Jump to content


Suspicious mail - way too much legitimate mail being marked Suspicious and deferred

This topic has been archived. This means that you cannot reply to this topic.
3 replies to this topic

#1 Ryan Hilliker

Ryan Hilliker
  • Members
  • 2 posts

Posted 26 October 2017 - 05:26 PM

A pile of our inbound mail is being marked as Suspicious. BESS then Defers delivery and waits for a second delivery attempt to occur which can take 10 minutes or nearly an hour, it completely depends on the sender's email server. This is not acceptable for our business. If someone is waiting for a contract or a remote meeting invitation then they need that email to go through immediately.
Email subjects such as:
Please join Zoom meeting in progress - Suspicious (Intent Analysis:zoom.us)
[Redacted] Business Search Criteria - Suspicious (Subject rate throttle)
[Redacted] Protocol Improvements - Suspicious (Nameserver for www.nacwconference.com)
Email from [Redacted] - Suspicious (Nameserver for www.[ourO365Domain.com])
Draft Email to [Redacted] - Suspicious (Nameserver for www.[ourO365Domain.com])
[Redacted] Expo 2018 - Suspicious (Intent Analysis:www.exhibitionpark.ca)
I can go on and on. I've disabled CloudScan, made a pile of whitelisted domains, set an attachment rule to allow anything with a PDF through so that contracts can come through without being blocked (because they were being blocked too). I had to disable Outbound connector in O365 because it wouldn't allow users who set up forwarding to forward to their primary personal/corporate accounts, since BESS wouldn't allow relaying.
Then email to our primary domain in O365 gets flagged as "Suspicious: (Nameserver for [other O365 Domain])". When all of the domains are listed in our BESS Domains, including the Nameserver one it's complaining about.
The system also let through a Link-Protected link to a DOCX that was malicious, but Windows Defender (which is free) caught it... Barracuda didn't.
I cannot see a setting where I can let through Suspicious mail with particular scores or ignore Nameserver issues or to just let through all Suspicious email. So what's going on? This service is blocking so much legitimate mail that the administrative overhead makes this service impractical for us.

#2 Ryan Hilliker

Ryan Hilliker
  • Members
  • 2 posts

Posted 27 October 2017 - 01:10 PM

I decided to cancel the trial and return back to our normal service. One of our service providers, who previously gave Barracuda ESS high praise, told us they also were spending a couple of hours each day dealing with blocked and deferred mail and switched to a competitor as a result.


Sorry, guys. I'm sure Barracuda has many great products but the BESS service required too much administrative overhead from me and my time is needed elsewhere.

#3 Chad Fisette

Chad Fisette
  • Members
  • 15 posts

Posted 13 November 2019 - 06:29 PM

This does not make me feel good about this product at all. Has this improved at all or still the same daily chore work?  If that big a chore, I'll just go back to MSFT which I pay for anyway.

#4 Chad Fisette

Chad Fisette
  • Members
  • 15 posts

Posted 13 November 2019 - 07:06 PM

After talking to support, when it gets flagged initially scanned and flagged as suspicious it sits and waits until the server re-sends the message again and then it delivers the message.  There is a delay here which is out of the control of barracuda so I am fine with that for now.