Who cancels your email? Warning to Infostrada and Barracuda users

Infostrada is one of the biggest Internet Access Providers (IAP) in Italy. Barracuda is a software filter that analyzes all the email messages entering the network of an organization in order to block spam, viruses and similar.

Whenever an Infostrada customer (but it may happen with other IAPs too, keep reading!) sends an email message to somebody “protected” (possibly without knowing it, because the filter is installed by an administrator) by Barracuda, something can happen that may create actual problems both to the sender and to the receiver. I have personally experienced this twice. In November 2009 what I describe below blocked me from answering as soon as possible to somebody who was offering me a job; in February 2010 I was unable to send, within the expected deadline, urgent information needed for another project. Please keep in mind that all I explain below can happen just as easily with other IAPs or with other filtering software.

A guardian who is too strict, or badly informed

Even if most people never see them, an email message contains the IP addresses of all the computers it traveled through while going from its sender to its recipient(s). IP addresses are numbers that identify every computer connected to the Internet (their potential impacts on online privacy are discussed in another article).

When Barracuda decides that a message contains or may contain spam or viruses, it deletes the messages without sending any notification to the recipient. The sender, instead, may receive an automatic notification like this:

blocked used Barracuda Reputation;
[http:*bbl.barracudacentral.com/q.cgi?ip=151.32.195.252](http://bbl.barracudacentral.com/q.cgi?ip=151.32.195.252)

Those four numbers at the end are the IP address of the computer on which the email was composed: in the case above, it was a harmless home PC 100% virus free, never used to send spam. Then why did Barracuda deleted as spam a message coming from that computer? Keep reading and you'll know.

Providers like Infostrada manage the limited quantity of IP addresses they have available dynamically, that is assigning them in a more or less random manner to their users, whenever they want to connect to the Internet. This means that every time you connect you may receive a different IP address, and the whole process is completely outside the control of the customer. Barracuda deleted that message only because it considers as a spam source the IP address which in that moment Infostrada had associated to the computer I was using.

Why? Only because in the previous days some other clueless customer who doesn't know how to keep his or her computer free from viruses and spambots had actually sent thousands of spam messages without even realizing it, in a moment when his computer had the same IP address (151.32.195.252) that later on, randomly, Infostrada had given to my computer when I turned it on.

The obvious conclusion is that whoever is “protected” (again, even if they don't know it) by software configured as that copy of Barracuda that I found on my way could lose together with spam, without ever realizing it, every email sent by any Infostrada customer. And that this happens only because the Barracuda developers (the ones who actually build and maintain the IP addresses blacklist) found spam coming from that IP address when it was being used by somebody else, not the person actuallty trying to contact you! To make things worse, the innocent users who are damaged in this way change every day, in unpredictable ways. Can you rely on email in such a situation?

Please note that, even ignoring termination fees, services interruptions and similar amenities, changing IAP wouldn't solve anything, because most providers, unless you pay much more, manage IP addresses in the same way. Even switching to a webmail service like Gmail or Yahoo may not be enough: Barracuda looks at the IP address of the computer where the message was composed, not at the one of whoever is forwarding that message to the Internet.

Is there a solution?

IAPs customers, that is the end users who only want to send and receive real email, can do little or nothing about this. The only way to not lose email for this reason is to demand from your network administrators or access providers a more professional approach to spam blocking.

In the first case, filters like Barracuda are certainly necessary, but they must be configured properly. Leaving somebody else (that is, whoever manages the Barracuda blacklists) free to decide by themselves, without any extra check, who is or isn't allowed to talk with you is a really dumb idea in and by itself, besides being really uneffective for the reasons explained above. Blacklists of IP addresses are very convenient, but should never be the only criterion to decide what is spam and what isn't.

When it comes to providers.. there are ways to detect, without violating privacy, if some customer is behaving like a spammer, that is if people start sending thousands of messages of a certain type, maybe because a virus hit their computers. All they should do is to temporarily block or greatly slow down the connection of whoever is behaving like a spammer, until they clean up their computer. Here's how.

A really effective way to “clean up your computer” to avoid becoming a spammer is to use the right software programs and operating systems. There is software that is, by its own nature, 100% safe from almost all spam-generating viruses around today, but also free of license costs, legally copiable and easy and fun enough that even mothers recommend it: try it!