It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Global Settings

  • Last updated on

Login Message

Customize the message users see when they log into Barracuda PhishLine.

  1. Navigate to System > Global Settings.
  2. In the left panel, click Login Message.
  3. Enter the message you want users to see when they log into Barracuda PhishLine.
  4. Click Save.

DLP Activator

If your organization uses DLP (Data Loss Prevention) you might want to mark all Barracuda PhishLine emails with a customized string for reasons including:

  • preventing your users from forwarding Barracuda PhishLine emails outside of your organization
  • enabling your support organization to more easily identify Barracuda PhishLine emails, so they can address questions 

To append the DLP Activation String to all emails and smart attachments:

  1. Navigate to System > Global Settings.
  2. In the left panel, click DLP Activator.
  3. Set the DLP Activator to Enabled .
  4. Specify the string you want to add to all outbound PhishLine emails. The string can contain only letters and numbers, and cannot contain spaces.
  5. Click Save.

Barracuda PhishLine appends your custom text string to emails and smart attachments, formatted in tiny (0.1 pixel) white text, which is invisible on a white background. 

Custom Headers 

You can add up to four custom X-Headers to all of your outbound email messages for your organization's use, such as enabling your support organization to more easily identify Barracuda PhishLine emails.   

To append custom X-Headers to all of your outbound email messages:

  1. Navigate to System > Global Settings.
  2. In the left panel, click Custom Headers.
  3. Enter a Name and Value for an X-Header string.
  4. Repeat for up to four Name-Value pairs.
  5. Click Save

Advanced Domain 

If you are using your organization's own domain for training campaigns, enter it here. Refer to Customer Awareness Domain for Training for background and instructions on setting up your own Customer Awareness Domain.

To specify your own Customer Awareness Domain for campaigns:

  1. Navigate to System > Global Settings.
  2. In the left panel, click Advanced Domain.
  3. Enter the full domain and subdomain you created in Customer Awareness Domain for Training – usually in the format
  4. Click Save


Require all campaigns to be approved before they can go live. Note that this setting affects all campaigns; you can also set this requirement per individual campaign. 

  1. Navigate to System > Global Settings.
  2. In the left panel, click Approvals.
  3. Select the Campaign Approval Required checkbox. 
  4. Click Save.

Grant permissions for specific users to approve campaigns in User Management.

Outbound Sleep Time 

The system sends out campaign messages at random intervals to prevent suspicion. The outbound sleep time is the maximum time, in seconds, between each outgoing email the system sends.   

Levelized Campaigns

Set the default starting level for Program Calendar Terms, only used with Levelized Campaigns.
To learn about Levelized Campaigns, contact Barracuda PhishLine Support.

User Log Purge

With GDPR requirements, companies are now required to automatically purge user activity from their systems. This enhancement addresses one of those requirements by allowing the PhishLine system to automatically purge administrative user activity logs.

The default purge period is two years.

To change the purge period:

  1. Navigate to System > Global Settings.
  2. In the left panel, click User Log Purge.
  3. Set the User Log Purge Unit to either Month or Year.
  4. Select the number of months or years to retain records before purging.
  5. Click Save.

The latest purge results are displayed at the bottom of the User Log Purge section.

The purge process is run at least once a day.

Default Security Settings 

You can choose to block password changes if the passwords have not reached a specific age – or require a password change if a password has reached a specific maximum age. You can specify either one or both of the age settings.

All of the settings in this section are optional.

  1. Navigate to System > Global Settings.
  2. In the left panel, click Default Security Settings. 
  3. Adjust the settings for the following fields, as needed:
    • Minimum Password Age – Passwords younger than this value cannot be changed. 
    • Maximum Password Age – Passwords older than this value must be changed. By default, this value is 3 months, or 90 days. 
    • Disable Password Expiration for Accounts Using MFA –  Users with multi-factor authentication (MFA) do not have to change their password. By default, this check box is selected. 
    • Maximum Session Length – Session lengths longer than this value will expire automatically. 
    • Maximum API Key Expiration – API keys older than that age are considered to be expired. If an otherwise valid POST command occurs, but the API key is expired, the command cannot be executed. 
    • Maximum User Inactivity Period – Users who do not log into Barracuda PhishLine for that length of time are automatically deactivated. If needed, reactivate accounts on the User Management page. Select from 30, 60, 90, 180, or 365 days. By default, this value is Not Enabled.
  4. Click Save.

Data Retention Configuration

For data privacy and/or storage reasons, you can optionally choose to automatically delete your campaign and results data after a certain retention period. An email notification is sent to the address(es) you specify. If you choose to automatically delete your data, consider backing up your data in case you need it after it is deleted from Barracuda PhishLine system.

Note that Barracuda will not be able to restore your data once it has been deleted in this manner.

By default, this setting is Disabled.

To set up Data Retention Configuration:

  1. Navigate to System > Global Settings.
  2. In the left panel, click Data Retention Configuration.
  3. Specify the following settings:
    • Retention Period – Specify if you want to permanently delete your data after 1 year, 2 years, or 3 years. Select Disabled to retain your data indefinitely. Time period is measured from the Campaign Cutoff Date. Data retention deletion occurs on the first day of each month.
    • Retention Notification Weeks – Specify the time frame before the deletion you want to receive a notification email. Choices are 1 week, 2 weeks, and 3 weeks.
    • Retention Notification Email – Specify one or more email addresses to receive advanced email notification of the automatic data purging. Separate multiple email addresses with commas.
  4. Click Save.

The email notification provides you sufficient time to change or disable the data retention configuration, so your data is not purged without your permission. You can increase your Retention Period to a larger number, but you cannot combine time periods to increase the Retention Period past 3 years.

Filter List

Select whether you want to explicitly allow or block certain ISPs or IP addresses.

In the Filter List, enter one or more values for the block or allow list you just specified.

  • You can have a mix of IPs and ISPs in this list.
  • Separate multiple values with commas or line breaks.
  • Use asterisks (*) as wildcards.
  • For IPs:
    • Only IPv4 and Class C IPv4 blocks are supported.
    • To specify an IPv4 block, enter the first three octets and end with an asterisks. For example, 192.168.1.*.
  • For ISPs:
    • Use the full name or use a wildcard for a larger filter. For example, Acme Networks or Acme*.
    • Replace commas in ISP names with asterisks. For example, Acme, Inc. becomes Acme* Inc.


search terms - 2fa, two-factor authentication

Last updated on