Posted 21 October 2019 - 11:30 AM
I put some domain filters blocks into our Barracuda 600 as a test, but so far, the haven't been repeating. I checked the source IPs and they are from all over Europe and the US.
The payload is a link that changes with each domain change: ie
By the time our Barracuda 600 finds them in the log, they have stopped and switched to a different domains, topics, servers, and key words. The spammer started October 9th, seems to hack from 9:30am to 3:30pm (Central Time), and doesn't appear to work on USA weekends.
Has anyone run into this type of attack and found a way to block the bulk of the spam?
Would anyone using the cloud version know if it catches this type of spam?
Posted 21 October 2019 - 01:59 PM
On the Barracuda Email Security Gateway you can set up and use the Bayesian service which when used correctly will score mail you designate as not spam lower and mail you designate as spam higher allowing your spam scoring system to work better. I recommend you read this completely before starting to use Bayesian
On the Barracuda Email Security Service (cloud service) one of the advantages is that we see attacks across the service as a whole. So while your unit is seeing a few messages at a time to one domain the cloud service can see this attack hitting hundreds or thousands of domains at the same time and will classify this mail as suspicious which will often see this attack stopped rather quickly.
There are several advantages to the cloud service and it seeing all incoming mail to all customers in a particular region allowing it to find and block spam attacks much faster than on the hardware unit is one of them.
Product Lead Support Engineer
Barracuda Email Security