Thursday, April 15, 2010

Emailreg.org is a scam

Barracuda ... The mere mention of their name strikes fear in the hearts of any email admin unlucky enough to have to do relay mail through one of their devices.

One of my customers today submitted a ticket with problems relaying mail to one of their customers using a Barracuda device. My customer's relay responds with this message:

#554 Service unavailable; Client host [XXXXXXXXXX.XXXXXXX.XXX] blocked using Barracuda Reputation; http://bbl.barracudacentral.com/q.cgi?ip=XXX.XXX.XXX.XXX ##


Ah, yes, the Barracuda Black List. Clicking on the link they provide takes you do a page where they tell you, "Sorry, your email was blocked....Barracuda Networks is not attempting to block your individual emails in particular. The repuation systemed uses automated algorithms for determining its results -- very similar to the anti-fraud mechanisms used for credit cards."


Yeah, whatever. You can put any IP address in the URL, and it will give you the same message for each one. It's a generic page they use to try to get you to buy into their Emailreg.org scam.

Clicking on the "Click here to register your domain" link and you have the ability to sign up and register your domains. Sounds great, right? Except for the $20 USD fee per domain registered.


For a while, Barracuda Networks denied that they had anything to do with Emailreg.org and said that they only used the list provided there to help determine what mail was spam. And, if you queried emailreg.org for the WHOIS information, it's obscured, so it's hard to know:

Domain ID:D152388600-LROR
Domain Name:EMAILREG.ORG
Created On:12-Apr-2008 21:40:49 UTC
Last Updated On:14-Mar-2010 12:46:16 UTC
Expiration Date:12-Apr-2011 21:40:49 UTC
Sponsoring Registrar:eNom, Inc. (R39-LROR)
Status:CLIENT TRANSFER PROHIBITED
Registrant ID:77b4c5687ae40560
Registrant Name:Whois Agent
Registrant Organization:Whois Privacy Protection Service, Inc.
Registrant Street1:PMB 368, 14150 NE 20th St - F1
Registrant Street2:
Registrant Street3:
Registrant City:Bellevue
Registrant State/Province:WA
Registrant Postal Code:98007
Registrant Country:US
Registrant Phone:+1.4252740657
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:tsbnwxhk@whoisprivacyprotect.com
Admin ID:77b4c5687ae40560
Admin Name:Whois Agent
Admin Organization:Whois Privacy Protection Service, Inc.
Admin Street1:PMB 368, 14150 NE 20th St - F1
Admin Street2:
Admin Street3:
Admin City:Bellevue
Admin State/Province:WA
Admin Postal Code:98007
Admin Country:US
Admin Phone:+1.4252740657
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:tsbnwxhk@whoisprivacyprotect.com
Tech ID:77b4c5687ae40560
Tech Name:Whois Agent
Tech Organization:Whois Privacy Protection Service, Inc.
Tech Street1:PMB 368, 14150 NE 20th St - F1
Tech Street2:
Tech Street3:
Tech City:Bellevue
Tech State/Province:WA
Tech Postal Code:98007
Tech Country:US
Tech Phone:+1.4252740657
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:tsbnwxhk@whoisprivacyprotect.com
Name Server:NS2.MYDYNDNS.ORG
Name Server:NS1.MYDYNDNS.ORG
Name Server:NS3.MYDYNDNS.ORG
Name Server:NS4.MYDYNDNS.ORG
Name Server:NS5.MYDYNDNS.ORG
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned

But alas, IP address information is not hidden from ARIN:

Network Information for: 64.235.146.64
--------------------------------------------------------------

OrgName: Barracuda Networks, Inc.
OrgID: BARRA-7
Address: 3175 S. Winchester Blvd
City: Campbell
StateProv: CA
PostalCode: 95008
Country: US

NetRange: 64.235.144.0 - 64.235.159.255
CIDR: 64.235.144.0/20
OriginAS: AS15324
NetName: BARRAUCDA
NetHandle: NET-64-235-144-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.P23.DYNECT.NET
NameServer: NS2.P23.DYNECT.NET
NameServer: NS3.P23.DYNECT.NET
NameServer: NS4.P23.DYNECT.NET
Comment: http://www.barracuda.com/
RegDate: 2006-10-31
Updated: 2010-03-04

RAbuseHandle: BARRA1-ARIN
RAbuseName: Barracuda Hostmaster
RAbusePhone: +1-408-342-5400
RAbuseEmail: hostmaster@barracuda.com

RNOCHandle: BARRA1-ARIN
RNOCName: Barracuda Hostmaster
RNOCPhone: +1-408-342-5400
RNOCEmail: hostmaster@barracuda.com

RTechHandle: BARRA1-ARIN
RTechName: Barracuda Hostmaster
RTechPhone: +1-408-342-5400
RTechEmail: hostmaster@barracuda.com

OrgTechHandle: BARRA1-ARIN
OrgTechName: Barracuda Hostmaster
OrgTechPhone: +1-408-342-5400
OrgTechEmail: hostmaster@barracuda.com

# ARIN WHOIS database, last updated 2010-04-14 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html

Sneaky. But, that's the way Barracuda is.

Thankfully, there's another way, although Barracuda devices may or may not look at it (I've not confirmed it either way). The method is called Sender Policy Framework, and it's free. The Sender Policy Framework relies on a DNS record to check which hosts are "permitted" to send email for a particular domain. Check out http://www.openspf.org for a wizard to help create your SPF record.

8 comments:

  1. Thanks alot aaron,

    My email were being blocked by Barracuda occasionally.

    I will take a look into SPF records. How are they supposed to help exactly ?

    ReplyDelete
  2. Hi I found this thinking the same thing - WTF is up with barracuda and emailreg.org - we are small hosting company and barracuda is blocking us over and over again BUT will not tell us why!

    ReplyDelete
  3. ibnsaeed - SPF records are basically a way to confirm that servers sending mail as your domain are authrorized to do so. SPF records are a specially formatted TXT DNS entry for your zone that lists the servers authorized to send mail on your domain's behalf. Check out http://www.openspf.org for more info.

    ReplyDelete
  4. DebCV - Barracuda Networks is the devil. As a consultant, I've found two things to be true: 1. people who have them love them and swear by them; 2. the rest of the world who tries to deliver mail through them would rather gnaw off their own arm.

    As to why they are blocking you, I would check a few RBL sites to see if somehow your IP space has ended up on a black list (maybe one of your hosting customers was spamming someone). It's for that reason alone that we push our outbound mail (for both our company and our hosting customers) through Postini--we haven't been blacklisted in quite some time (well, outside of Barracuda) since switching to Postini.

    ReplyDelete
  5. How can we stop Barracuda from blocking our emails?
    Does the FCC have authority?
    Should we report them to State Attorney Generals?

    ReplyDelete
  6. @Joseph

    There are 4 things you can do to get your mail delivered to Barracuda customers:

    1. Ask for a temporary repreive. Once you follow the link in one of your Barracuda NDRs, you can submit a request to be taken off their list temporarily. You may want to see if you are indeed spamming from your IP address or range. Of course, if you've checked other RBL/SBL sites and don't find yourself on them (and it's highly unlikely that you're only spamming Barracuda customers), you're only giving yourself a brief window.
    2. Change your IP address.
    3. Become a part of the scam and pay your emailreg.org tax (which will allow you the ability to send to all Barracuda customers).
    4. Ask your customer/vendor/whoever to add you to their whitelist.

    No, I don't believe the FCC has any authority. Email communication is largely outside the scope of the FCC's enforcement ability (which I'm personally OK with).

    As far as reporting them to the State Attorneys General, that's definitely a long shot. Their devices and services have been purchased by customers who wish to limit incoming mail. You have now found yourself limited. :-) Were you to make a claim or a suit, I'm sure Barracuda would respond with blather about how you can use one of their approved methods (stop spamming, new IP, pay for emailreg.org, get whitelisted by your customer) to get mail delivered to their customer (who is obviously satisfied with the device/service in question or they would no longer be employing it).

    ReplyDelete
  7. Well, I would check a few RBL sites to see if somehow your IP space has ended up on a black list.
    -
    URL: http://www.toponlinefax.com

    ReplyDelete
  8. Today I have read three scam emails. Now a day, more fraudulent happening. So we should aware on that. Domain India

    ReplyDelete