Tag: Email Security

DMARC Monitoring Tools Comparison

I’ve been testing DMARC monitoring tools in order to get my personal and work domains to DMARC enforcement. Here’s what I’ve learned from testing a handful of different services.

Valimail

Valimail may have the best available product, but I believe they have priced themselves out of the small business market. I received a demo but did not have a chance to use their product hands on. Their SPF macro expansion tool is impressive and having them fully manage your SPF and DKIM DNS records is incredibly convenient.

Fraudmarc

Fraudmarc does not provide enough detail to fully understand why your email sources are not compliant. For a given source, it tells you if it was SPF and/or DKIM aligned, but if it isn’t it doesn’t tell you whether it was aligned to another domain or none at all. They do provide an appealing SPF flattening tool called SPF Compression. They provide a free plan for “low message volumes.”

DMARC Analyzer

DMARC Analyzer has an attractive website that adequately conveys which of your sources are compliant or why they are failing. It requires more clicking to expand details than I would like, but it’s functional. They provide a free plan for up to 100k monthly DMARC complaint messages.

250ok

250ok provides a suite of tools to help monitor and improve your email deliverability. Their DMARC reporting interface requires a little too much mousing over to see details, but it’s functional. Unfortunately, their system doesn’t differentiate between a message that passes SPF and/or DKIM and is aligned with DMARC. For example, a non-whitelabled email sent with SendGrid could pass SPF with domain sendgrid.info, but it would fail DMARC because the from address says lundscape.com. 250ok considers this DMARC compliant even though it is not. 250ok says these messages are ARC compliant, but their system doesn’t yet have a way to convey that to the user. (See below.) 250ok’s own domain is also not set to enforce a policy.

Dmarcian

Dmarcian’s user interface is a little rough around the edges, but it does the best job of conveying which of your sources are complaint, which are failing, and why they are failing. They provide a free plan for up to 10k monthly DMARC compliant messages and up to two domains (sub-domains are counted separately). (A few months ago the limit was 100k monthly emails, and then they dropped it to 50k monthly emails. 10k monthly emails seems to be a very recent change.)

ARC Support

ARC is a method of validating forwarded emails that would otherwise fail DMARC validation. It’s still not fully supported, but more mailbox providers seem to be recognizing it. As I stated above 250ok is parsing it but not yet doing a good job of showing the results. DMARC Analyzer says it’s on their roadmap, but they have not yet implemented it. Dmarcian was not aware of ARC and seemed skeptical even though I provided them with links to the specification. I do not know the status of ARC support for Valimail or Fraudmarc.

Conclusion

Overall Dmarcian seems to provide the most useful analytics for low volume domains or at a reasonable price. If you are looking for a free option or need to monitor a lot of (sub-)domains, DMARC Analyzer may be a better choice.

Barracuda Email Security Service Review

I used the Barracuda Email Security Service for the majority of the month of October 2012 to filter spam for our secondary domain name. During that period of time, we received almost 11,600 emails. Roughly 2,000 were allowed through; 8,600 were blocked, and 1,000 were quarantined. Of the 2,000 allowed, I estimate 600 of them were actually spam.

Technical Support

All calls to Barracuda technical support are routed through receptionists that only take your information and create tickets. I first called one morning and didn’t get a call back until 5:30 pm that evening after I had left for the day. When I called in the next morning to speak with a technician, I was put back in the queue and did not receiving a call until the following morning. The total time to begin addressing my issue was close to 48 hours.

Spam Filtering

I regularly reviewed the last block of 50 emails that Barracuda allowed to pass through. Of those 50, typically 15 (30%) were missed spam. (The number of missed spam ranged from 7 to 27 out of the 50.) Many of the subjects of the messages allowed through contained words that were obviously spam (think improving oneself in bed). Even after ratcheting up all of the custom scoring settings, too many messages were still getting through. To their credit, I was not able to find any false positives. All messages marked as spam were definitely spam.

The Barracuda ESS does provide a mechanism to mark messages as spam. However, it provides no useful feedback to indicate that the message is now spam. Therefore, you could easily mark the same message as spam 3 or 4 times if you
reviewed the same block of emails more than once.

Setting up custom policies to filter messages was rather limited. My only options were to enter keywords and then specify if messages matching those criteria should be allowed, blocked, or quarantined. I would have expected some fuzzy logic to handle a phrase like “orders of magnitude,” which could refer to effect of the male enhancement pills or just how off the sales projections were.

Virus Filtering

It is unclear what kind of virus scanning the Barracuda ESS is performing as it allowed through at least two zip archives containing suspicious executable applications masquerading as DHL shipment invoices.

LDAP Synchronization

LDAP integration from our Active Directory domain to the Barracuda ESS worked reasonably well. I created a non-privileged user on our domain for Barracuda to use, opened a hole in our firewall, and specified the base DN for synchronization. Unfortunately, there was no way to filter our AD contacts that did not have SAV email addresses. The Barracuda ESS also pulled in all email addresses including our internal domain savtrans.local which is not actually used for email. A simple filter could have easily prevented loading of this bogus information.

If I had chosen not to use LDAP synchronization with the Barracuda Email Security Service, all of my users would have need to verify their accounts and all corresponding email addresses one by one. I believe an administrator should have the ability to load aliases without having to manually verify each one.

Summary

While the Barracuda Email Security Service is priced below the competition, I believe the competition offers a superior product. Their major outage on October 22, 2012 brought out a lot of complaints about the service in their forum. I do believe they have now stepped up their game, especially in the communication department, but I still can’t recommend them as a service that does a good job of filtering spam.