder if the more intelligent spam sources are removing our domains from their lists, as they don’t want to get blocked by Barracuda’s world wide. Since you can submit the emails that are either passed or quarantine to Barracuda to add as a “SPAM” message for future blocking, this could be reducing the attacks against each domain on the Barracuda Virtual Server.


One more thought… Barracuda does make it’s block list, IP addresses that are blocked, available to the public. You have to sign up on the website, but then you can query their database. Maybe certain spammers have signed up and are keeping an eye on how much they send so as to stay below the target? This would give a spammer instant access to know if they are being blocked from their sending points and could shape traffic accordingly. On the other hand, if I’m a spammer, I can be sending to a domain, and suddenly see I’m now on the Barracuda block list, I would remove sending to that domain in the future as it would cause me to get blocked. Therefor, it’s quite possible using a Barracuda is working to minimize future SPAM.


Overall… I’m happy with the Barracuda VM v300. It’s pricy, so not everyone who wants to keep their email data in their own cloud [Sorry Google, Microsoft, Yahoo!, you don’t need access to my data, besides, I’m sure it would bore you] can purchase it, but it seems to do the job and improves with time.