Customize Your Barracuda Anti-Spam Firewall Settings

Here at WebWize, we run Barracuda Networks Anti-Spam and Anti-virus firewall in front of our email server, in fact, we run a dual-layer Barracuda Networks protection process.  More on that in a minute.  The Barracuda Spam Firewall (known as an appliance) scans every email for spam and viruses, providing an additional layer of protection for our clients.  Spam filtering is not 100% and never will be; it is not possible.  So let’s look at how you can fine-tune your spam filter settings on our Barracuda firewall, giving you the best protection possible while keeping your false positives as small as can be expected.

Before we start, let’s understand the basics of spam filtering and how it works.

Each email sent to one of our client’s email account passes first through Barracuda Central Cloud (BCC) before being sent to our local Barracuda Appliance. BBC spam filtering removes the worst-of-the-worst spam (about 32%) before sending the email on to our local Barracuda appliance.

Once sent to our local Barracuda, each email undergoes a battery of tests.  Every test an email fails, a numeric value is assigned before continuing on the next test.  After tests have completed a numeric value is assigned to the email.  Using these values applied to the email, the Barracuda performs the associated action.

Barracuda Actions and Related Value Ranges

The Barracuda assigns default spam setting values when email accounts are set up.  Clients can customize these values.

There are 4 actions possible post spam filtering.   The four actions are:

• Deliver (deliver email to a clients inbox untouched)
• Tag (adds a subject line before the email subject)
• Quarantine (moves the email to the user’s quarantine box, user notified in the morning around 4:30 AM)
• Block (blocks email entirely and the user never sees it)

Each of the 4 actions has an assigned numeric range.  The numeric value assigned an email post filtering determines the action path the email will take after scanning; delivered, tagged, quarantined or blocked.

If you do not customize your settings, your account will use the default values.  The default values are set to reduce the chance of false positives first and foremost, meaning they are looser than some clients like.   Default values are:

• Deliver: 0 – 1.4
• Tag: 1.5 – 1.9
• Quarantine: 2.0 – 6.9
• Block: 7+

Customizing Your Barracuda Spam Settings

Each one of our customers has an individual Barracuda Anti-Spam control panel.  Each user has the ability to customize spam settings.  Let’s look at how you customize the settings.

I suggest starting off with Block 7, Quarantine 1.2 and Tag 1.

Let’s discuss best practices when customizing spam settings.

Knowing that spam filtering is a numeric filtering system and that each test an email fails applies an additional numeric value, we can summarize the higher the value of an email after scanning the more likely to be spam. But there are some tests an email may fail due to the sending email server improperly administered or the sending server being hacked, resulting in the email server landing on a national blacklist.  Subsequently, the entire email server being blocked or its email quarantined when it shouldn’t.  This is called a ‘False-Positive‘. Meaning the email tested positive for spam conditions but should have been delivered.

Keep this ‘False-Positive‘ term in mind when customizing your spam settings. As you tighten your settings (lowering the numeric values), you increase the chance of false positives.  Thus, when you loosen your settings (increase the numeric values), you are allowing more spam through to your inbox.  Finding the sweet spot is the goal.

There is not a single group of settings best for everyone.  Some individuals have a lot of friends or customers that use Gmail, Yahoo or one of the many free email services.  With these free services, there is a higher chance a friend’s email gets blocked at some point.  Spammers love these free services; it costs nothing to send out spam for a short time and comes with few consequences.  FREE EMAIL SERVICES ARE SPAMMERS’ HOLY GRAIL!

When you begin adjusting your spam settings, start by tightening your Quarantine box values (maybe down to 1.2). Leave your Block setting at 7.   You would rather email land in your Quarantine box versus Blocked.

Overtime false positives should reduce; then you can reduce the Block value.

The opposite is true if you reduced (tightened) your TAG or Quarantine value.  If you start seeing valid emails being Tagged or Quarantined, then loosen those settings.

Some final thoughts

Customizing settings takes time, but after a few months, it can reduce the amount of spam while keeping false positives to a minimum.  Keep in mind spam filtering is not 100% and it NEVER WILL BE!   Spammers are always developing new spam techniques and new spam variants.

Definitions had to be written for each new spam and delivered to appliances such as our Barracuda.  As you see new spam, chances are you will see several strains of the same spam before definitions are finalized and distributed.   As new spam arrives on the net, appliances like the Barracuda Anti-Spam and Anti-Virus Firewall automatically report to Barracuda Networks.  New definitions are written and disseminated, stopping future strains of spam and viruses.  But keep in mind, this takes a few days. Spam fighting takes analysis and coding, not the snap of a finger.

But feel free to give spammers your finger, I do all the time!

If you see new spam in your inbox, think of customizing your spam settings or be patient, I guarantee Barracuda is working on it and release new spam and virus definitions hourly.

If you have questions feel free to shoot us an email.