Barracuda sinks teeth into spam

I’ve reviewed many security products, but it’s rare for me to be so impressed with a product that I want to keep and use it after the review. Barracuda Networks’ Spam Firewall is my favorite keeper so far this year.

In my experience, perimeter solutions usually rank just behind Internet-hosted service offerings in accuracy, with end-point solutions having the worst rates. This is not the case with Barracuda — it’s among the more accurate anti-spam products I’ve tested, even when compared with seemingly more intelligent hosted solutions. In a crowded field, Barracuda Spam Firewall stands out for being packed with features, easy to use, accurate, and relatively low-cost.

Filter-friendly

The Spam Firewall 300 is a 1U appliance running Linux on an AMD Athlon XP 1900+ processor with a 40GB hard drive and 512MB of RAM. It is designed to be placed as a front-end MTA in front of SMTP servers, but unlike most Linux appliances, the Spam Firewall rarely if ever requires you to delve into the world of command-line prompts because administration is performed via almost any JavaScript-enabled browser. Although there are more than 100 features that can be enabled or customized, the default settings are fine for most environments.

Installation is fairly easy. Administrators set the correct IP address and then follow a simple four-page document to complete the setup, leaving the advanced options, such as Exchange LDAP interaction, for another configuration session. The defaults are accurate enough to capture most spam, so you can customize and strengthen the settings later when you are more familiar with the system.

If you’ve read about an anti-spam feature, the Spam Firewall 300 probably has it. Functionality includes keyword blocking, whitelists, internal and external blacklists, Bayesian filtering, subject and header filtering, and reverse DNS lookups, as well as content and URL fingerprinting.

The Spam Firewall has true Bayesian filtering, so the administrator must train and fine-tune the filtering engine between spam and nonspam e-mails. Barracuda recommends marking 200 messages as spam and nonspam to train the filter. Ironically, this was a bit of a problem in my tests because the Spam Firewall is so accurate in stopping spam for other reasons — attached viruses, bad domains, incomplete messages, sender time-outs, and so on — that it was tough to get enough real spam past the first stage of blocking and into the logging area to be marked as spam.

I tested the Spam Firewall 300 and 200 models for several months with tens of thousands of messages received. The population of spam e-mail to legitimate e-mail ranged from 30 percent to 60 percent during the testing period.

The result? Only a few legitimate spam messages got by and fewer than a handful of false positives were tagged. The few legitimate spam messages that did get through the Spam Firewall were correctly marked as possible spam. A few false positives came up as possible spam, but in my small-site setup, only two messages out of tens of thousands were marked as definite spam when they were not.

To tag and route potential spam, the Spam Firewall administrator sets rating thresholds for scanned messages and determines which scores result in blocking a message versus quarantining it. Ratings are determined by noting common spam characteristics and generating an overall score for each message; a rating of 0 means the message is not spam.