It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Why is mail being blocked by my Email Security Gateway for reason of Intent?

  • Type: Knowledgebase
  • Date changed: 3 years ago
Solution #00001581

This solution applies to all Email Security Gateways, all firmware versions.

The Email Security Gateway's Intent Analysis database is a list of known spammer URLs that are found within the body of spam messages. You can configure this option on the Basic > Bayesian/Intent (3.5.x and earlier) or Basic > Spam Checking (4.0 and later) page of the Email Security Gateway's web interface. Barracuda Intention Analysis attempts to match URLs in a message against a database of URLs from known spam. Blocking messages with such URLs has proven to be an effective defense against spam. What this means is that if an incoming email message contains one or more domains in the body of the email, and if at least one of those domains is in Barracuda's Intent Analysis database with a poor reputation, the Email Security Gateway will block that message and list the reason as Intent (<domain>) in the Basic > Message Log, where <domain> is the domain the Barracuda found to have a poor reputation.

Barracuda Intent Analysis can be configured to tag, quarantine, or block a message. Setting the Intent Analysis option to Tag or Quarantine may reduce performance as the Email Security Gateway continues to process the message in an attempt to filter possible spam using the stricter rules of other the spam scanning features. Barracuda Intention Analysis can also be turned off entirely, although this is not recommended.

A Email Security Gateway with Multi-Level Intent Analysis feature enabled will attempt to load the URLs in each message, even though the domain reputations are not poor, to see whether the destination website redirects traffic to another website whose reputation is poor. Enabling this option means the Barracuda will make frequent outgoing connections on port 80 to questionable websites, and as such may need to be exempted from any web filters or other devices that monitor or block outgoing port 80 traffic.

In addition to using the database of URLs that the Email Security Gateway receives from the Energize Updates on an hourly basis, the Barracuda can also communicate with Barracuda Central in realtime to check against the latest lists and block even the newest spam if the Realtime Intent Analysis option is turned on. Enabling this option can cause a slight increase in mail scanning time as network (DNS) lookups are performed. In other words, the Email Security Gateway will do a DNS lookup of each domain in the body of a given email and check its IPs against an IP list in real time. Realtime Intent Analysis blocks are displayed as Intent blocks in the Basic > Message Log with an asterisk (*) preceding the domain (in the Reason column); it will look like Intent (*<domain>), where <domain> is the domain whose IP address was blocked for Realtime Intent Analysis.

Additional Notes:
Firmware version 3.5.x and earlier:
You can configure these options under Basic > Bayesian/Intent.

Firmware version 4.0.x and later:
You can configure these options under Basic > Spam Checking

To disable this functionality, set the Intent Analysis, Multi-Level Intent Analysis, and Realtime Intent Analysis to No.

In the event of a false positive, please contact Barracuda Networks Technical Support. In the meantime, you can exempt the domain in question on your own Email Security Gateway by entering it on the Basic > Bayesian/Intent page in the URL Exemptions field and clicking Save Changes.

Link to This Page: