Here at WebWize, we run Barracuda Networks Anti-Spam and Anti-virus firewall in front of our email server, in fact, we run a dual-layer Barracuda Networks protection process.  More on that in a minute.  The Barracuda Spam Firewall (known as an appliance) scans every email for spam and viruses, providing an additional layer of protection for our clients.  Spam filtering is not 100% and never will be; it is not possible.  So let’s look at how you can fine-tune your spam filter settings on our Barracuda firewall, giving you the best protection possible while keeping your false positives as small as can be expected.

WebWize Email scanning

Before we start, let’s understand the basics of spam filtering and how it works.

Each email sent to one of our client’s email account passes first through Barracuda Central Cloud (BCC) before being sent to our local Barracuda Appliance. BBC spam filtering removes the worst-of-the-worst spam (about 32%) before sending the email on to our local Barracuda appliance.

Once sent to our local Barracuda, each email undergoes a battery of tests.  Every test an email fails, a numeric value is assigned before continuing on the next test.  After tests have completed a numeric value is assigned to the email.  Using these values applied to the email, the Barracuda performs the associated action.

 

Barracuda Actions and Related Value Ranges

The Barracuda assigns default spam setting values when email accounts are set up.  Clients can customize these values.

There are 4 actions possible post spam filtering.   The four actions are:

  • Deliver (deliver email to a clients inbox untouched)
  • Tag (adds a subject line before the email subject)
  • Quarantine (moves the email to the user’s quarantine box, user notified in the morning around 4:30 AM)
  • Block (blocks email entirely and the user never sees it)

Each of the 4 actions has an assigned numeric range.  The numeric value assigned an email post filtering determines the action path the email will take after scanning; delivered, tagged, quarantined or blocked.

If you do not customize your settings, your account will use the default values.  The default values are set to reduce the chance of false positives first and foremost, meaning they are looser than some clients like.   Default values are:

  • Deliver: 0 – 1.4
  • Tag: 1.5 – 1.9
  • Quarantine: 2.0 – 6.9
  • Block: 7+

 

Customizing Your Barracuda Spam Settings

Each one of our customers has an individual Barracuda Anti-Spam control panel.  Each user has the ability to customize spam settings.  Let’s look at how you customize the settings.

Baracuda Spam filtering WebWize

First, log into your Barracuda Control Panel. If you do not have the Control Panel login bookmarked, either locate one of your daily quarantine email notifications or go to our support page and click on the Barracuda Icon.  Once on the login screen, enter your email (username) and your password.  If you have not set up a password (meaning you simply click the view quarantine button in your email each morning), you can reset your password by entering your email address in the username field, then clicking the ‘Create New Password‘ button at the bottom of the login box.  You will be sent an email with password reset instructions.  Follow the instructions and log in.

webwize email hosting houston

Once logged into your control panel, go to Preferences > Spam Settings.  Under the Spam Scoring section (not the top spam scoring enabled/disabled section)  change ‘User Domain Defaults’ from Yes to No and click your save button to the right. You will then see the sliders that allow you to change the action values.

WebWize Barracuda, Customize your spam settings

Use the numeric sliders to adjust your spam settings.  After you have adjusted the values DON’T FORGET to click SAVE!  I like using the values of Block 5, Quarantine 1 and Tag 0.  But this is very tight and I normally have 3-5 false positive a week.  But I have less spam.  Most of the false positives are from services such as Gmail and Yahoo.   Spammers and Hackers love those free services…more on this at the end of this article.

I suggest starting off with Block 7, Quarantine 1.2 and Tag 1.

 

Let’s discuss best practices when customizing spam settings.

Knowing that spam filtering is a numeric filtering system and that each test an email fails applies an additional numeric value, we can summarize the higher the value of an email after scanning the more likely to be spam. But there are some tests an email may fail due to the sending email server improperly administered or the sending server being hacked, resulting in the email server landing on a national blacklist.  Subsequently, the entire email server being blocked or its email quarantined when it shouldn’t.  This is called a ‘False-Positive‘. Meaning the email tested positive for spam conditions but should have been delivered.

Keep this ‘False-Positive‘ term in mind when customizing your spam settings. As you tighten your settings (lowering the numeric values), you increase the chance of false positives.  Thus, when you loosen your settings (increase the numeric values), you are allowing more spam through to your inbox.  Finding the sweet spot is the goal.

There is not a single group of settings best for everyone.  Some individuals have a lot of friends or customers that use Gmail, Yahoo or one of the many free email services.  With these free services, there is a higher chance a friend’s email gets blocked at some point.  Spammers love these free services; it costs nothing to send out spam for a short time and comes with few consequences.  FREE EMAIL SERVICES ARE SPAMMERS’ HOLY GRAIL!

When you begin adjusting your spam settings, start by tightening your Quarantine box values (maybe down to 1.2). Leave your Block setting at 7.   You would rather email land in your Quarantine box versus Blocked.

Overtime false positives should reduce; then you can reduce the Block value.

The opposite is true if you reduced (tightened) your TAG or Quarantine value.  If you start seeing valid emails being Tagged or Quarantined, then loosen those settings.

 

Some final thoughts

Customizing settings takes time, but after a few months, it can reduce the amount of spam while keeping false positives to a minimum.  Keep in mind spam filtering is not 100% and it NEVER WILL BE!   Spammers are always developing new spam techniques and new spam variants.

Definitions had to be written for each new spam and delivered to appliances such as our Barracuda.  As you see new spam, chances are you will see several strains of the same spam before definitions are finalized and distributed.   As new spam arrives on the net, appliances like the Barracuda Anti-Spam and Anti-Virus Firewall automatically report to Barracuda Networks.  New definitions are written and disseminated, stopping future strains of spam and viruses.  But keep in mind, this takes a few days. Spam fighting takes analysis and coding, not the snap of a finger.

But feel free to give spammers your finger, I do all the time!

 

If you see new spam in your inbox, think of customizing your spam settings or be patient, I guarantee Barracuda is working on it and release new spam and virus definitions hourly.

If you have questions feel free to shoot us an email.

Or Contact WebWize At 713-682-7111

Before making a final decision on a Web Design Company, spend a few minutes on the phone with us.

About Glenn Brooks

Glenn Brooks is the founder of WebWize, Inc. WebWize has been providing web design, development, hosting, SEO and email services since 1994. Glenn graduated from SWTSU with a degree in Commercial Art and worked in the advertising, marketing and printing industries before starting WebWize.

Pin It on Pinterest