It does more than that. Passing an SPF test will not stop your message from being blocked by a Bays filter for example. SPF is just one test. What the 'Cuda whitelist will do is just that, whitelist you past all the other tests, assuming the admin that runs the Cuda as the Barracuda Reputation Service turned on and set to whitelist.
I certainly don't. My definition of a whitelist is different that Barracuda's. For example Cuda has Constant Contact whitelisted through this service. I only whitelist trusted senders that never send spam. Constant Contact is certainly anti-spam but their customers sometimes fool them and a spam run or two sneaks through. So Constant Contact is not someone that never sends spam, thus they shouldn't be whitelisted imho. I can't wait until March when my service contract is up with them and I can replace this PoS. And be forewarned if you have a Cuda and use the reputation service to block with. They are doing intentional collateral damage. It is Unannounced and you are unable to look it up on their lookup form. Not good, not good at all. > -----Original Message----- > From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 29, 2008 2:01 AM > To: NT System Admin Issues > Subject: Re: Barracuda and EmailReg.Org > > So this is DNSBL that does the same thing as SPF - but you have to pay > for it. Brilliant. > > -- > ME2 > > > > On Tue, Oct 28, 2008 at 10:47 PM, Michael Brummet <[EMAIL PROTECTED]> > wrote: > > Have any of you run into this? > > > > From http://zacharyozer.blogspot.com/ > > > > Tuesday, October 14, 2008 > > > > Biggest. Spam Scam. Ever. > > > > A few years ago, MIT purchased an anti-spam solution from Barracuda, > a firm > > specializing in network security products. > > > > I just received an email on one of The Tech's mailing lists about how > email > > from The Tech's mail server are being rejected by the Barracuda Spam > > Filters. I've edited the message, but goes something like this: > > > > -------- Forwarded Message -------- > > From: Mail Delivery System <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: Mail delivery failed: returning message to sender > > Date: Mon, 1 Jan 2008 00:00:00 -0000 > > > > This message was created automatically by mail delivery software. > > > > A message that you sent could not be delivered to one or more of its > > recipients. This is a permanent error. The following address(es) > failed: > > > > [EMAIL PROTECTED] > > SMTP error from remote mail server after RCPT TO:<[EMAIL PROTECTED]>: > > host W92-130-BARRACUDA-3.mit.edu [18.7.21.224]: > > 554 Service unavailable; Client host [18.187.1.1] blocked using > Barracuda > > Reputation; http://bbl.barracudacentral.com/q.cgi?ip=18.187.1.1 > > > > Following the link, you're taken to a page where you're asked to fill > out a > > form (which includes a CAPTCHA) in order to verify that you're not > spamming > > people. > > > > Were this where things had ended, I would have forgotten this whole > thing. > > While I don't necessarily think requiring people to fill out a quick > form is > > the best way to fight spam, its certainly not completely unreasonable > to ask > > them to do it once in a while. Extra kudos if they can use some sort > of > > certificate, signature, etc to bypass it. > > > > However, what follows is one of the most perverted uses of technology > and > > diabolically brilliant business plans I have ever witnessed. > > > > Lets assume you'd like to avoid being caught by this spam filter in > the > > future. Barracuda allows you to register with EmailReg.org , an > > 'organization' which maintains a list of domains and the IP address > of their > > associated mail server. To sweeten the pot, they allow anyone to > query their > > database for free in order verify the authenticity of an email. > > > > Many of you are scratching your heads, so let me provide an example. > Lets > > say that you run Google.com. You register with EmailReg.org and tell > them, > > 'Any email that comes from google.com will have to come from one of > our SMTP > > servers. Their IP addresses are 1.2.3.4 and 9.8.7.6'. This means that > an > > email which claims to be from [EMAIL PROTECTED] that didn't come from > those IP > > address probably isn't actually from someone who works at Google and > can > > probably be marked as spam. (Note that identity verification is a big > part > > of spam protection, since spammers often pretend to be someone else, > in an > > attempt to hide how much mail they're sending.) > > > > What a great idea right? Spam protection that works and is > transparent to > > users? > > > > Until you realize that they charge $20 to register your domain. Per > year. > > > > Effectively, this means that you have to pay $20 per year to send > email to > > people on domains that use this service to verify email authenticity. > This > > wouldn't be that big of a deal if EmailReg was the definitive source > for > > this information, or if they had some new and brilliant technology, > or if > > there weren't any other good solutions. Instead, EmailReg is nobody, > their > > product is a whitelist (albeit with two parameters - domain and IP), > and > > there are a hundred other, perfectly viable anti-spam techniques. > Somehow, > > they've managed to get a major corporation (Baracuda) on board and > they're > > now gouging people to send e-mail - something which is supposed to be > free. > > > > I salute the businessman who came up with this idea and the salesman > who got > > Barracuda on board. > > > > Beyond that, I'm furious. > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
