BCPL.NET Spam & Virus Firewall FAQ

The Barracuda Spam & Virus Firewall is BCPL.NET's latest effort in the ongoing battle against e-mail spam and virus infections. The Barracuda sits between the Internet and BCPL.NET's mail server, where it is capable of scanning incoming e-mail for spam and viruses. While everyone using a BCPL.NET e-mail account currently benefits from the Barracuda's basic spam and virus filtering, you may also set up a personal quarantine that will allow you to classify your own mail as spam or not spam, thereby improving the Barracuda's future accuracy in classifying your e-mail.

Money, money, and more money. Until the Barracuda Spam & Virus Firewall became available the vendors of most commercial anti-spam and anti-virus products based their prices on the number of mailboxes on the mail server, or on the number of processors in the mail server. That translates to money. Lots of money! We just couldn't afford to do it without a fairly hefty increase in our annual renewal fee, and we didn't want to do that.

Barracuda Networks doesn't charge per mailbox or per processor. They offer their Barracuda Spam & Virus Firewall in several sizes, at a fixed price for each size. The Barracuda 400 we selected has more than enough capacity to handle our e-mail load, and at a very reasonable price that we feel we can absorb without passing the cost along to our customers.

That sort of thing is bound to happen with any spam-detection mechanism, because there is no absolutely foolproof way for a computer to differentiate between spam and legitimate e-mail. A reasonably intelligent human can make very accurate "Spam" and "Not Spam" decisions fairly easily. Unfortunately (or perhaps fortunately, depending on your point of view) we have yet to learn how to make computers think exactly like humans.

The Barracuda spam firewall scores each incoming message from 1 to 10 based on certain characteristics that are commonly found in spam. The higher the score, the more likely the message is to be spam.

As it is currently configured, the Barracuda blocks any message with a score of 9 or higher. Something with a score that high is so riddled with spam characteristics that it can't be anything other than spam. Messages with a score of 9 or higher never reach your mailbox.

Messages with a score of 3 or lower are sent straight through to your mailbox on the assumption that they are not spam. That doesn't guarantee that they aren't spam. It just means that based on the scoring they probably aren't spam. Messages with a score between 3 and 9 have the [SPAM] tag added to the subject line before forwarding them on to your mailbox. Most messages in this scoring range are probably spam, but some may not be. The Barracuda tags them to let you know these are "maybes", but you still need to look at them to decide for yourself.

As mentioned above, there is no foolproof way for a computer to differentiate between spam and legitimate e-mail. If we just delete everything the Barracuda thinks might be spam, we would end up deleting some legitimate e-mail too. We don't want to do that.

We now have the ability to allow individual users to "teach" the spam filter what is and is not spam. If you believe that the spam filter is mis-identifying messages, you can show the spam filter what is and is not spam. To do this, sign up to have a Barracuda Quarantine enabled for your email account. This will allow you to adjust how the spam filter scores emails on a per-user basis. More information can be found in our Barracuda Quarantine User's Guide.

Those two "pretty sures" are not much for us to go on. If you know for a fact that e-mail was sent to you but never arrived in your mailbox, contact the Help Desk (410-887-3297 or ) with the details as soon as possible. We need to know your e-mail address, the sender's e-mail address, and approximately when the message was sent. We can then try to find the message in the Barracuda's log. If found, we can forward the message to you and mark it "Not Spam" to help the Barracuda learn.

It would take a book-length e-mail to explain that in detail, but here's a slightly shorter version:

• Virus Checking - Two different virus scanners examine each incoming message. Messages containing viruses are blocked, and you receive a notice from the Barracuda that this has occurred.
  
  
• Rate Controls - This protects us from automated spam programs (spambots) that attempt to send huge amounts of email to our mail server in a very small amount of time. If this occurs the sending server is told to try again later, then disconnected. Legitimate mail servers will try again later, so legitimate e-mail still gets through. Spam software usually doesn't bother to try again, so a lot of spam is blocked.
  
  
• External Blacklists - The Barracuda uses the same externally maintained blacklists we have used for several years on our main mail server. It also uses an external blacklist maintained by Barracuda Networks that lists the largest and most aggressive spammers. All e-mail coming from blacklisted sites is blocked.
  
  
• Internal Blacklists - These are blacklists maintained by us, containing domain names, IP addresses, and individual e-mail addresses from which we will not accept e-mail. We are not currently using internal blacklists.
  
  
• Checksum Technology - Barracuda Networks uses "honeypot" accounts all over the Internet to keep track of how often identical spam messages are seen. If an unsolicited e-mail has appeared very broadly it is categorized as known spam. Checksums of known spam messages are used by the Barracuda firewall to block spam messages.
  
  
• Intention Analysis - This checks any URLs in the message against a database of Web sites known to be run by spammers or known to advertise via spam. If found, the message is blocked. Otherwise intention analysis looks at the apparent intent of the message. If it appears to be trying to sell you something, that affects the spam score assigned to the message.
  
  
• Message Authenticity - Several methods are used to determine whether a message seems authentic. These range from simply verifying that the "From:" address is a real address, to complex tests related to the way Internet e-mail delivery is supposed to work. The Barracuda uses these tests to help determine what spam score should be assigned to a message.
  
  
• Bayesian Filtering - This uses Bayesian analysis to compare words and phrases in a message to words and phases in previous e-mails, both legitimate and spam. The Barracuda uses this to help determine what spam score should be assigned to a message.
  
  
• Bayesian Learning - This allows us to tell the Barracuda which messages we consider to be spam and which ones we don't in order to improve the Bayesian Filtering process. Individual users can modify their personal Bayesian filter by signing up for a Barracuda Quarantine account.
  
  
• Spam Fingerprinting - This technique compares the characteristics of each incoming e-mail against a "fingerprint database" of known spam maintained by Barracuda Networks. The Barracuda uses fingerprinting to help determine what spam score should be assigned to a message.
  
  
• Keyword Scanning - This looks for certain keywords commonly used by spammers. If found, they contribute to the spam score assigned to the message.
  
  

Yes! You may set up a personal quarantine that will allow you to classify your own mail as spam or not spam, thereby improving the Barracuda's future accuracy in classifying your e-mail. For instructions on setting up and using the Barracuda Quarantine, see out Barracuda Quarantine User's Guide