Barracuda has a new product that is clearly selling well: I am unable to send email to an increasing number of people.
I am one of those people who doesn’t instinctively trust all my data to Google; I run my own email rig. That rig is a machine parked in a good colocation facility, which accepts email submitted via SMTP-AUTH and routes it out for me. There’s an SPF record and everything.
Barracuda’s product implements the clever trick of looking at the Received: header to see where my mail server got the email from. They can see the email is originating from a home DSL IP before going to my colo, which surely means I’m a member of a botnet. They have also banned most of the Rogers/Fido wireless network, so email off my iPhone is rejected even though it follows a similar route.
The difference between my email and spam email is that it goes through a system which has a good reputation, which has an SPF record to authenticate its right to send email on behalf of people in my domain name. This is clear from the Received headers, and and the fact Barracuda is getting a connection from that machine.
This bug can be worked around by using gmail or presumably any other vaguely reputable email hosting service. Even though gmail discloses my home IP address in headers as well, Barracuda have seen fit to give webmail services an exception.
Fix your stupid software, Barracuda. You’re ruining email.
Headers below. Scenario: 220.127.116.11 spooled email onto jane.tinyplanet.ca via SMTP, which has spooled up the email for delivery to someone @demandmedia.com, which is using Barracuda Reputation. jane is permitted, via my SPF, to route mail out for @tinyplanet.ca.
host mail.demandmedia.com [18.104.22.168]: 554 Service unavailable; Client host [jane.tinyplanet.ca] blocked using Barracuda Reputation; http://bbl.barracudacentral.com/q.cgi?ip=22.214.171.124
------ This is a copy of the message, including all the headers. ------
Received: from 75-119-229-140.dsl.teksavvy.com ([126.96.36.199] helo=[10.0.1.3]) by mail.tinyplanet.ca with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1QZieP-0000y6-CK for firstname.lastname@example.org; Thu, 23 Jun 2011 08:04:49 -0400
From: Stephen van Egmond <email@example.com>
Date: Thu, 23 Jun 2011 08:05:07 -0400
X-Spam-Status: No, score=-2.2 required=5.0 tests=ALL_TRUSTED,BAYES_00,
TVD_RCVD_IP autolearn=ham version=3.3.1