Not an unusual take on Barracuda’s relationship to EmailReg.org, but the comments are also interesting, especially the second one:
“Prior to knowing that Barracuda automatically used the EmailReg.org system (or that they had anything to do with EmailReg.org) I considered adding the whitelist to my Barracuda system. I then found out Barracuda automatically uses the whitelist and AFAIK there is no way to stop using the whitelist. I love Barracuda devices, but this does seem questionable.”
If that Barracuda user’s understanding of the product he’s using is correct then by paying EmailReg.org, you are really buying a whitelisting through any filtering of Barracuda’s appliance.
Of course, given the statement that you can “get your email through spam filters even if you are listed on the BRBL is to register your domain and IPs at EmailReg.org” found on their reputation lookup pages, you already knew that.
I’m philosophically opposed to this kind of scheme. There’s no real administration of this list (I’ve not even heard of anyone being refused and/or removed from the list, so there’s no checking going on here). So, charging money to be on it isn’t for anything like what Goodmail or ReturnPath’s SenderScore Certified do (both of whom are much more open about what they’re offering than EmailReg.org’s conflicting statements on what they’re offering). You’re just paying money to skip past a spam filter.
Past that though, I’ve also been reminded that EmailReg.org is hiding behind a Domain Privacy Protection Service. That just doesn’t fill me with confidence that I know where my money would be going or why it’s going there.
Who is behind EmailReg.org? I don’t know.
What do they propose to offer? A free pass through a major anti-spam appliance.
How do they deliver that? Well, they do operate from Barracuda’s own network blocks, so maybe they’re really one and the same. But other than that thought, I don’t know that either.
There sure is a lot that I don’t know about EmailReg.org and it’s relationship to Barracuda.
I would like to add some perspective to potential use of the BRBL.
Three weeks ago, I began requesting de-listings of any IP (active or suspended) on Certified that was listed on the Barracuda BRBL. When I started on April 29 there were 431 such IPs, as of today there are 22, of those there are 5 repeat listings.
Of interest is the verbiage Barracuda sends to listees, stating repeatedly that the IP is on a compromised host. I suspect this is incorrect as these IPs never had listings on other DNSBLs dealing with such issues, like the CBL. They also assert the mail is ‘not CANSPAM compliant’. This would imply either using the Lashback DNSBL or similar service if such exists, or manual parsing of the payload. None of the listed IPs showed up on the Lashback list.
I don’t know what to make of this.
One aspect of note is their heavy reference during the delisting process to their pay-for-play whitelist, Emailreg.org (I signed up one of my personal domains at the service to see how it worked). They suggest that registration therein will help to avoid ‘inadvertent’ listings, but that does raise the question how a listing due to compromise or lack of CANSPAM compliance could ever be inadvertent.
I certainly do not think we should ever suggest or recommend to clients to make use of the Emailreg.org service, it works on a per domain basis and this could become very expensive for large senders at $20/each. Also, it is not clear if domains and sub-domains are treated as equivalents.
—————————————————————–
"Thank you for contacting Barracuda Networks regarding your issue. Your issue is important to us. We have assigned a confirmation number:
BBR21243333460-MUNGED to this case.
We apologize for any inconvenience that this may have caused you. Since this is is your first request for this IP, the reputation of this IP address will be temporarily upgraded from "poor" for 48 hours *or* until we complete our investigation. When our investigation is complete, you will receive a decision via email. It may take up to 1 hour for the changes in the Barracuda Reputation System to propagate to all the Barracuda Spam Firewalls in the world.
There are a number of reasons your IP address may have been listed as "poor", including:
1. The email server at this IP address contains a virus and has been sending out spam
2. The email server at this IP address may be configured incorrectly
3. The PC at this IP address may be infected with a virus or botnet software program
4. An individual in the organization at this IP address may have a PC infected with a virus or botnet program
5. This IP address may be a dynamic IP address which was previously utilized by a known spammer
6. The marketing department of a company at this IP address may be sending out bulk emails that do not comply with the CAN-SPAM Act
7. This IP address may have a insecure wireless network attached to it which could allow unknown users to use it's network connection to send out bulk email
8. In some rare cases, your recipients' Barracuda Spam Firewall may be misconfigured"
—————————————————————–
–
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038
The opinions contained herein are my personal stance and may not reflect the viewpoint of Return Path Inc.
Thanks for your post.
After getting a request to resolve undeliverable mail from a client and going through a similar process as above, I am convinced that I will never recomend this product ot anyone. If anyone askes about a Barracuda firewall, I will hel them this is a poorly designed product and to go to another vendor.
Even thouh I have 20 years as a consultant specilizing in e-mail, I almot got taken until they asked for a credit card. Then I surfed the web for these guys and found this among other negitive posts.
Jonathan Brown
Net Data Systems, Inc
5605 Woodman Avenue, #204
Sherman Oaks, CA 91401
818 782 5394 Phone
818 475 1600 Fax
E-mail: jbrown@netdata.net
Web: http://www.netdata.net
[...] Barracuda & EmailReg.org: Pay-to-play or just joined at the hip? This post was just plain fun to do. There’s some sort of agreement between Barracuda Networks and the EmailReg.org people, but no one outside of those two groups knows what it is. But that duck sure is loud. [...]
Barracuda is behind emailreg.org but I don't think that it's like buying a license to spam. If someone pays the $20 and starts to spam then thousands of barracuda servers detect that and it would be removed from emailreg.org. Thus the spammer wasted $20.
I think that emailreg.org is just about reducing false positives and the $20 is like a captcha. But I'm sure it's not a license to spam otherwise it would undermine barracuda's main business – stopping spam.