It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Email Gateway Defense
formerly Email Security

Understanding the Message Log

  • Last updated on

The Message Log serves as a comprehensive record, capturing both incoming and outgoing messages to and from your domain(s).

This log provides valuable insights into the operation of your current configurations and policy settings within Email Gateway Defense.

Utilize the data within the log to effectively fine tune your policy configurations.

Messages are deleted after 30 days.

Filter the Message Log

When viewing the global Message Log, you can choose to view only Inbound or only Outbound mail using the Message Log Filter. You can filter on All, Allowed, UI Delivered, Email Continuity, Not Allowed, Blocked, Deferred, or Quarantined messages. For details on each of these actions, see Message Actions. Filter messages using the Advanced Search feature to quickly view email by allowed, deferred, quarantined, encrypted (outbound), or blocked messages by domain, sender, recipient, time range (last 2- 30 days), envelope to, envelope from, reason, action taken (see Message Actions), date or subject. 

The User Message Log is less comprehensive than the global, administrator's Message Log. For example, users cannot see outbound mail in their Message Log.

For more information about filtering messages, see Filtering the Message Log. You can also click the Help icon on the Message Log page at the global level or after logging into a User account.

Note that the Message Log display time zone is based on the Barracuda Cloud Control administrator account settings.

  • Use the My Profile > Time Zone Details in Barracuda Cloud Control to set the time zone for an individual user’s account.

  • Use the Admin > Options > Time Zone Details in Barracuda Cloud Control to set the time zone for all administrators and end users in this account.

Create Saved Searches

You can save a search so it is convenient to use in the future.

To create a saved search:

  1. Do one of the following:

    • Enter a search term in the Search box, then click Search.

    • Click Advanced Search, enter one or more search terms, then click Search.

  2. Click Saved Searches. In the blank space, type a name for your search, then click Save. Confirm you see the search you just created in the list.

  3. When you are ready to run a saved search, click Saved Searches, then click the name of that saved search.

To delete a saved search, in the Saved Search panel, click Remove.

Incorrectly Blocked or Incorrectly Delivered Messages

Occasionally Email Gateway Defense might incorrectly block (or allow) an email, relative to the policies you have set. You can tune the Advanced Spam Detection Scoring levels on the Inbound Settings > Anti-spam Antivirus page by selecting Custom and adjusting the score for each category based on what type of mail you consider to be spam.

Occasionally, Email Gateway Defense might incorrectly block or allow a message based on Barracuda Networks settings. Reporting these messages helps improve spam detection. Use the following buttons on the Message Log page (both at the global level and the user account level) to mark a message and have it sent to the Barracuda Networks team for further review.

When you report a message as incorrectly blocked or incorrectly delivered, in addition to the submission confirmation, you will also be asked to provide additional details as to why you think that message was incorrectly delivered or incorrectly blocked. If you choose to provide these details, you will be redirected to a feedback response form to select a reason from a list of options or to type in a reason. Your feedback is extremely important to us. Providing additional details will help us improve our systems and allow better understanding of your email preferences.

Note that reporting this message does not automatically block or deliver all messages from this sender. To immediately allow or block certain email addresses or domains, you can create a sender policy on the Inbound Settings>Sender Policies page.

  • Report as Incorrectly Blocked – Message should have been delivered. This includes messages that are not spam.

  • Report as Incorrectly Delivered – Message should have been blocked. This includes spam messages.

Incident Response Users: Messages you mark as Incorrectly Delivered appear in the User-Reported Emails page, where they can be investigated and remediated if needed.

Deliver Messages to Recipient

You can click Deliver for one or more selected messages in the Message Log if you decide the message is valid.

  • If a message is successfully delivered, a new message entry appears in the Message Log with the Delivery Status of UI Delivered.

  • If a message cannot be delivered, you are notified by a message in your browser. A new message entry appears in the Message Log with the Delivery Status of Not Delivered.

If the Reason field for a blocked message displays as Advanced Threat Protection, you cannot immediately deliver the message. See Advanced Threat Protection Reports for details.

If delivered messages are not making it to the recipient's mailbox, it may be due to a filter on your mail server or a service on your network catching the mail as spam. Check your local trash/spam folder to locate the mail.

User's Message Log
Individual users have an additional option to remove selected messages from their personal Message Log. The user can select one or more messages, and click Delete.

Message Details

Click on a message in the table and its Action and Reason display below. Click Show Details in the message header to view additional information including IP address, recipients, and delivery status. The administrator (or user, when viewing their own account) can then elect to View the entire message and take actions on the message. The words Includes Other Recipients in the Message Details link indicate that the message was sent to multiple recipients or distribution lists. The individual addresses are listed in the message details.

If your Message Log shows an email message with a subject of Message has no content,  this is due to a failed connection. Email Gateway Defense now logs all failed connections. The record for a failed connection shows the from/to data, but the log entry does not have any header or body content. As a consequence, mail that is malformed or is addressed to an invalid recipient displays in the logs with the Message has no content in the Subject line.

Message History

Each record in the message log represents a separate event. For example, if a message is not initially delivered, but is successfully delivered later, there are at least two events – one for the initial error and another for the delivery – and possibly additional events for retrying the delivery. It can be helpful to see all of the events related to a single record in one place.

The Show Message History button displays in the Reading pane. The Reading pane control is at the top of the Message Log. Select Right or Bottom to choose where you want the Reading pane to display.

To view all events associated with a single record:

  1. Select a record.

  2. In the Reading pane, click Show Message History.

    • The Message Log populates with all records related to the original record you selected.

    • If the record has no content, as described in the note above, Message has no content displays and Show Message History does not display.

    • If there are no related records, only the record that you selected appears in the Message Log.

  3. Optionally, click Hide Message History to return to the Message Log.

Investigating and Remediating Emails

This feature is available if you are using Incident Response and have at least one Microsoft 365 account associated with Barracuda Email Protection.

If you find a questionable email in the message log, you can move seamlessly from Email Gateway Defense to Incident Response to investigate it.

To find messages similar to the questionable email:

  1. Log into Email Gateway Defense as an administrator.

  2. In the Message Log, find the questionable email and click it to view its details.

  3. Click Search for similar messages. The Incident Response wizard opens in a new browser tab.

  4. Continue with the wizard, as described in Creating an Incident. Note that the fields in the wizard are pre-populated with the information from the email in the message log.

With Incident Response, you can find similar emails, then if needed, take action to remediate any issues, including removing emails from users' mailboxes and creating policies to block senders. Refer to Incident Response Overview for details.