Cracking the Inbox Code: Barracuda

*Updated in September 2024

 

Barracuda Spam Firewall

Advanced Threat Protection

The Barracuda Email Security Service includes a rich set of inbound and outbound email filtering policy options, including anti-spam, antivirus, rate control, IP policies, sender reputation and more.  The optional Cloud Protection Layer feature of the Barracuda Email Security Gateway is an additional layer of cloud-based protection that blocks threats before they reach your network, prevents phishing and zero-day attacks, and provides email continuity. Once email passes through the Cloud Protection Layer, the Barracuda Email Security Gateway filters email according to the more granular policies, further recipient verification, quarantining, and other features you configure on the appliance or virtual machine. In addition, you can opt to subscribe to the Barracuda Advanced Threat Detection (ATD) service. ATD is a cloud-based virus scanning service that applies to inbound messages, analyzing email attachments in a separate, secured cloud environment to detect new threats and determine whether to block such messages.

 

See Cloud Protection Layer and Advanced Threat Detection Configuration  for details.

 

How Spam Scoring Works

All spam messages have an "intent" - to get a user to reply to an email, to visit a web site or to call a phone number. Intent analysis involves researching email addresses, web links (URLs) and phone numbers embedded in email messages to determine whether they are associated with legitimate entities.  Phishing emails are examples of Intent.

Frequently, Intent Analysis is the defense layer that catches phishing attacks. The Barracuda Email Security Service applies the following forms of Intent Analysis to inbound mail, including real-time and multi-level intent analysis.

  • Intent Analysis Markers of intent, such as URLs, are extracted and compared against a database maintained by Barracuda Central.
  • Real-Time Intent Analysis – For new domain names that may come into use, Real-Time Intent Analysis involves performing DNS lookups against known URL blocklists.
  • Multilevel intent analysis – Use of free websites to redirect to known spammer websites is a growing practice used by spammers to hide or obfuscate their identity from mail scanning techniques such as Intent Analysis. Multilevel Intent Analysis involves inspecting the results of Web queries to URLs of well-known free websites for redirections to known spammer sites.

Intent Analysis can be enabled or disabled on the INBOUND SETTINGS > Anti-Phishing page. Domains found in the body of email messages can also be blocked based on or exempt from Intent Analysis on that page.

18374
5
5 Comments