What’s the Barracuda Spam Filter and Blocklist All About?
We have no idea if barracudas in the wild are likely to devour spam. But we do know that the company Barracuda Networks is awfully good at filtering and blocking email spam (which is “devouring” in a sense).
The Barracuda spam filter is one of the most well-known and effective in the email industry. Administrators often use Barracuda for email security and configure this spam filter for G Suite and Outlook inboxes. So, understanding the Barracuda filter is especially important for B2B email communication.
There’s also a major blocklist run by the network, which is known as the Barracuda Reputation Blocklist (BRBL). Let’s take a closer look at a key player in the world of email marketing, including how the Barracuda spam filter works.
What is Barracuda Networks?
For starters, it has nothing to do with fish. While the snake-like water creature with gnarly teeth and bugged-out eyes is pretty scary to swimmers, Barracuda Networks puts fear in the hearts of cybercriminals and spammers.
The company started as a spam and virus firewall back in 2003. It now offers a variety of other security products and services including data protection, network security, as well as application and cloud security.
At this point, Barracuda has been helping mailbox providers and system admins stop spam for about two decades. For many years now, the company has also been recognized as a leader in email security by companies like Gartner, Forrester, and Europe’s SC Awards.
Is Barracuda a spam filter or a blocklist?
Barracuda Networks offers both a customizable spam filter and a blocklist, the latter of which it introduced in 2008. Its email blocklist is open source and free for the public to use. Unless you’re a known spammer, that is.
The company also offers email security solutions with features that protect against phishing, malware, DoS attacks, outbound email filtering, and more. Barracuda states that it protects around a billion emails every day.
Of course, inbound spam filtering is where Barracuda Networks got its start. The Barracuda spam filter identifies incoming mail from known spammers, catches spammy links in messages, and even has high-tech ways of finding hidden content that traditional spam filters may miss.
How does the Barracuda spam filter work?
Like other email spam filters, Barracuda has a method for giving messages a score that rates their likelihood of being spam. Among other factors, the filter looks for the following:
- Is the sender already on a list of suspicious IP addresses?
- Are there any known viruses or malware in the email?
- Bayesian spam analysis: How does the message compare to a database of other emails that are known spam?
- Spam intention analysis: Does the message appear to try and persuade the recipient to do something a spammer would want?
- Does the email fail any specific rules that the user/admin has set up or customized?
- Spam fingerprinting: Has the email already been marked by another Barracuda installation?
To clarify that last point on spam fingerprinting… When a Barracuda Network user identifies an email that’s malicious or spammy, information about the message gets sent to Barracuda Central where it can be shared with others who’ve installed the filter.
The Barracuda spam filter works efficiently because it knows it should look for the “deal breakers” first. That means it’s going to check blocklists and scan for viruses before it examines smaller spam signals.
The Barracuda spam report
Barracuda’s Email Gateway Defense is a pass-through system that uses custom X-headers, which are added to the email’s main header and used by mailbox providers to determine if an email should be blocked, marked as spam, or land in the inbox.
Here’s an example of a Barracuda header:
X-Barracuda-Start-Time: 1332864901 X-Barracuda-URL: http://172.26.14.249:8000/url-mod/address.com X-Barracuda-Bayes: SPAM GLOBAL 1.0000 1.0000 4.3430 X-Barracuda-Spam-Score: 2.03 X-Barracuda-Spam-Status: No, SCORE=2.03 using global scores of TAG_LEVEL=3.0 QUARANTINE_LEVEL=5.0 KILL_LEVEL=7.0 tests=BSF_SC0_SA_TO_FROM_DOMAIN_MATCH, BSF_SC7_SA578_CH, DATE_IN_PAST_12_24, DATE_IN_PAST_12_24_2, HEAD_LONG, HTML_MESSAGE, LONG_TERM_PRICE X-Barracuda-Spam-Report: Code version 3.2, rules version 188.8.131.52409 pts RULE_NAME description ---- ---------------------- ---------------------- 0.50 HEAD_LONG Message headers are very long 0.01 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date 0.21 LONG_TERM_PRICE BODY: LONG_TERM_PRICE 0.00 HTML_MESSAGE BODY: HTML included in message 0.50 BSF_SC7_SA578_CH Custom Rule SA578_CH 0.01 BSF_SC0_SA_TO_FROM_DOMAIN_MATCH Sender Domain Matches Recipient Domain 0.80 DATE_IN_PAST_12_24_2 DATE_IN_PAST_12_24_2 X-SA-Exim-Connect-IP: 184.108.40.206 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on server-4 X-Spam-Level: -0.5 X-Spam-Status: No, score=-0.5 required=5.7 tests=BAYES_00,DATE_IN_PAST_12_24, HTML_MESSAGE,LONG_TERM_PRICE,L_BILLS,L_TAX1,T_LOTS_OF_MONEY autolearn=no version=3.3.1
It’s a lot to take in, right? Let’s break down two of the most important X-headers in this string of text, because that’s what you really care about.
This bit of the header indicates the final result of spam scoring after all the tests and checks are performed.
Keep your Barracuda spam score low enough, and mailbox providers are more likely to open the door to your subscribers’ inboxes. But if your email crosses a threshold and scores too high, you’re probably going to land in spam or even get blocked.
Of course, the score 2.03 doesn’t mean much on its own. It sounds low. But is it low enough? That depends…
Here’s a look at the information in the X-Barracuda-spam-status header:
X-Barracuda-Spam-Status: No, SCORE=2.03 using global scores of TAG_LEVEL=3.0 QUARANTINE_LEVEL=5.0 KILL_LEVEL=7.0 tests=BSF_SC0_SA_TO_FROM_DOMAIN_MATCH,
BSF_SC7_SA578_CH, DATE_IN_PAST_12_24, DATE_IN_PAST_12_24_2, HEAD_LONG, HTML_MESSAGE, LONG_TERM_PRICE
X-Barracuda-Spam-Report: Code version 3.2, rules version 220.127.116.11409
This x-header defines the parameters for what gets delivered to the inbox, filtered to spam, or blocked.
First, you’ll notice the word “No” at the start of the X-header. That means this email was not considered spam (isn’t that a relief?). That’s because a score of 2.03 doesn’t meet the criteria for getting tagged, filtered, or blocked. There are three “levels” mentioned in this X-header:
TAG_LEVEL=3.0This means if an email reaches a score of 3.0, it could be tagged in the inbox as possible spam because some things were a little bit suspicious.
QUARANTINE_LEVEL=5.0This means if a message scores 5.0 or higher, Barracuda recommends that mailbox providers treat it like true spam and send it to the junk folder.
KILL_LEVEL=7.0This means that if the message reaches a score of 7.0 or higher, it should be rejected and blocked from delivery.
There are two important factors to keep in mind about Barracuda spam scoring. For one thing, the thresholds we used above are not necessarily the same rules every mailbox provider will use. That’s because the filter is customizable. While we used some standard levels for scoring in our example, a more aggressive approach could look like this:
- 0.0 – 1.99 –> Delivered to Inbox.
- 2.0 – 3.49 –> Delivered to Inbox. Subject line tagged with [SPAM?].
- 3.5 – 5.00 –> Delivered to Barracuda Quarantine Inbox.
- 5.1 – 10.0 –> Blocked from delivery
Secondly, the Barracuda spam filter can also be set to check for email authentication protocols, including SPF, DKIM, and DMARC. As a sender, it’s important to have email authentication set up and working properly.
How do I get off the Barracuda blocklist?
Mistakes happen, and you may find your sending domain or IP address ends up on the Barracuda blocklist. This is not a death sentence for your email deliverability, but it will take a little work to remedy the situation. That’s because removal from the Barracuda blocklist is a manual process.
Before you try to get removed, you need to know what went wrong. Barracuda says this about its blocklisting methodology:
“Most IP addresses are listed as a result of directly sending spam or viruses to the Barracuda Reputation System’s detectors. The Barracuda Reputation System detects spam by using honeypots, special addresses created to receive only spam and do not belong to any real user and through analysis of captive spyware protocol activity.”
Basically, you got on this blocklist because you either sent a dangerous email or you have pristine spam traps (honeypots) on your contact list. If you’ve got a honeypot email address on your list, it means that, at some point, someone either purchased contacts or scraped the web for email addresses. And that’s not cool.
It’s certainly possible this is not your fault. Maybe you were hacked, and bad actors are using your domain or IP. Maybe someone before your time conducted some shady list building practices. Whatever the case, you’ve got to fix things ASAP.
Where to go for Barracuda blocklist removal
If you plan to work on blocklist removal yourself, here are the steps to follow:
- Visit Barracuda Central’s blocklist removal page and check out the form.
- Enter your sending IP address to identify what should be removed from the blocklist.
- Give them an email address where the right person can be reached with follow-up questions.
- Provide a detailed explanation of what happened and why you should be removed.
It could take 12 hours or more for you to hear an initial response to your blocklist removal request, and even then, you may have to answer some questions and clarify a few things. Good luck!
The good news is that our friends at Mailgun by Sinch say that getting listed on the BRBL typically has a low impact on email delivery. But it could hurt more if you’re a B2B brand sending to Outlook and G-Suite addresses that are more likely to use Barracuda.
Get email deliverability help from InboxReady
If all of this feels a little overwhelming, there is help out there, and there are tools that can help you prevent problems with spam filters and blocklists from ever happening in the first place.
InboxReady is a complete email deliverability suite. Among the services we offer is our Deliverability Monitoring, which includes blocklisting notifications. That means you can fix a sticky situation before you launch your next big email campaign.
There are also plenty of other beneficial tools in the InboxReady platform. That includes Email Verifications, which can help you keep your list clean as well as find and remove spam traps that could get you blocklisted. Plus, Inbox Placement gives you amazing insights into deliverability. You can even predict if your messages will land in the inbox, spam, or the Gmail promotions tab before you hit send.
While you can use InboxReady and Email on Acid by Sinch separately, when you put them together you’ll put your best email forward while giving it the best chance of reaching every subscriber on your list.
Finally, we’ve made it through this entire article without making any references to the classic rock song from Heart. Ladies and gentlemen… straight from 1977, we give you “Barracuda”.
This article was updated on October 17, 2022. It was first published in January of 2013.
Author: The Email on Acid Team
The Email on Acid content team is made up of digital marketers, content creators, and straight-up email geeks. Connect with us on LinkedIn, follow us on Facebook, and tweet at @EmailonAcid on Twitter for more sweet stuff and great convos on email marketing.