It seems like your browser didn't download the required fonts. Please revise your security settings and try again.


As of March 1, 2022, the legacy Barracuda Essentials Security, Compliance, and Complete editions are no longer available for purchase. Only existing customers can renew or add users to these plans.

Following October 30, 2022, the documentation and trainings will no longer be updated and will contain outdated information.

For more information on the latest Email Protection plans, see Barracuda Email Protection.

To update your bookmarks, see the following for the latest documentation and trainings:

Note that MSP customers should continue to follow Barracuda Essentials for MSPs.

IP Analysis - Inbound

  • Last updated on

When entering an IP range in the Barracuda Email Security Service, it is critical that the starting IP address is valid. For example, the following table shows an invalid and the corrected IP range:

Invalid (IP – Netmask)Correct (IP – Netmask)
  • –  (256 address range)
  • –  (4096 address range)
  • –
  • –

Additional Resource

To find the correct starting and ending IP addresses in a range,

  1. Go to the MXToolbox Subnet Calculator.
  2. Enter an IP address in your range and the netmask, and click View Subnet to view your starting IP address.

If you make setting changes, allow a few minutes for the changes to take effect.

Create Custom IP Policies

Once the true sender of an email message is identified, the reputation and intent of that sender should be determined before accepting the message as valid, or "not spam". The best way to address both issues is to know the IP addresses of trusted email senders and forwarders and define those as exempt from scanning by adding them to a list of known good senders.

Add exempt/trusted sender IP addresses and block those you know are not trusted on the Inbound Settings > IP Address Policies page.

Barracuda Networks does not recommend exempting domains because spammers may spoof domain names. When possible, it is recommended that you exempt by IP address only.

You can create a list of Trusted Forwarders by specifying one or more IP addresses of machines that you have set up to forward email to the Barracuda Email Security Service from outside sources. The Barracuda Email Security Service exempts any IP address in this list from Rate Control, Sender Policy Framework (SPF) checks, and IP Reputation. In the Received headers, the Barracuda Email Security Service continues looking beyond a Trusted Forwarder IP address until it encounters the first non-trusted IP address. At this point, Rate Control, SPF checks, and IP Reputation checks are applied. Configure on the Inbound Settings > IP Address Policies page.