Managing SPAM with Barracuda
In response to requests to manage the large amount of unsolicited mail (SPAM) being delivered to individual e-mail accounts, the IT Group has implemented a centralized spam detection system.
Barracuda inserts itself as an email monitoring system between the Internet and the Exchange server containing your email box. It is a temporary holding place where the Barracuda server can monitor email traffic destined to be delivered to your email box. In this way, it is able to screen SPAM related email and dispose of it without bothering the email server.
How It Works
In general terms, the Barracuda service evaluates incoming messages and applies a series of tests to classify each message according to its likelihood of being spam or carrying a virus. The four categories are as follows:
- Messages that are clearly neither spam or virus-bearing. These messages are delivered directly to your inbox.
- Messages that have some of the characteristics of spam but which may be legitimate are marked [SPAM?] so that you can make a decision about how to handle them. Messages from organizations, businesses, and mailing lists often fall into this category. To manage these tagged messages and label them as SPAM or NOT SPAM, Outlook users need to download and install the Outlook plugin. This will add two icons to your tool bar which will allow you to classify mesages right from your Inbox. Mac users can create a filter in Entourage to move messages with the [SPAM?] tag to a separate folder.
- Messages that have objectionable content, attachments that might contain viruses, or which match known spam content are quarantined on Barracuda and available for your review.
- Messages that are clearly spam or virus-bearing are discarded before you see them.
To learn more about how SPAM is scored on Barracuda.
Getting Started With Your Quarantine Mailbox
The first time the Barracuda Spam Firewall quarantines a message, a Quarantine Mailbox will be created. At that time the Spam Firewall will send you a welcome message explaining how to access the Quarantine Mailbox. The body of the message will look something like the following:
Welcome to the Barracuda Spam Firewall. This message contains the information you will need to access your Spam Quarantine and Preferences.
Your account has been set to the following username and password:
Access your Spam Quarantine directly using the following link:
It is important to note that your username for your Quarantine Mailbox is separate from your Net ID. This means that the password for your Quarantine Mailbox will not change when you change the password for your Net ID. Also note: your username for your Quarantine Mailbox is your entire KSC e-mail address (e.g. firstname.lastname@example.org).
Clicking on the login link provided will take you directly to your Quarantine Mailbox. You may also access your mailbox by going to the URL http://KSCMail2.keene.edu:8000 and logging in using your e-mail address and the password provided.
The login screen for your Quarantine Mailbox will look like the following:
To log in, enter your username (e.g. email@example.com) and password into the appropriate fields and click on the "Login" button. Should you forget your password, you can click on the "Create New Password" button and it will be e-mailed to you. This only affects the password for your Quarantine Mailbox; it does not affect your Net ID password.
Setting preferences for your Quarantine Mailbox
The PREFERENCES tab in your Quarantine Mailbox will display the following:
The preferences screen allows several actions:
- Click on the Password button to change your Quarantine Mailbox password.
- Click on the Quarantine Settings button to disable the Quarantine Mailbox for your e-mail account, or to enable it if you have previously disabled it. You can also set how often you wish the Spam firewall to send you notifications about new messages in your Quarantine Mailbox. You can set your Quarantine Mailbox to send notifications daily, weekly, or never.
- Click on the Spam Settings button to disable Spam filtering altogether, or to enable it if you have previously disabled it. This can be used if you do not wish any of your e-mail to be processed by the SPAM firewall.
- Click on the Whitelist/Blacklist button to specify e-mail addresses you never want to be blocked or that you always want to be blocked.
You can use this form at any time to change your password. Fill in the fields and then click the Save Password button to activate your changes. You will at this point be sent back to the login page, where you will be able to log in again with your new password. If at any time you happen to forget your new password, use the Create New Password option on the login screen to get a reminder, as described above.
The Quarantine service is enabled by default. If you select Yes for Enable Quarantine, then all messages that would otherwise show up as [SPAM?] in your inbox will instead be stored on this server. You will have to log into the server to review and act on those messages. If you prefer to have your quarantined messages delivered to your inbox, select No. Click Save Changes after you have made your choice. If you decide to use the quarantine service you can also elect to be notified periodically about quarantined messages by email.
In this part of the preferences section you can tell the system to send you email reports summarizing the contents of your Quarantine box, either daily or weekly. These notifications are graphic email messages that looks very much like the Quarantine Inbox that you see when you log into the Barracuda server. Answering Never to this question will not affect the quarantine function, but it means that you will have to remember on your own to access the Barracuda interface to see the messages that have been quarantined. Click Save Changes to record your settings. Below is an example of an email notification. This is an interactive message: clicking on a link in the Actions column will open your browser and take you to directly to the Quarantine Inbox display on the server without requiring a login. See below for details on managing quarantined messages.
Spam Filter Enable/Disable: On this page you can enable or disable the filter. Yes is the default, and is the recommended option. If you set this to No then you will not be protected by Barracuda spam filtering. Click Save Changes to store your settings.
This section of the Barracuda interface allows you to instruct the system to allow certain messages to bypass parts of the filtering process. You have two choices. The whitelist option allows you to designate senders that might have otherwise received a tag to pass through to your inbox without modification. Note that the whitelist option only applies to messages that have a medium-probability spam rating. High probably spam and virus bearing messages will not be delivered even if the sender's address is whitelisted. You can also name senders and domains that will always be blocked, even if there's nothing wrong with the message. In the tables provided, enter either a fully qualified email address or a domain name (everything after the @ sign in an email address is the domain). In the latter case, messages from all senders at that particular domain will be affected. In the example below, two items (one sender and one domain) have been added to the Whitelist ("allowed") and three have been added to the blacklist ("blocked"). You must click Add for each new entry to record it in the list.
You can use this feature to make sure that you will receive messages from certain favored senders, to block messages from unwanted mailers, and more generally to reduce the number of items that arrive marked as [SPAM?], which will in turn cut down the amount of time you have to spend on maintenance. To remove an item from either list, click the trash can image next to that entry.
Managing Quarantined Email
The Quarantine Inbox is your personal display on the Barracuda server of the quarantined email that has been saved for your review. Here's a screen shot of a section this page, showing three quarantined messages pending.
The system assigns messages to the Quarantine category that have a high likelihood of being junk mail. But because these messages are quarantined rather than simply discarded, you have the opportunity to make decisions about how to handle them. If after 30 days no action is taken, the message is deleted.
Near the top of this screen are several controls that affect the display. The Refresh button is like a browser's refresh or reload button, updating the display to show the current state of the system. The Filter feature lets you limit the display to specific items, and at the right (not shown on the screen shot above) there are left and right arrow controls that page the display forward and backward if there are too many entries for a single page.
Below those controls is a row of five buttons that define various actions that can be applied to messages. You can apply any of them to a single message, or you can click the checkbox at the left side of each entry to select several messages and apply an action to the whole group at once. The first three are fairly straightforward:
- Deliver -- sends the selected message(s) on to your regular Outlook inbox.
- Whitelist -- automatically adds the sender's information to your whitelist.
- Delete -- discards the selected message(s).
These three functions are also available as links in the Actions column for each entry -- you can use these to apply the action to single messages. However, these "Deliver" and "Delete" options affect only the current message, not any future messages with the same profile. For example, choosing to have a quarantined message from a particular source delivered will do nothing to change the fact that the next message from that source will probably get quarantined as well, and by the same token deleting a specific message won't stop the next message that comes in from that sender. This just means more work for you. Fortunately there's a better way: taking advantage of Barracuda's ability to learn by example.
Normally the Barracuda filter applies a series of global tests and each tested message receives a cumulative score that determines how the message will be classified. These tests are reasonable approximations of what most users want, but there is a large gray area in between "spam" and "not spam" and you may find that you don't always agree with Barracuda's decisions. The solution to this problem is to feed Barracuda examples of messages you consider to be spam and messages you consider to be valid. This is the purpose of the other two action buttons on this screen:
- Classify as Not Spam -- submits the selected message to the filter engine, which in turn uses its features to classify future similar messages as valid email.
- Classify as Spam -- submits the selected message to the filter engine, which in turn uses its features to classify future messages as spam.
Some SPAM messages may actually get through the Barracuda Firewall and are not tagged as
Note that using these buttons will perform no other operation on the selected message - you must then deliver or delete the message to remove it from quarantine.
A Final Note
This is a dynamic system that learns your preferences over time. The more examples you present to the system, the more accurate its tests will become and the number of messages appearing in the Quarantine Inbox will go down. It's important to note that this is not a simple yes/no decision making process. It is instead "fuzzy" and constantly changing, and whether an individual message is ultimately labeled as [SPAM?] is a function not of any single test but the cumulative effect of all the tests. What Barracuda is giving you with these tools is a way to influence the criteria used when these tests are applied. As the system learns your needs it will become "smarter" and will require less of your time and attention.