Email “Protection Racket”?
April 28, 2009
Today I received a rather alarmed email from one of my customers who’s on the faculty at a large research university here in the US. Apparently, email originating from the server I’m maintaining for this customer is being bounced by the mail servers at the educational institutions that are users of our software.
Examining the bounce messages, I find that they’re originating from anti-spam appliances sold by Barracuda Networks, Inc. Each bounce message contains a URL pointing you to an explanatory web page, which indicates that the messages are being bounced because the outgoing email servers for the Engineering department at this large university have been listed in Barracuda’s “bad reputation” blacklist. There is a laundry list of reasons cited as to why these mail servers may have been listed, but no clear indication of the actual offense that caused these specific servers to be listed.
However, there is this little highlighted tidbit on the web page:
One way to get your email through spam filters even if you are listed on the BRBL is to register your domain and IPs at EmailReg.org. Email administrators can configure their systems to use EmailReg.org to apply policy to inbound email. Emails from domain names and IP addresses that are properly registered on EmailReg.org can be automatically exempted from spam filtering defense layers on Barracuda Spam Firewalls, preventing your email from being accidentally blocked.
Surfing on over to EmailReg.org I discover that getting your server address “properly registered” requires a $20 “administrative charge”– apparently per server. Furthermore, it seems that EmailReg.org is at least receiving hosting equipment from Barracuda Networks. There is little other information to be found regarding who exactly is behind EmailReg.org.
But let me tell you what it smells like to me– it smells like a “protection racket” being run by Barracuda Networks. They can add arbitrary senders to their “bad reputation” blacklist and then prominently advertise the services of EmailReg.org as a mechanism for being removed from the blacklist. Judging by the number of bounce messages my client is receiving, being blacklisted by Barracuda devices cuts you off from sending email to a significant number of organizations. Many companies, even legitimate senders, will likely pay the $20 just to avoid the hassle. If, as I suspect, Barracuda Networks is receiving some commercial gain from EmailReg.org, then this is conduct of the lowest order.
I have filed a complaint with the US Federal Trade Commission, asking them to investigate this matter. I urge everybody who has had similar experiences to file similar complaints with the appropriate organization for your jurisdiction.