Barracuda Spam Firewall Rejects Invalid Non-Delivery Report Messages

0 comments

Posted on by admin in Barracuda Networks |Spam Firewall

, , , , , ,

Barracuda Networks Inc., the worldwide leader in email and Web security appliances, recently announced a new feature in the Barracuda Spam Firewall that can differentiate legitimate Non-Delivery Report (NDR) messages – also known as bounce messages – from invalid NDR messages resulting from spoofing attacks. Using [tag]Invalid Bounce Suppression[/tag], the [tag]Barracuda Spam Firewall[/tag] prevents “backscatter” messages from reaching innocent email senders.

“Backscatter is an unfortunate side effect of the continued prevalence of email spoofing by spam campaigns that is now plaguing corporate email servers,” said Stephen Pao, vice president of product management for Barracuda Networks.  “It is also a frustrating, and sometimes confusing, problem for email users who are the innocent victims.”

Backscatter occurs when spammers, hackers or other users with malicious intent, spoof the email addresses of legitimate email users to send spam, viruses or worms.  The receiving email server typically rejects the email and sends an NDR message to the spoofed email address. As a result, the legitimate email user receives a bounce message for emails that they never sent.

“While one common technique to minimize the impact of backscatter is to simply define policies to block all incoming bounce messages, doing so can result in the blocking of legitimate bounce messages,” said Pao.  “As such, distinguishing legitimate from invalid bounce messages can be extremely important to users who send business-critical email.”

Invalid Bounce Suppression tags the sender addresses of all outgoing messages sent from the Barracuda Spam Firewall’s outbound relay, or through the Barracuda Spam Firewall-Outbound appliance.  The tags are encoded with built-in expiration periods and encrypted to prevent forgery.  When an NDR message is received by the Barracuda Spam Firewall, a valid tag must be present in the bounce recipient address (i.e., the original sender address) for the bounce message to be delivered.  If the bounce recipient address does not contain a tag or if a tag is invalid, the NDR message is rejected.  Usage of the Invalid Bounce Suppression feature is transparent to legitimate senders and recipients.

“Beyond the reputation benefits of preventing spam and viruses from leaving an organization’s network, Invalid Bounce Suppression has a direct impact on reducing the amount of unwanted email that hits users’ email inboxes,” added Pao.  “Invalid Bounce Suppression provides another compelling reason why organizations should also consider relaying their outbound email through an email security solution, such as the Barracuda Spam Firewall or Barracuda Spam Firewall-Outbound.”

In addition to Invalid Bounce Suppression, the latest Barracuda Spam Firewall version also includes additional rules governing email policy, including new policy rules for character sets used in emails and attachments, reverse DNS resolutions of sending email servers, and full URLs (including query strings) embedded in emails.

Pricing and Availability:

The latest features, including Invalid Bounce Suppression, are available with Barracuda Spam Firewall firmware release 3.5.12 and above.  The Barracuda Spam Firewall is available in eight models with prices starting at $899.  International pricing and availability varies based on region.

About the Barracuda Spam Firewall:

The Barracuda Spam Firewall is available in eight models and supports up to 100,000 active users with no per user licensing fees.  Its architecture leverages 12 defense layers: denial of service and security protection, rate control, IP analysis, sender authentication, recipient verification, virus protection, policy (user-specified rules), Fingerprint Analysis, Intent Analysis, Image Analysis, Bayesian Analysis, and a Spam Rules Scoring engine.  In addition, the entire Barracuda Spam Firewall line features simultaneous inbound and outbound email filtering with the inclusion of sophisticated outbound email filtering techniques, such as rate controls, domain restrictions, user authentication (SASL), keyword and attachment blocking, triple-layer virus blocking, and remote user support for outbound email filtering.  The Barracuda Spam Firewall’s layered approach minimizes the processing of each email, which yields the performance required to process millions of messages per day. 

For more information on the Barracuda Spam Firewall, visit http://www.BarracudaNetworks.ca/spam-firewall.aspx.

Popularity: 39% [?]

Post to Twitter

Barracuda Networks Tech Alert

0 comments

Posted on by admin in Barracuda Networks |Spam Firewall

, , , , , , ,

This just in from Barracuda Networks regarding the latest firmware upgrade for their Spam Firewall …

+-+-+-+

Technical Alert No. 20080722
Description: Configuration changes to all Barracuda Spam Firewalls upon upgrade to Firmware Release 3.5.12
Revision: A1.0
Affected Barracuda Networks Products: Barracuda Spam Firewall Release 3.5.12

Details: On July 14, 2008, Barracuda Networks released Barracuda Spam Firewall Release 3.5.12.001 into beta release. Upon upgrading to firmware release 3.5.12, three one-time configuration changes will be made to your Barracuda Spam Firewall:

  1. Disabling of bounce messages. On the Basic -> Spam Scoring page, in the Spam Bounce (NDR) Configuration section, the Send Bounce field will be set to No. Because of the growing number of spam emails spoofing addresses of good email senders, this change is being made to avoid sending bounce messages to innocent parties.
  2. Removal of Spamhaus external block lists previously listed as “Common External Blacklists.” On the Block/Accept -> IP Reputation page, the following Spamhaus external block lists will be removed from the Custom External RBLs list: sbl.spamhaus.org, xbl.spamhaus.org and sbl-xbl.spamhaus.org.The Barracuda Spam Firewall used to enable Spamhaus external block lists by default when usage of those lists was free to all Internet users. Now that Spamhaus is seeking license fees from some Internet users, this change is being made to remove the previous default settings and to ensure that Barracuda Spam Firewall customers do not experience problems or unexpected service interruptions.
  3. Replacement of removed Spamhaus external block lists with Barracuda Reputation. If any Spamhaus external block lists were removed by the previous action and the Barracuda IP Reputation field was set to Off, the Barracuda IP Reputation will be set to the most restrictive action of all of the removed Spamhaus external block lists.For example, if sbl.spamhaus.org was set to Block and Barracuda IP Reputation was set to Off, the upgrade would remove sbl.spamhaus.org from the Custom External RBLs list and set Barracuda IP Reputation to Block.The purpose of this change is to maintain or improve performance of the Barracuda Spam Firewall. Barracuda Networks strongly recommends blocking based on Barracuda IP Reputation, and this blocking is particularly important when external block lists such as Spamhaus are not in use.

These changes will be made only once. If you want to re-enable bounce messages and reinsert the affected Spamhaus external block lists, you may do so manually after the upgrade.

Barracuda Networks recommends that you create a new backup of your configuration after upgrading to firmware release 3.5.12.

Risk Rating: None

For More Tech Alerts: www.BarracudaNetworks.com/ns/support/tech_alert.php

For more information on Barracuda Spam Firewall’s please go to: http://www.BarracudaNetworks.ca

Popularity: 20% [?]

Post to Twitter