I wanted to share this with people who are blasting their resume's out to potential employers because they may not realize that they're setting themselves up to have their email address flagged as SPAM.  That isn't necessarily to say that sending out a bunch of resume's to employers necessarily constitutes SPAM, but that point may not be clear to the candidates sending the emails, especially if a SPAM protection company purports that it is SPAM.

A former recruiter, who is also seeking computer certifications at a school I'm attending, recommended that, in these times of high unemployment, I should be sending my resume' to businesses other than just those who are actively advertising positions available.  After about my 4th resume' I received an email from the email agent saying that my emailed resume' had been snagged and rejected by Barracuda Central (see redacted message, in part, below).

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

  xxxxxxxxxxx@xxxxxx.xxx
    SMTP error from remote mail server after RCPT TO:<xxxxxxxxxxx@xxxxxx.xxx>:
    host smtp.xxxxxx.xxx [XXX.XXX.XXX.XXX]: 554 Service unavailable; Client host [host2.xxxxxx.xxx] blocked using Barracuda Reputation; http://bbl.barracudacentral.com/q.cgi?ip=208.71.173.234

------ This is a copy of the message, including all the headers. ------

Return-path: <employment@johndodrill.name>
Received: from localhost ([127.0.0.1])
        by XXX.XXX.XXX.XXX with esmtpa (Exim 4.69)
        (envelope-from <employment@johndodrill.name> )
        id 1RMwxW-0006zn-Pf
        for xxxxxxxxxxx@xxxxxx.xxx
; Sun, 06 Nov 2011 00:16:02 -0700
Received: from XXX.XXX.XXX.XXX ([XXX.XXX.XXX.XXX]) by johnswebpage.com (Horde
 Framework) with HTTP; Sun, 06 Nov 2011 00:16:02 -0700
Message-ID: <20111106001602.91855d0afggie8g8@johnswebpage.com>
Date: Sun, 06 Nov 2011 00:16:02 -0700
From: employment@johndodrill.name
To: XXXXXXX XXXXXXX <xxxxxxxxxxx@xxxxxx.xxx>
Subject: WPIB
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="=_889s6izk8esc"
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.3.9)

What the message (554 Service unavailable) really says is that Barracuda Central (of Barracuda Networks SPAM Firewalls) purports that the IP address your hosting company has assigned you has a bad reputation for SPAM, so the recipient host sent a message back to my own hosting company to block the sending of my resume'. 

Curious, I followed the link http://bbl.barracudacentral.com/q.cgi?ip=208.71.173.234 where a Web form asked for a reason why Barracuda should exempt my email address from being blocked.  How about "I've had this IP for about 8 months now and Barracuda should be actively and responsibly updating, periodically resetting its IP SPAM list"?  How about "I'm actively seeking employment during these times of double-digit unemployment which have spanned the last 2½ years"?  How about "I typically send less than 100 emails all year long"?  Would these be good reasons?

Having written a more restrained and more professional explanation, I then had to get past Barracuda's "captcha" security picture (two shown below at the original size), which is no small feat in itself.  What I recommend here is that you right-click the picture, paste it into paint, and then enlarge it so that you can decrypt it, enter the jumbled up text, and get on with your life.


Having successfully submitted my explanation, the Web site wanted me to register my email with emailreg.org. 


Emailreg.org also offers a service (http://www.emailreg.org/index.cgi?p=lookup) wherein you can allegedly look to see why your email was blocked by Barracuda. That Web form seems to only work on Internet Explorer and then only sometimes.  After timing out several times, it finally returned the reason for rejecting my emailed resume':

Email Sender Lookup

Lookup Results

Domain to Lookup:

johnswebpage.com

IP To Lookup:

208.71.173.248

Status:

Not Registered

The domain johnswebpage.com is not registered with EmailReg.org.

Seriously?  My emailed resume' was rejected because I didn't register it with Barracuda?  My own hosting company, that I'm paying to host my Web site and email services, did this to me?  Maybe not.  I've been using this IP address now for about 8 months and there has been no mention of SPAM from any of our sites.  So why so suddenly?  Is it possible that EmailReg.org and BarracudaCentral.org are sending these messages out as SPAM themselves?  Read on.

I considered registering my email with emailreg.org but then I thought back to the last email I received from Russian and Nigerian scammers.

X-Account-Key: account24
X-UIDL: UID2786-1251272868
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-path: <0-ka@fsuimail.ferris.edu>
Envelope-to: employment@john.dodrill.name
Delivery-date: Fri, 04 Nov 2011 12:44:12 -0700
Received: from 93-86-75-172.dynamic.isp.telekom.rs ([93.86.75.172])
    by host2.cookieshostshop.com with esmtp (Exim 4.69)
    (envelope-from <0-ka@fsuimail.ferris.edu> )
    id 1RMPgR-0002XZ-VQ
    for employment@john.dodrill.name; Fri, 04 Nov 2011 12:44:12 -0700
Received: from 93.86.75.172(helo=john.dodrill.name)
    by john.dodrill.name with esmtpa (Exim 4.69)
    (envelope-from )
    id 1MM8YT-9302ru-V7
    for <employment@john.dodrill.name>; Fri, 4 Nov 2011 20:44:14 +0100
From: <employment@john.dodrill.name>
To: <employment@john.dodrill.name>
Subject: Part-Time Work
Date: Fri, 4 Nov 2011 20:44:14 +0100
MIME-Version: 1.0
Content-Type: text/plain;
    charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: bgeov 63
Message-ID: <0516155246.687RCAPQ189827@nwifwrbhzvv.ydhsrnndzrmol.ru>

We have an excellent opportunity for an apprentice applicant to join a rapidly expanding company.

I thought to myself:

"I have an accurate SPF (Sender Policy Framework) record implemented in DNS and I still receive emails allegedly from my own email address that I didn't send.  Do I want emailreg.org to have my name so they can pointedly blame me for sending these scam emails?" 

I actually clicked on the link to see what was up (see picture below).



According to other blogs around the Web, emailreg.org, Barracuda Central, et al, wants $20.00 per domain to register your domain name with their white list, which they say "...does not have any impact on Barracuda Networks block lists".  Here's the entire statement I found at emailreg.org's Web site at http://www.emailreg.org/index.cgi?p=news&id=4:

Emailreg.org will not get you delisted from Barracuda Block List (BRBL)

Posted on 2009-04-13

There appears to be some confusion that EMAILREG.ORG is a way to get off of some of the Barracuda IP Block lists (BRBL). This is not the case. Emailreg.org is primarily a whitelist of IP's with domains. It does not have any impact on Barracuda Networks block lists such as the BRBL. If you want to be delisted from a Barracuda Block List please contact Barracuda Networks at their technical site: www.barracudacentral.org.

Other blogs say the price is as much as $30 per domain per year to register your domain and white list your emails with no guarantee that your emails won't be blocked by Barracuda Networks' SPAM Firewalls.  According to emailreg.org, however, the price is "only" $20.00.  It seems reasonable to speculate that the price depends on the type of business you say you're conducting from your Web site when registering the domain with EmailReg.org.  (There was no selection for "this is my personal Web site".  You must declare yourself to be a business in order to register your domain name with EmailReg.org.)

This raises the question as to whether Barracuda Networks manufactures and charges for a "SPAM firewall", that seems to summarily block emails based on some supposed "reputation" that Barracuda Networks claims, and then charges netizens to remove their domains from the lists which allegedly get their email blocked, thereby collecting on both ends of the deal: those who do not want to receive SPAM and those who do not want their emails flagged as SPAM.  There certainly is evidence that this is the case in the sense that the link in the rejection email takes you to a page which recommends listing your domains with emailreg.org without noting, in any part of the whole process of registering your domain, that such registration of your domain with EmailReg.org does not have any impact on Barracuda Networks block lists.  In fact, when you click on the link in the rejection email, what Barracuda's Web site (http://bbl.barracudacentral.com/q.cgi?ip=) explicitly says is exactly the opposite:

One way to avoid having your email inadvertently blocked is by registering your domain and IP address at EmailReg.org.  Emails from domain names and IP addresses that are properly registered on EmailReg.org can be authomatically exempted from spam filtering defense layers on Barracude SPAM Firewalls and other anti-spam solutions, preventing your email from being accidentally blocked.

Additionally, I found after checking back with Barracuda, one of the removal request screens  shows the message:

• Barracuda Reputation System honors domains registered at EmailReg.org. If you want to avoid email with your domain and IP being inadvertently blocked, you can register your domain at EmailReg.org.

Still, EmailReg.org, which by all accounts is Barracuda Networks, claims:

There appears to be some confusion that EMAILREG.ORG is a way to get off of some of the Barracuda IP Block lists (BRBL). This is not the case. Emailreg.org is primarily a whitelist of IP's with domains. It does not have any impact on Barracuda Networks block lists such as the BRBL. If you want to be delisted from a Barracuda Block List please contact Barracuda Networks at their technical site: www.barracudacentral.org

I can certainly see why there would be "some confusion".  Two companies which are, by all accounts, the same company, which link exclusively to each other in the course of their normal Web business, make conflicting claims about what you will get for your $20.00 per domain per year. 

As to whether they are the same company, EmailReg.org makes the claim, on their Web site http://www.emailreg.org/index.cgi?p=about:

We are still not covering our costs and any donations would be greatly appreciated. We have received support from Barracuda Networks and a few other people, and are thankful to them.

What the site does not say, is what Barracuda Networks' relation to EmailReg.org is.  That's shrouded in mystery. While BarracudaCentral.com links to both EmailReg.org and to BarracudaNetworks.com, the registration of the EmailReg.org domain name is hidden behind Whois Privacy Protection Service, Inc.  The relationship between BarracudaCentral.com and BarracudaNetworks,com, BarracudaWare.com and BarracudaLabs.com is not hidden in the domain registrations.  You also won't get a clue as to who owns EmailReg.org from the EmailReg.org "About" Web page or from the EmailReg.org "Contact Us" Web page either.

This certainly does give the appearance of impropriety: that BarracudaNetworks.com sells SPAM firewalls to well-intended industry "designed to protect your email server from spam...", while bbl.BarracudaCentral.com sells EmailReg.org's white list and claims this service will "avoid email with your domain and IP being inadvertently blocked", and while EmailReg.org charges for their services but displays a disclaimer that "Emailreg.org is primarily a whitelist of IP's with domains. It does not have any impact on Barracuda Networks block lists such as the BRBL". 

How convenient.  There is no provable link between EmailReg.org and BarracudaNetworks.com, so BarracudaCentral.com might "just be mistaken" in their claims about EmailReg.org, even though someone at someone at BarracudaNetworks.com ought talk to BarracudaCentral.com, especially in that BarracudaCentral.com has taken up the task of exempting IP's and domains who rightfully complain about being blocked..  EmailReg.org, for all appearances' sake, is "responsibly" claiming "There appears to be some confusion...", of course after they've already accepted your funds for what you were told by BarracudaCentral.com would buy you protection from having your emails rejected by BarracudaNetworks.com's SPAM firewalls. 

Does this seem to anyone else that this company is selling protection reminiscent of a protection racket?  Well, can we say that there is benefit to businesses to offset the rather questionable practices in that BarracudaNetworks.com firewalls protect businesses?  Not at all.

ComputerWorld (April 11, 2011 08:54 PM ET --By Robert McMillan):
Hacker Breaks Into Barracuda Networks' Database.

IDG News Service - A hacker has broken into a Barracuda Networks' database....

The hacker, who called himself Fdf, posted proof of his attack to the Web on Monday, showing e-mail addresses of company employees and names, e-mail addresses, company affiliations and phone numbers of sales leads registered by the company's channel partners.

After a couple of hours of probing, the hacker found a SQL injection flaw -- a common Web programming error.

Barracuda, however, responds that "...the Barracuda Web Application Firewall, that was supposed to protect the site, had been taken offline for maintenance". 

Of course there's no reason in the world to believe that a network firewall and security company wouldn't take their own application firewall off line and leave their server unprotected, is there?  Nonetheless, the story does raise questions as to how did the hacker even get as far as the point where the application firewall was.  Neither practice, taking their own application firewall off line or exposing the application firewall directly to the Internet, says Barracuda security is capable of consistently doing much other than blocking your and my emails.

Immediately, I find the links to some of these other folks, who are much of the same opinion, just disappearing, so I put some of the links right into the text.  At least whomever is doing this has some talents....

UCEPROTECT-Network Spam List, Is This Extortion?
"Their practices are bordering on extortion."

BarracudaCentral – another blacklist black hole
http://steve.heyvan.com/2008/11/06/barracudacentral-another-blacklist-black-hole/
"...I now find our mail servers at the mercy of BarracudaCentral.  Yet again, here is an organization totally unwilling to work with fellow mail administrators and unresponsive to phone calls or requests for information.  I have no idea how, when or why my domains have been blacklisted...."

Quilting Tizzy
Barracuda has determined that my IP address has a  “poor reputation” and is a spammer.  What?????  I’m not a business that sends out hundreds of messages to clients.  I’m not a spammer.  I am one person and I send mail from a *personal* account.   Can you say “EXTORTION” !!!!!

The Black Art of Black Lists.
"I consulted a list of blacklists and found we were given the 'all clear' by over 100 such lists, but were blacklisted by two: a no-name I've never heard of, and Barracuda networks."

jonsnetwork.com
"It is NOT free of charge! They charge you an ‘adminstration fee’ of $20 to register with their site… this is extortion! How are they allowed to get away with this???!!!! I run a legitimate business and do not send spam. They show me as being blocked simply because I am not registered with them!!! Well,… I refuse to pay an extortionist’s fee in order to be ‘unblocked’! They’d better get their act together, because I’m about to seek legal counsel."

Barracuda E-mail Scam
Barracuda Networks, known for their spam filtering devices, has apparently created a separate company which charges $20.00 to allow your email to be passed through their blocking lists, in what is essentially extortion.

Biggest. Spam Scam. Ever.
Effectively, this means that you have to pay $20 per year to send email to people on domains that use this service to verify email authenticity. This wouldn't be that big of a deal if EmailReg was the definitive source for this information, or if they had some new and brilliant technology, or if there weren't any other good solutions. Instead, EmailReg is nobody, their product is a whitelist (albeit with two parameters – domain and IP), and there are a hundred other, perfectly viable anti-spam techniques. Somehow, they've managed to get a major corporation (Baracuda) on board and they're now gouging people to send e-mail – something which is supposed to be free.

I salute the businessman who came up with this idea and the salesman who got Barracuda on board.

Beyond that, I'm furious.