Chat with us, powered by LiveChat

Did the Barracuda Blacklist block your email?

Frustrating, I know.

The Barracuda’s Reputation Block List (BRBL) includes email servers known to be part of spambots or open email relays. Inclusion in the list usually means your server has been sending large volumes of spam.   They block about 300-400 million emails every day.

You may be thinking:

I am not a spammer!

Well, perhaps you are not, but your server is.

If your server’s IP is on the Barracuda block list, your server is sending spam — usually large amounts of spam.

Are you ready to remove your IP from the blacklist?

Here is the process we use to handle Barracuda blacklist removals.

    1. Run a Barracuda check check.
    2. Discover why your IP is on the block list.
    3. Complete the Barracuda Blacklist Removal Form.
    4. Verify Blacklist Removal.
    5. Summary
TL;DR
Make sure your server is not sending spam, that you authenticate your email, and then submit the Barracuda Blacklist Removal Form.

1. Barracuda Blacklist Check

Typically, you will first discover you are on the block list by receiving a bounce with an error similar to this:

Sep 2 07:38:54 psa001 postfix/smtp[30556]: 3308DAE22A3: to=<somone@outhere.com>, relay=mail.server.com[10.10.10.10]:25, 
delay=271965, delays=271825/0.01/71/69, dsn=4.7.1, status=deferred (host mail.server.com[10.10.10.10]:said: 450 4.7.1 Try Later; 
see http://www.barracudacentral.org/rbl/removal-request (in reply to RCPT TO command))

The exact error in the email bounce varies as the recipient’s server can set custom messages, but usually, you will see a reference to the http://www.barracudacentral.org/ site.

To confirm your IP is on the blocklist, you need to run a Barracuda Blacklist check.  If your IP is on the list, you will see the following:

barracuda-blacklist-check

Don’t rush to complete the form.   Make sure you have spotted the spamming first.  IPs rarely appear by mistake.

2. Why is your IP on the Barracuda Blacklist?

From Barracuda:

When email is received, the connection is automatically analyzed to determine if the connecting machine is either an open proxy or a node in a spam-generating botnet. If either is true, the IP address is immediately added to the Barracuda Reputation Block List (BRBL). The BRBL only lists single IP addresses.

If you want to get off and stay off the blacklist, you must dig into your server and understand why your server was blacklisted. If you do not, then your removal effort will be wasted.

Typically, this means that an IP is on the list because it is:

  • Part of know spambot networks.
  • Identified as an open email relay.
  • Sending spam trap addresses.

If you are running a spambot network, you probably would not be reading this, so you can pretty much ignore this issue.

Fortunately, open email relays are a thing of the past. Most email servers now enable authentication by default. So unless you’ve changed your server’s settings, I would not worry about this cause too much either.

Spamming is the number one reason we see for having your IP on the Barracuda Blacklist.

The #1 reason for Barracuda blacklisting your server is a security breach, either a compromised user account or web application that is sending spam.

The primary sources of the spam are:

  • Compromised user accounts.
  • Insecure contact forms.
  • Compromised web applications.

You can identify compromised user accounts by scanning your server logs. Hacked email accounts often send 1000’s of messages. Search your email server logs for logins and check the user accounts with abnormally high logins. That user is often the spam source. Change the user’s password and contact the end user to scan their system for malware.

Insecure contact forms are easy to spot in your weblogs or stats. If you see a high rate of POST request to your contact form, the form may be sending spam. If you discover questionable activity, check the version of your contact forms. Make sure you have the latest updates.

Web application exploits can be more difficult to track down. The techniques are well beyond this blog post, but I may cover it in the future. Usually, you need to rely on malware scanners and log analysis to identify the site or scripts sending spam.

3. Barracuda Blacklist Removal Form

Fixing the source of the spam is the hard part, unlike the Gmail blacklist, Barracuda’s removal process is quick and easy.

Just head over to the Blacklist Removal Request form:

barracuda blacklist removal form

Within a few hours, you will receive an email from intent@barracuda.com notifying your IP is no longer in their block list.

4. Verify Barracuda Blacklist Removal

Send an email — that’s the easiest way to check for removal.
You can run the Barracuda Blacklist check tools again. The tool should show your IP is not listed.    Not it says not “poor” — how about that for a double negative.

barracuda blacklist lookup

5. Summary

Removing your IP address from the Barracuda blacklist is easy; however, you must put a stop to the spam that triggered the listing. The process described above is only for the public Barracuda blacklist system. Many businesses deploy their own Barracuda email security systems. If you are blocked by a private Barracuda system, you will need to contact the email administrator directly to have the block removed.

Blacklisted elsewhere?  See our email blacklist removal posts on for details on how to remove your server IPs from other email block list.

Menu
add_action('init', 'use_jquery_from_google');