Barracuda Networks (spam-blocking network appliance)

I've been hearing their corny-sounding commercials on AM radio for a
while now, and thought it was little more than a gimmick. Then I saw
a few billboard ads in some airports and thought woa- you usually
don't find 2-bit outfits putting up advertising in airport causeways
and gate areas.

Anyone have any opinions/comments about them, their products or their
performance claims?

http://www.barracudanetworks.com/

Spam Guy wrote:
> I've been hearing their corny-sounding commercials on AM radio for a
> while now, and thought it was little more than a gimmick. Then I saw
> a few billboard ads in some airports and thought woa- you usually
> don't find 2-bit outfits putting up advertising in airport causeways
> and gate areas.
>
> Anyone have any opinions/comments about them, their products or their
> performance claims?
>
> http://www.barracudanetworks.com/

Not 2-bit, AFAIK. I seem to have been familiar with the company name for
a couple of years, which I suppose must at least say something good
about their marketing.

Regarding performance: I've no reason to doubt their claims, since they
are relatively easy to benchmark. Being appliances, you just have to
plug them in, configure, and start throwing test-data at them. If they
don't turn out to match up to the claims, it's hard for Barracuda to
wiggle - "too many power-emailers", "wrong kind of spam" or whatever.

Anyway, the claims are in roughly line with what I'd expect for a modern
PC running a dedicated mail filtering system on Linux, at least as far
as the low-end systems are concerned. At the top end of the range my
guess is that they're over-engineered. I can't see why you would need to
protect someone's quarantine folder with hot-swappable RAID.

--
Jack.

Spam Guy wrote:

> http://www.barracudanetworks.com/

Here's an interesting .pdf about the spam firewall from the site

http://www.barracudanetworks.com/ns...m_datasheet.pdf Barracuda Spam Firewall Datasheet

--
Mike Easter

On Thu, 23 Mar 2006 11:06:47 -0500, Mike Easter <MikeE@ster.invalid> wrote:

> Here's an interesting .pdf about the spam firewall from the site
> http://www.barracudanetworks.com/ns...m_datasheet.pdf Barracuda Spam Firewall Datasheet

The only discussion's I've seen about the barracuda spam blocking,
is the auto-blacklisting of any site using it, with the option to reject
spam and viruses, to forged from headers.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

On Thu, 23 Mar 2006 11:23:24 -0500, David W. Hodgins wrote:

> On Thu, 23 Mar 2006 11:06:47 -0500, Mike Easter <MikeE@ster.invalid>
> wrote:
>
>> Here's an interesting .pdf about the spam firewall from the site
>> http://www.barracudanetworks.com/ns...m_datasheet.pdf
>> Barracuda Spam Firewall Datasheet
>
> The only discussion's I've seen about the barracuda spam blocking, is the
> auto-blacklisting of any site using it, with the option to reject spam and
> viruses, to forged from headers.
>
> Regards, Dave Hodgins

I tested a Barracuda Spam Firewall here at work as a demo unit, and we
were not impressed at all. We eneded up going with another solution. My
main complaint about the Barracuda was that half of its spam filtering
work was being done by blacklists like spamhaus and spamcop, which can
eaisly be done with any MTA that supports blacklists. They no doubt have
made some improvements since our Demo was over a year ago, but I do know a
couple places using the Barracuda and they confirm that half of the
filtering is still done by blacklists. On top of that it would have taken
15 of them to handle our mail load.

Our solution ended up be ing a very heavily customized version of CanIT
from roaring penguin software. Of course we are a *NIX/BSD shop, and
CanIT depends heavily on *NIX resources.

My 2 cents,
Bill

David W. Hodgins wrote:

> The only discussion's I've seen about the barracuda spam blocking,
> is the auto-blacklisting of any site using it, with the option to
> reject spam and viruses, to forged from headers.

I don't understand what that par means.

I would assume that you are saying that on the basis of the presumption
that the barracuda stamps its outgoing mail, which it probably does,
since it has an outbound filtering feature, so it would likely
'advertise' itself in the headers -- and then that some others finding
that stamp automatically blacklist sites or IPs thus apparently using
barracuda, which you haven't explained why they would do that.

And then I don't know at all what the second half of your sentence "with
the option to reject spam and viruses, to forged from headers."

So, I'm guessing at what you mean in the first half, and I can't even
guess at the second half. Maybe you could restate what you are saying.


--
Mike Easter

On Thu, 23 Mar 2006 12:13:59 -0500, Mike Easter <MikeE@ster.invalid> wrote:

> And then I don't know at all what the second half of your sentence "with
> the option to reject spam and viruses, to forged from headers."

The incoming spam, and viruses are being rejected *after* the smtp session
has already accepted the message for delivery. Unless the admin turns off
the option to send reject messages to the "from address", the reject messages
are then sent to the email addresss forged into the From header.

This is called back-scatter, and will cause the site to be added to blocklists,
when the recipients report the reject messages as spam.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

David W. Hodgins wrote:

> The incoming spam, and viruses are being rejected *after* the smtp
> session has already accepted the message for delivery.

> Unless the admin turns off
> the option to send reject messages to the "from address", the reject
> messages are then sent to the email addresss forged into the From
> header.
>
> This is called back-scatter, and will cause the site to be added to
> blocklists, when the recipients report the reject messages as spam.

Yes, after I posted I found the nanae discussion on turning off the
barracuda backscatter 'feature'.

snurled googlegroups on 10 post thread http://snipurl.com/o199
Newsgroups: news.admin.net-abuse.email
Subject: Re: Barraccuda spam firewall
Date: Thu, 02 Mar 2006 20:17:19 -0800
Message-ID: <120fgpdagmaguc0@news.supernews.com>



--
Mike Easter

Bill wrote:
>
> I tested a Barracuda Spam Firewall here at work as a demo unit, and
> we were not impressed at all. We eneded up going with another
> solution. My main complaint about the Barracuda was that half of its
> spam filtering work was being done by blacklists like spamhaus and
> spamcop, which can eaisly be done with any MTA that supports
> blacklists.

I don't understand this objection!

Firstly, Barracuda products are advertised as consisting of open-source
software; I haven't seen anything to suggest they have any custom
software components at all, except for the GUI and some bug-fixes.
Therefore I wouldn't expect Barracuda to be able to do anything that
can't be done with off-the-shelf free software. I don't see why that
would be an objection, in itself, unless the price of Barracuda products
is such that one would expect to see custom, commercial code in the product.

As far as the use of public blocklists is concerned, different
blocklists obviously have different data-collection strategies and
listing policies. Many of the major public blocklists ocupy a 'niche'
that it would be difficult for a private operator to fill; spamcop, for
example, relies on a large network of volunteer reporters.

Are you objecting to the fact that a commercial product is profiting
from resources offered for free? I can dig that, but I'm not sure that I
could sell that objection to an employer. And I don't know what
arrangements Barracuda might have made with those lists.

Or is it your case that a greater proportion of Barracuda's work should
be done using some other method than blocklists? If so, then I'm not
sure why you would say so; I would have thought that whatever works
best, is the best way to make it work.

I presumed that the USP of the Barracuda line is not that they
incorporate any unique technology; but on the contrary, that their
offerings are made exclusively from industry-standard FOSS components,
offered as fully-supported appliance solutions. Assuming they've set the
price right, I'd suppose that would be an attractive offering. Why
dicker around configuring Sendmail, SpamAssassin, ClamAV, Sophos,
Kapersky and so on, if Barracuda have already done it, and are willing
to support it?

> They no doubt have made some improvements since our Demo was over a
> year ago, but I do know a couple places using the Barracuda and they
> confirm that half of the filtering is still done by blacklists. On
> top of that it would have taken 15 of them to handle our mail load.

OK, so I still don't know what's wrong with using blocklists to block spam.

"It would have taken over 15 of them" - are you saying that your site
handles in the region of 15 x 15 (=225) million messages per day? Or are
you reporting that Barracuda are over-rating their product's
performance? (That's one of the questions the OP was asking).
>
> Our solution ended up be ing a very heavily customized version of
> CanIT from roaring penguin software. Of course we are a *NIX/BSD
> shop, and CanIT depends heavily on *NIX resources.

OK, so it seems that Barracuda's fully-supported appliance-style
offering has no special attractions for you; you can evidently support a
heavily-customised solution in-house. My reading of their bumph was that
their main selling point is that Barracuda is a plug-and-go thing -
that's what I understand by "appliance".

By the way: what proportion of the spam that your custom CanIT solution
blocks, is blocked by reference to public blocklists?

--
Jack.