Barracuda takes a bite out of our spam problem

Two things have become clear about anti-spam products: First, there is no “best” solution. There are some types of anti-spam solutions that will fit your environment better than others. Which solution will work for you depends on whether you can tolerate false positives and false negatives, how intolerant of spam your users are, how smart they are, how odd your requirements are (such as wanting to see certain types of spam), how much technical support you have and so on.

The second thing is that cost really isn’t an issue. Anti-spam solutions that will remove at least 80% of unwanted messages can be implemented for less than $12 per user, per year (compare that with a typical productivity loss per user of about $340 per year in an unfiltered environment).

What is important is how anti-spam services will integrate with messaging environments. One promising direction for companies that want a straightforward, centralized enterprisewide anti-spam solution is appliance-type products – turnkey devices that front-end e-mail services.

We have been using such a device for a couple of months and have been impressed with the results. The product is the Barracuda Spam Firewall 200 from Barracuda Networks. The Spam Firewall hardware is based on 1U rack-mount servers running a customized version of Linux.

Barracuda’s filtering services use multiple techniques to identify and remove spam. First comes blacklisting of computers and domains that belong to known spammers (the list is updated automatically). Next up are keyword scanning; checksumming to identify repeated messages; message authenticity checking (source address verification and Simple Mail Transfer Protocol [SMTP] conformance); local blacklists and whitelists; rate controls to stop bulk messaging, denial-of-service e-mail attacks and dictionary-based spam attacks; and file-type attachment blocking. The Spam Firewall also provides built-in anti-virus services.

Many of these filtering techniques can be configured on a per-user basis. For example, scanning can be used to “score” e-mail, with messages scoring above a system or user-defined threshold flagged as spam or optionally quarantined.

Barracuda offers four models, ranging from entry-level (the 200) that the company says handles 1,000 active e-mail users and 1 million e-mail messages per day, to a high-end model (the 600) suitable for 25,000 active e-mail users and 25 million e-mail messages per day. Note that there is no actual set limit to the number of users that a particular model can handle; the maximum message-handling rate required by a given environment is the constraint.

Configuration and management of the Barracuda Spam Firewall is simple. (Note that Barracuda uses a neat technique that avoids using Secure Sockets Layer for administrative logon but never sends passwords in plain text. For details see my Network World Web Applications newsletter, CHAP logon cheaper than SSL).

Integration with existing messaging services was easy: We reconfigured our router to send incoming SMTP to the Barracuda and configured the Barracuda to forward messages to our SMTP server. To our users the service was completely transparent with the exception that spam almost disappeared.

To assist the Spam Firewall in characterizing spam, Barracuda provides a Microsoft Outlook plug-in so you can send selected messages back to the Spam Firewall as spam or not spam as appropriate, and the messages are added to the Bayesian filters data set.

The Barracuda Spam Firewall 200 costs $1,200; the 300 $1,900; the 400 $4,000; and the 600 is priced on application. The blacklist and anti-virus service updates cost $300 annually. If you use the 300, the cost is roughly $2 per user, per year, for the first year. That doesn’t include configuration and management costs, but that still won’t be anywhere near $340 per user, per year!

The charge that is always leveled at appliance solutions is, what if the appliance fails? Barracuda’s answer is a 24-hour replacement service for another $299 per year. For small organizations this is quite workable, although given the device’s low cost we think it would just be easier to buy a second unit, as all but the least-expensive model, the 200, support clustering.

Currently we receive, on average, 4,300 messages per day, with about 96% spam. We have found that the Barracuda Spam Firewall system works extremely well, such that we will regret sending it back. We may well get very difficult about it.

No regrets or spam to gearhead@gibbs.com.