BARRACUDA NETWORKS SPAM FIREWALL FAQ's
How does the Barracuda Spam Firewall protect against email threats?
The Barracuda Spam Firewall, an integrated hardware and software solution, uses a multilayered approach to provide the most comprehensive email protection available against spam, viruses, spoofing, phishing and spyware attacks. An added benefit of the Barracuda Spam Firewall is the optimized processing of each email to maximize performance and capability to filter millions of messages per day.
Behind the industry-leading initiatives of Predictive Sender Profiling and Barracuda Real-Time Protection are 12 explicit defense layers including: Denial of Service and Security Protection, Rate Controls, IP Reputation Analysis, Sender Authentication, Recipient Verification, Virus Protection, Policy (user-specified rules), Fingerprint Analysis, Intent Analysis, Image Analysis, Bayesian Analysis, and a Spam Rules Scoring engine.
How is email filtered?
Deployed at the network perimeter, all incoming email must pass through all 12 defense layers of the Barracuda Spam Firewall before any of it can reach the intended recipients. The defense layers are grouped into two main classes: connection management, which involves dropping incoming mail connections before receiving messages, and mail scanning, which analyzes messages upon receipt. During the filtering process, emails are checked for new and familiar spammer attacks, viruses, and customized administrator policy violations. Based on administrator and user preferences, spam can be tagged, quarantined or blocked.
How is email filtered?
Tagging email benefits organizations by easily identifying messages that meet set criteria. Tagged emails are delivered to the recipient with a customizable label, such as [BULK], that is added to the subject of the message.
Why quarantine email? What happens to quarantined email?
Quarantining emails is a safeguard that allows for examination of questionable messages prior to accepting or rejecting; typically, quarantined email does turn out to be spam. An administrator can choose two types of email quarantine: global or per user quarantine.
When configured for global quarantine, the Barracuda Spam Firewall routes all quarantined email to a mailbox specified by the administrator. When configured for per user quarantine, the Barracuda Spam Firewall stores the email locally and notifies users periodically of their quarantined email. Users can choose to delete quarantined email, forward it to their own mailboxes or whitelist the sender address to prevent future email from being quarantined. Per user quarantine is available with the Barracuda Spam Firewall 300, 400, 600, 800 and 900 models.
What are some of the underlying technologies used in the Barracuda Spam Firewall?
The Barracuda Spam Firewall uses a combination of proprietary and open source software. The Barracuda Spam Firewall operating system is based on a hardened, stable Linux kernel that has undergone strict scrutiny by top security researchers. The robust MTA is capable of handling a high number of SMTP connections and mail delivery volumes. Starting with firmware release 3.5, the Barracuda Spam Firewall MTA has a built-in journaling function that can be used in conjunction with the Barracuda Message Archiver. Please visit Barracuda Technology to learn more about these and other Barracuda Spam Firewall Technologies.
If I am using Microsoft Exchange, how will the Barracuda Spam Firewall protect against "dictionary" attacks?
The Microsoft Exchange Accelerator, available on Barracuda Spam Firewall 300 and higher, uses the Lightweight Dictionary Access Protocol (LDAP) built into Exchange to verify recipients before delivering messages to the Microsoft Exchange Server.
What new technologies has the Barracuda Spam Firewall added to combat the latest spam campaigns?
In 2007 alone, Barracuda Networks has announced several initiatives against spam:
- Multi-Pass Optical Character Recognition Engine: Image spam generally embeds text within images with the intent of hiding content and bypassing the text rules processing layers of spam filters. With Barracuda Networks' industry-leading multi-pass OCR engine, Barracuda Spam Firewalls render the spammers' tricks to hide text behind color or blurred images ineffective.
- Predictive Sender Profiling: Barracuda Networksï¿½ industry-leading Predictive Sender Profiling probes deeper into sent email and digs into the campaign itself to identify anomalous sender activity, allowing Barracuda Networks to effectively block spam typically unstoppable by traditional reputation analysis.
- Barracuda Real-Time Protection: Barracuda Real-Time Protection uses an advanced set of technologies to immediately block the latest virus, spyware and other malware attacks as they emerge. Leveraging the Barracuda Spam Firewalls large and diverse customer base, Barracuda Networks leads in industry in detecting early trends and responding to email-borne threats.
How does the Barracuda Spam Firewall protect against virus threats?
The Barracuda Spam Firewall provides comprehensive protection against virus threats through three powerful layers. The first layer consists of a well-respected open source virus scanning engine. The second layer is a proprietary virus engine maintained by Barracuda Central, an advanced 24/7 security operations center that works to continuously monitor and block the latest Internet threats. The third layer is Barracuda Real-Time Protection, a set of advanced technologies that enable Barracuda Spam Firewalls to immediately block the latest virus, spyware and other malware attacks as they emerge without having to wait for a signature to be downloaded onto the Barracuda Spam Firewall.
How does the Barracuda Spam Firewall block real-time threats?
Barracuda Central engineers diligently work 24x7 monitoring spam and virus threats around the world. Since response times are crucial with real-time threats, when one is detected the Barracuda Spam Firewall uses Barracuda Real-Time Protection to mitigate these threats as they emerge without waiting for new updates.
How much time will I spend installing and maintaining the Barracuda Spam Firewall?
The Barracuda Spam Firewall is designed as an easy-to-install appliance requiring minimal administrative overhead. Without any tuning, the Barracuda Spam Firewall offers a 95 percent spam accuracy rate with a 0.01 percent false positive rate. Taking into account the six defense layers automatically tuned by Energize Updates, the Barracuda Spam Firewall is easily kept up-to-date for ongoing spam accuracy.
Will I receive a high number of false positives using a
Barracuda Spam Firewall?
With no tuning, the Barracuda Spam Firewall is set to minimize false positives, typically at 0.01 percent or less - one of the lowest false positive ratings in the industry. As with any solution that allows for user customization, each customerï¿½s false positive return will vary depending on how the administrator tunes the unit (i.e. a stricter spam score setting may result in more false positives).
What does Energize Updates include for the Barracuda Spam Firewall?
The Barracuda Energize Updates subscription provides the latest spam and virus definition updates that block new campaigns before they become an outbreak. Barracuda Central engineers constantly update spam and virus definitions and are able to remotely tune six of the 12 defense layers, thereby minimizing administration time. Energize Updates also gives you access to technical support, new firmware releases and the opportunity to participate in the Barracuda Early Release Firmware program.
Does the Barracuda Spam Firewall offer per user policies?
Per user policies are available in Barracuda Spam Firewall 300 and higher. Per user policies empower users with the ability to set their own individual scoring policies, Bayesian database, allow lists and block lists.
Can the Barracuda Spam Firewall filter outbound messages?
Yes. The Barracuda Spam Firewall filters outbound messages for viruses and basic spam scanning policies. For advanced outbound scanning, Barracuda Networks offers the Barracuda Spam Firewall-Outbound which includes different workflows for quarantining outbound email traffic for review by policy auditors.
How do I block or minimize the amount of invalid bounce messages?
Invalid bounce messages are non-delivery reports to forged email addresses. To block invalid bounce messages, enable the Invalid Bounce Suppression feature and relay all your outgoing email through the Barracuda Spam Firewall or the Barracuda Spam Firewall-Outbound appliance.
Does the Barracuda Spam Firewall enable administrators to block email from other countries?
Yes. The Barracuda Spam Firewall offers different ways to block spam from other countries:
- Based on a Reverse DNS lookup, administrators block messages whose top level domain resolves to a country's hostname.
- Based on the declared character set of an email, administrators block messages that contain a specific language set.
- While it is not recommended by Barracuda Networks, administrators create custom policies to filter other patterns in the subject, header or body to block unwanted email from other countries.
How do I know which Barracuda Spam Firewall model is best suited to my needs?
EconRam Systems' sales representatives can evaluate your environment based on the number of active users, email traffic and desired features. As your organization expands, the Barracuda Spam Firewall can be clustered to accommodate your additional growth.
What if I have more questions about the Barracuda Spam Firewall?
For additional assistance, please visit the technical support forum at Barracuda Networks or contact EconRam Systems by phone: (877) 500-ECON (3266) or email: "[email protected]".