Cracking the Inbox Code: Barracuda

*Updated in September 2024

 

Barracuda Spam Firewall

Advanced Threat Protection

The Barracuda Email Security Service includes a rich set of inbound and outbound email filtering policy options, including anti-spam, antivirus, rate control, IP policies, sender reputation and more.  The optional Cloud Protection Layer feature of the Barracuda Email Security Gateway is an additional layer of cloud-based protection that blocks threats before they reach your network, prevents phishing and zero-day attacks, and provides email continuity. Once email passes through the Cloud Protection Layer, the Barracuda Email Security Gateway filters email according to the more granular policies, further recipient verification, quarantining, and other features you configure on the appliance or virtual machine. In addition, you can opt to subscribe to the Barracuda Advanced Threat Detection (ATD) service. ATD is a cloud-based virus scanning service that applies to inbound messages, analyzing email attachments in a separate, secured cloud environment to detect new threats and determine whether to block such messages.

 

See Cloud Protection Layer and Advanced Threat Detection Configuration  for details.

 

How Spam Scoring Works

All spam messages have an "intent" - to get a user to reply to an email, to visit a web site or to call a phone number. Intent analysis involves researching email addresses, web links (URLs) and phone numbers embedded in email messages to determine whether they are associated with legitimate entities.  Phishing emails are examples of Intent.

Frequently, Intent Analysis is the defense layer that catches phishing attacks. The Barracuda Email Security Service applies the following forms of Intent Analysis to inbound mail, including real-time and multi-level intent analysis.

  • Intent Analysis Markers of intent, such as URLs, are extracted and compared against a database maintained by Barracuda Central.
  • Real-Time Intent Analysis – For new domain names that may come into use, Real-Time Intent Analysis involves performing DNS lookups against known URL blocklists.
  • Multilevel intent analysis – Use of free websites to redirect to known spammer websites is a growing practice used by spammers to hide or obfuscate their identity from mail scanning techniques such as Intent Analysis. Multilevel Intent Analysis involves inspecting the results of Web queries to URLs of well-known free websites for redirections to known spammer sites.

Intent Analysis can be enabled or disabled on the INBOUND SETTINGS > Anti-Phishing page. Domains found in the body of email messages can also be blocked based on or exempt from Intent Analysis on that page.

18676
5
5 Comments
SanfordWhiteman
Level 10 - Community Moderator

It might be added that Intent Analysis (and similar techniques from other anti-spam vendors) is responsible for the pesky and growing reporting problems caused by mail scanners!

Robb_Barrett
Marketo Employee

Would love to hear Marketo's take on this. I mean, despite what we call ourselves we're spammers to some degree. We send out those pesky unrequested marketing emails by the thousand. We use tracking servers that have URLs that don't go to the intended destination. I don't know if Baracuda is working with Marketo to approve their redirects and I can see reasons why Baracuda may or may not allow them.

Josh_Hill13
Level 10 - Champion Alumni

Kiersti Esparza​ the links aren't working.

Kiersti_Esparz1
Level 7

Thank you Josh Hill​!  A change was pushed out to the articles that seemed to have broken external links.  While we hoped to have edited all the broken links it looks like not all were caught - definitely let me know if you see others!

Thanks again!

Kiersti

Josh_Hill13
Level 10 - Champion Alumni

Thanks!

Are you considering a process similar to the one Openprise suggested?

  https://www.openprisetech.com/detecting-compensating-link-scanners-spam-checkers-clickbots-marketo-u...

would be great to have this as native functionality or a native filter.