Thursday, December 27, 2007

Barracuda Networks and their customers could to do more to stop the backscatter

Here's my latest tally of backscatter received from Barracuda firewalls since 2007-09-16:
1940 messages
According to the press releases, Barracuda says 95% of email being sent is spam. According to most people's experiences, 100% of spams have forged "from" addresses. The success of their firewall product, and the continual increase in spam are probably the reasons for an increase in email backscatter. Sadly, too many Barracuda Spam Firewall customers still enable auto-replies for spams that get blocked.

When I get such backscatter, it's easy to fight back with an auto-reply of my own (thanks to Thunderbird's filters). Several Barracuda Spam Firewall customers have replied to me when I (automatically) contacted them about their firewalls creating backscatter.

Here are a few of those relatively rare, yet encouraging replies. I have left out the names of the individuals involved for privacy reasons:
date: Dec 21, 2007 6:02 AM
subject: RE: Please configure your spam firewall to stop bouncing spams to me

First of all, sorry for the inconvenience and we thank you your advice.

We have changed the wrong configuration parameter.

Please, let us know if you receive still bouncing spams in the next days.

Date: Dec 3, 2007 8:17 AM
Subject: RE: Please configure your spam firewall to stop bouncing spams to me (was: **Message you sent blocked by our bulk email filter**)

Sir –

Thank you for the information. I would have never known about this problem without your email. I have made the recommend changes on my Barracuda filter.

date: Nov 28, 2007 12:11 AM
subject: RE: Please configure your spam firewall

The suggested changes have been made. Thanks for the heads up.

date: Oct 31, 2007 1:48 PM
subject: RE: Please configure your spam firewall to stop bouncing spams to me (was: **Message you sent blocked by our bulk email filter**)

Sorry for the inconvenience, I disabled the feature

Thanks, there is enough crap going around, no use having it bounce around on top of that

date: Oct 29, 2007 7:22 PM
subject: RE: Please configure your spam firewall to stop bouncing spams to me (was: **Message you sent blocked by our bulk email filter**)

Please accept our apologies for any trouble caused by backscatter originating from our Barracuda. We have disabled the notifications that were causing the messages to be sent.

Next is an example of a depressing response, which shows an administrator who is clueless about the damage she is causing the rest of the users on the internet. Her suggestion is that I just block her bounces...
date Dec 7, 2007 7:31 AM
subject RE: Please configure your spam firewall to stop bouncing spams to me (was: **Message you sent blocked by our bulk email filter**)

Thanks for your email. We understand your frustration with receiving notifications of spoofed emails forged with your address. However, the notifications serve a purpose to alert you that: 1) someone is using your address to send spam; 2) alert you that you might be infected and are sending potentially infected emails.

If you feel that you are receiving too many false positives from our Barracuda, please feel free to add our domain to your blocking list.
Don't you like how she turned it around as doing us all a service! My response to this nonsense got escalated to the VP of IT in her company, who wrote me a message that was very defensive, to which I replied below:

On Dec 7, 2007 9:20 AM, (Anonymized) wrote:
The next time you want to criticize someone, slap some credentials behind your name.
Who says credentials are necessary to say that your Barracuda is spamming me?!

I'm complaining about the spam your Barracuda is sending to me because you've enabled the feature that most people recognize as abusive. Just Google it! I won't be the only person who is upset about this. If you want credentials to back up what I'm saying, you're just being ignorant and not listening. Again, if you don't trust me, try Google:

I have sent many, many, many complaints to Barracuda owners about this problem. When I get a response, it's one of the following:

1) Thank you for pointing this out to us, we are correcting the problem.
2) Backscatter isn't my fault. Too bad for you.
3) postmaster does not exist.

Since you're a VP, I trust you know which one is the more professional and customer-oriented. Yes, I'm holding you to your credentials!
I assure you we have better things to do with our time than pick on someone like yourself, and send them bogus emails telling them that they might be infected. Gmail supports an outlook interface which is a commonly targeted service for spammers, have you considered the fact that someone, yes someone malicious may have in fact cracked your password and might be using your account.
This is a possible explanation, but there are no facts to support my Gmail has been hacked.

I have already more than 30,000 backscatter emails, and I found out how it works. I am not the only one who's a victim of this kind of spamming problem. If you check your Barracuda logs, I'm willing to bet you'll find it's bouncing spams to other people.
Funny, this "VP" never wrote back. Perhaps he's still trying to figure out how to turn off the auto-reply feature of their Barracuda Spam Firewall - maybe he's asking his underlings what a log file is?...

Finally, here's the most common response I get when I reply to Barracuda backscatter (the domain is used below, but it will be something else depending on the Barracuda box that sends it out):
This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 13): 550 <>: Recipient address rejected: No such user (
This shows that Barracuda Networks are not doing a great job at having customers set up their boxes properly. Pert near all of these domains end up getting a listing for being RFC-ignorant with respect to postmaster. I don't have a count yet, but it's got to be over 100 domains that I've reported there, "thanks" to the Barracuda backscatter from their poorly configured appliances.

p.s. A more rare event is that sometimes a Barracuda Spam Firewall actually blocks my automated response to its backscatter, claiming my request for them to stop bouncing spams to me is itself a spam! Although telling me that my request was blocked isn't backscatter, it will get them listed as being RFC-ignorant. They're blocking requests to the postmaster address.

Tuesday, December 11, 2007

Why I stopped reporting (Googlepages, Blogspot) spams to Google

I've been a Spam Fighter for 7+ years, and Google has got me frustrated. I'm quite happy about the little spam I get on my Gmail account. But they are doing a bad job of controlling spam on their systems. Worst of all, they don't accept automated reports, but instead want users to spend time reporting spams and abuse on Google systems manually.

Every other ISP or web service accepts automated spam reports via systems like Google requires us to report spams with on-line web forms. A good example is this web form to report an adult-content page. I can't tell you how many spams I have got with links that redirect to porn sites in China somewhere. I have reported them all to Google using that stupid form. Guess what? The links are all still up, sometimes weeks after I report them. There is never any closure or follow up, despite when I include my email address.

So, I'm resorting to ranting about this poor quality of service in a blog. You can see some of the other rants about this subject in this discussion in the Google Group for Blogspot. Try some of the links (if you're not afraid of seeing porn) to see if they're still up. Google knows about these but is not taking quick action.

Google has some of the sharpest, most creative people working for them. Yet they require us to submit spam reports about Gmail abuse using archaic web forms that cannot parse emails or require us to submit Googlepages abuse emails one link at a time.

Google refuses automated reports about spams that contain links to or pages. Here's an example of what happens when you put a spam into SpamCop that contains a link:

Re: (Administrator of network hosting website referenced in spam)
To: (refuses to accept this type of report)
To: (Notes)

Re: (Administrator of network hosting website referenced in spam)
To: (refuses to accept this type of report)
To: (Notes)
Accepting automated SpamCop reports would be the most intelligent way for Google to fight the spam on their systems.

Finally, let's not forget that spammers use software to create the spams, the and pages. So why shouldn't Google use software to detect and delete them!? Perhaps it doesn't affect the Google bottom line, and so they haven't put any resources on it.

As of today, I'm no longer reporting any more spam to Google with their archaic methods. They need to modernize on this aspect and start accepting automated reports from

Finally, stop exploiting the volunteer spam reporters! We have better things to do!

Interesting links: Blog Spam: A review