December 17, 2008

Barracuda offers a new -- and free -- alternative to Spamhaus

Author: Robin 'Roblimo' Miller

For many years Spamhaus has been top dog in the anti-spam world of DNSBL (Domain Name System Block List; also known as Realtime Blackhole Lists or RBLs). But Spamhaus is no longer a 100% free service. Even small nonprofits are now expected to pay at least $250 per year for a subscription to the Spamhaus DNSBL Datafeed Service. Now a new, free alternative to Spamhaus has arrived: the Barracuda Reputation Block List (BRBL), provided by well-known, open source-based Barracuda Networks. And Barracuda CEO Dean Drako says the company has no plans to charge for the service in the future. He says that BRBL (pronounced "barbell") "does cost us a little bit of money to run, but we think that the goodwill, the reputation and the understanding that Barracuda is providing the service will do us well in the long run."

While Barracuda Networks corporately and Drako personally are both open source boosters, he runs a for-profit company that sells spam-fighting appliances and services. In effect, BRBL is a promotional effort for Barracuda, not to mention that it's something the company needs to maintain anyway to support its own pay-for products.

Free is nice, but how well does it work?

Adam Lanier, who works for a New York investment firm, has been using BRBL since September, shortly after the service first went public. He has been running it in conjunction with Spamhaus and SpamCop. One of the biggest possible problems with black hole lists and other spam-fighting systems is false positives (where legitimate email messages are wrongly tagged as spam), but he says BRBL has given no false positives "that I know of," but qualifies that statement by adding, "Of course, I only know of a false positive if the use is reported back to me."

Overall spam figures are the best way to measure BRBL's effectiveness. Lanier says, "For the month of October, we had almost 107,000 total messages, and out of that, 40,000 were spam. And this is only messages that actually get into our system. We block many, many connection attempts to send us mail prior to it even getting to us. So we have actually blocked 3.3 million connection attempts trying to get into our systems in October alone. So a lot of spam and virus-laden messages never make it into our systems, because they don't get that far. But out of the messages that we actually received and processed, the Barracuda Block List hit on 16,000. That's 15% of total emails and almost 41% of spam emails. That's far more than any other blacklist. The only other blacklist [that has done better] -- and it's an entirely different class of blacklist -- would be the URIBL blacklist, which tracks URLs within messages, not the addresses that they come from."

In Midland, Mich., Mercury Network CEO David Sovereen is a long-time Spamhous user. "And then," he says, "I became aware of the Barracuda list maybe a month or two ago, and added it in, and it also has virtually no false positives, which is excellent. So, we block [spam] at the connection level. The moment that connection is made to our server, we do the DNS blacklist look up and block based on it. And [BRBL is] blocking lots of connections and consequently lots of spam."

Sovereen says Mercury Network currently has about 10,000 email users, and that "it became very apparent after 10 days that the Barracuda list was doing a really good job, because the number of messages sitting in our quarantine, where we have a 10-day retention, dropped from about 1.5 million down to 600,000. So that was very substantial." And, he notes, "approximately 75% of the messages that are blocked by a DNS blacklist are being blocked by the Barracuda list. The other 25% are being blocked by the Spamhaus list."

Both Lanier and Sovereen rely on a number of spam-blocking tools, not just RBLs. SpamAssasin is their primary spam-fighter. They use RBLs and other blacklists, such as URIBL, to help SpamAssassin come up with an individual email's likelihood -- SpamAssassin uses an adjustable numerical score -- of being spam rather than legitimate communication.

BRBL is a worthwhile addition to a company's anti-spam arsenal

Many network administrators would like to deploy 155mm howitzers and other pieces of heavy artillery against spammers. Sadly, this action is impractical (since spammers are spread all over the world), and hugely expensive. It is also illegal in many jurisdictions. So what's the alternative? SpamAssassin, and possibly commercial and proprietary anti-spam sytems (for those who prefer such things to FOSS). Plus RBLs and other methods of detecting spam-senders before their spew enters the network in the first place.

Drako says that he has a Removal Request page and staff dedicated to helping people whose IP addresses get into the BRBL database by mistake or who have corrected the problem that caused their addresses to be blacklisted in the first place. This customer service aspect of the spam-fighting business is one of the larger costs associated with it, but Drako says Barracuda is willing to sustain this expense not only today but in the future. Indeed, we asked him directly about Barracuda's motives in providing this free service, and whether he expects it to bring in enough new business for Barracuda to justify its expense. He says, "I don't know if it pays for itself quite yet, but it probably does. It will be a hard thing to measure, because it's a little bit of a goodwill gesture for us to the community, because we have benefited from and use a lot of open source software. I have always felt that it's important to give back to the open source community, and we donate to a lot of projects, we support a lot of projects. We have four or five engineers at Barracuda who work full-time on open source projects. It is just part of the philosophy here of giving something back to the community."


  • Internet & WWW
  • Mail & Messaging
  • Security
  • News
Click Here!