Release Notes

• Email Gateway Defense now prioritizes DMARC results, even if no SPF record is present. Messages that fail DMARC and lack an SPF record will still be blocked or quarantined according to your Inbound > Sender Authentication > Block on No SPF Record settings.

• Email Gateway Defense now uses the header From address for DMARC exemptions, aligning with RFC 7489 standards and improving compliance.

• The new updated Email Gateway Defense admin user interface will be rolled out to all accounts soon, offering the same capabilities in a redesigned layout. For a limited time, administrators will have the option to switch back to the legacy UI if needed.

• Added audit data to syslog exports.

• Updated the syslog format to use the two service names, email and audit. For more information, see Syslog IntegrationPreview.

• New feature now available to exempt senders from bulk email.

  • Customers can now exempt specific email senders or domains from the Bulk Email filter. This functionality is now available in the new admin user interface, located under Email Gateway Defense > Inbound > Anti-Spam/Antivirus. For more information, see Bulk Email DetectionPreview.

• New converged Email Protection onboarding wizard now available!

  • The rollout of our new, simplified onboarding wizard for Email Protection customers and trials is now available. This update introduces a streamlined, step-by-step experience for setting up key features, including Email Gateway Defense, Impersonation Protection, and Incident Response. This marks a significant milestone in our efforts to enhance and unify the email protection user experience. Stay tuned for upcoming enhancements, including the ability to easily configure mail flow through Inline Deployment.

• New updated Email Gateway Defense admin user interface enabled by default for new customers and available for opt-in for all customers. See Updated User Experience for Email Gateway DefensePreview.

• Scheduled reporting is now available for Email Gateway Defense customers in the new admin user interface. This new capability allows you to automatically generate predefined reports and have them delivered straight to your inbox via email as a CSV attachment. Simply choose the report, timeframe, delivery frequency, and recipients. See Scheduled ReportsPreview.

• The new Email Gateway Defense admin user interface is now available for opt-in to 80% of customers. See Updated User Experience for Email Gateway DefensePreview.

• Machine detection learning models updated with extortion classifier, improving false positive and false negative rates for extortion emails. See Machine LearningPreview.

• The layout of the Email Gateway Defense Message Log has been improved to enhance usability on smaller screens.

• Email warning banners available in open beta to all customers. See Email Warning Banner MessagesPreview.

• New quarantine end user UI now available to all customers.

• Recalling encrypted messages is now available on Email Gateway Defense. See How to Use DLP and Outbound Mail EncryptionPreview.

• The Reported Email Tracker, which utilizes the Enhanced Feedback feature to report emails to Barracuda Networks, is now available in open beta for all customers. See Reported Email TrackerPreview. Closed-loop feedback for reported emails now available in open beta to all customers.

• Email warning banners available in open beta to a select group of customers. See Email Warning Banner MessagesPreview.

• New quarantine end user UI now available to 50% of our customers.

• An updated Microsoft 365 deployment guide now available, aligned with Microsoft Enhanced Filtering capabilities. See Step 2 - Configure Microsoft 365 for Inbound and Outbound MailPreview.

• Simplified and streamlined login experience for administrators and end users.

• Microsoft 365 inline deployment for Email Gateway Defense currently available in beta phase. See Microsoft 365 Inline DeploymentarchivedPreview.

• Email Gateway Defense is now available in the India AWS region. See Email Gateway Defense IP Ranges Used for Configuration and Email Gateway Defense Outbound IP Ranges.

• Machine learning detection models focused on spam, phishing, and extortion now available globally for all customers. See Machine LearningPreview.

• Machine learning detection models focused on spam, phishing, and extortion now available for US customers. See Machine LearningPreview.

• End users on the latest new end user interface will now see an updated sidebar menu for navigation. See Email Gateway Defense New User Interface User Guide.

• Machine learning detection models focused on spam, phishing, and extortion now available for UK customers. See Machine LearningPreview.

• Get a deep dive into Email Gateway Defense best practices and understand how to better utilize the capabilities the solution has to offer. See Email Gateway Defense Best Practices Guide.

• Install and configure the new Email Gateway Defense app in Azure AD. For more information, see How to Configure the New Email Gateway Defense App in Microsoft Entra ID.

• Added feature for SPF exemptions by domain. For more information, see How to Configure Sender Policy Framework.

• Added feature for GeoIP exemptions by email address/domain and sender IP address. For more information, see Regional Policies.

• Latest new end user interface now available with advanced authentication. The new interface is continually being rolled out to end users. For the new user guide, see Email Gateway Defense New User Interface User Guide.

  • With the recent changes, an administrator may need to grant consent to the Email Gateway Defense app for your organization. End users may also see a consent screen based on the security consent policies set in Azure AD by the administrator. For more information, see Viewing and Changing Consent Policies in the Azure Portal.

• The Email Gateway Defense API is now also available in the United Kingdom (UK) region. For more information, see API Overview.

• Increased the size of available outbound IPs for use by servers, allowing blocked mail to be deferred and retried from a different IP to successfully deliver mail. [BNESS-23533]

• Email Gateway Defense (EGD) UI outage incident report https://esstimeline.barracudanetworks.com/publications/incident-report-for-egd-ui-outage-on-may-22-2023.

  • As there was an extremely high number of affected customers and emails, Email Gateway Defense is unable to manually rescan and redeliver mail that was incorrectly blocked due to this incident. To help remediate the high number of emails, administrators can allow end users to redeliver their mail:

    1. The administrator signs into Email Gateway Defense. Under the Users tab, select Default Policy.

    2. For the Allow end users to view and deliver blocked messages, click Yes if the option was previously set to No.

    3. Click Save Changes.

• Users will now be able to login and deliver their incorrectly blocked mail.

  • Note that administrators must advise users to proceed with caution as this will potentially allow users to send mail that should not be delivered. If administrators are concerned about future user behavior, they can reset this setting to No after mail has been delivered from this incident.

• Added a temporary passcode authentication method feature to allow users access to their shared mailbox and distribution list accounts. Enable the feature on the Users > Quarantine Notification > Allow users to sign in with temporary passcode page. 

  • For more information, see Quarantine Notifications and Temporary Passcode Authentication. See also https://esstimeline.barracudanetworks.com/publications/temporary-passcode-authentication.

  • Note that the administrator feature under Users > Quarantine Notification >  Require login credentials to access quarantined messages has been removed.

• Auto-authentication has been disabled for end users from quarantine email digests. End users will now be required to authenticate before they can view their account and make updates to their quarantined emails.  

• In addition, the administrator feature under Users > Quarantine Notification >  Require login credentials to access quarantined messages has been enabled to Yes for all users and greyed out to ensure that all end users must log in to view their accounts. 

  • For more information, see https://esstimeline.barracudanetworks.com/publications/email-gateway-defenses-update-to-end-user-authentication.

• Barracuda Networks expands new end user interface to Email Gateway Defense. 

  • Notes:

    • This platform launch is a 1-for-1 migration from the old framework, which means that there are no new features/capabilities at this time, just a new “skin” or “look and feel.” However, this migration will allow us to add new features or make changes to our products much more quickly in the future.

    • This launch is for the end user portion of the product only. We’ve begun work on the admin interface and will have a beta version available for users to try.

    • This new interface will be rolled out slowly to end users over the next 4-6 weeks (beginning February 8th, 2023). For the new user guide, see Email Gateway Defense New User Interface User Guide.

    • Only accounts with a “User” role will see the new UI. If you have set a user as a “domain admin” or “helpdesk” role within EGD, they will need to be set to “user” in order to see the new UI. This is NOT the same thing as setting up an administrator through Barracuda Cloud Control.

• Fixed an issue where 5xx inbound/outbound cache causes emails to be blocked for invalid reasons. [BNESS-19949]

• Fixed an issue where Link Protection parsing does not handle domains that end with a dot (.) in some circumstances, allowing links to bypass link protect action. [BNESS-22377]

• DKIM checking handles multiple DKIM signatures as expected. [BNESS-22325]

• False "Barracuda Login" events in EGD audit log are no longer present. [BNESS-21855]

Updated new Email Gateway Defense documentation as part of the new Barracuda Email Protection.

For more information on the new Barracuda Email Protection plans, see Overview of Email Protection Plans.

• Enabled OneTrust cookie consent popup when loading the UI. [BNESS-20829]

• Fixed an issue where emails are allowed but not delivered when encryption exemption is triggered and recipient is another ESS account. [BNESS-21473]

• Added group lookup by email address to existing user lookup Azure AD API to ensure all users exist in Azure AD. [BNESS-21597]

• Added new feature to add exemptions to outbound encryption policies. Select the Do not encrypt action filter to customize outbound encryption exemptions for subject, headers, body, attachments, sender, or recipient. Note that when you select Do not encrypt on a Message Content Filter and Encrypt on a Predefined Filter, the Message Content Filter exemption takes precedence over the Predefined Filter and the message will not be encrypted. See Content Analysis - Outbound Mail. [BNESS-2148]

• Added new feature for admins to select if user exemptions for sender policies should override admin block lists. See Understanding User Accounts. [BNESS-20406] [BNESS-20312]

• Disabled TLS 1.0/1.1 on Barracuda Email Security Service inbound mail servers. [BNESS-20269]

• Updated report columns in ESS reports. See Reporting. [BNESS-20544]

• Barracuda Essentials customers who use Splunk can now download the ESS application in splunkbase. See Splunk Integration.

• Added quarantine and block options from domains with no SPF records. [BNESS-20413] [BNESS-5754]

• Report as Incorrectly Delivered and Report as Incorrectly Blocked buttons in the Message Log now redirect to a feedback response form to request for additional details about the message.

•  Default setting is Off for email categorization mailing lists to ensure all spam scanning and policy processing is performed on the messages.

• Quarantine notification email updated with BLOCK LIST option. This adds the sender's address to their User Sender Policies list as a BLOCKED sender from their Quarantine notification. [BNESS-5072]

• Added feature to prevent users from delivering quarantined mail. [BNESS-19725]

• Settings for domain level users in the Default Policy page are now working as designed. [BNESS-20242]

• After the migration process from Barracuda Email Security Service to Cloud Protection Layer, any sender policies, GeoIP policies, or linked domain policies settings set to quarantine in ESS will convert to block in CPL. See Moving from Email Gateway Defense to Barracuda Cloud Protection Layer. [BNESS-19926]

• Updated Barracuda terminology, removing whitelist/blacklist and changing to allow list/block list. [BNESS-19674] [BNESS-19737] [BNESS-19738]

• Enabled the download button in the Outbound Quarantine Log for messages larger than 20MB. This feature is already available for inbound and outbound mails in the Message Log. [BNESS-19873]

• Enabled the download button in the Message Log for messages larger than 20MB. This feature applies to inbound and outbound mails in the Message Log, but not currently in the Outbound Quarantine Log. [BNESS-19697]

• Added Enable Read Receipts feature for encrypted emails going through the Barracuda Email Security Service. [BNESS-3728]

• Added ATP Scan Inconclusive as a blocked message action. [BNESS-19468]

• Updated time limits on the ESS caching service. See Email Cache Policies. [BNESS-19096]

• Barracuda Email Security Service API beta release now available. The beta release includes read-only APIs to get information on accounts, domains and inbound/outbound email statistics. The Barracuda Email Security Service API is currently only available for accounts in the US region.

• Quarantined mail with attachments are checked by Barracuda Advanced Threat Protection. [BNESS-19051]

• Added feature to require users to enter their login credentials before they can access quarantined messages. [BNESS-2892] [BNESS-19117]

• Updated to allow customers to run reports up to 30 days. [BNESS-18992]

• Only domain administrators and helpdesk can access ATD logs for domains they are managing. End users cannot access ATD logs. [BNESS-19039]

• Added feature to test individual Azure AD email users. [BNESS-16869]

• Added feature to block, quarantine, or ignore password protected PDF documents. [BNESS-15548] [BNESS-16872]

• Added feature to rewrite recipients for aliased domains. [BNESS-16558] [BNESS-16814]

• Fixed issue when domain admin users try to access the Domain Settings page for domains they have permission to administrate, they're no longer seeing an error. [BNESS-16822]

• Scan .eml attachments to look for threats. [BNESS-15976]

• After an account is upgraded or terminated, mail flow is continued for a grace period of 30 days. [BNESS-16644]

• Added recipient cache response for mailing lists when sending to recipients with no response. [BNESS-11537]

• SPF quarantine option not available in Cloud Protection Layer. [BNESS-16538]

• Additional UI changes for SPF quarantine option. [BNESS-15989]

• Removed insecure ciphers. See TLS with Insecure Ciphers and SSLv2/SSLv3 No Longer Supported. [BNESS-16427]

• Audit Log: Audit Log now available. Displays all system activity. See Understanding the Audit Log. [BNESS-16390]

• Sender Policy Framework (SPF): Now includes a quarantine option and changes to hard and soft fails. See How to Configure Sender Policy Framework. [BNESS-15990]

• Outbound > Abuse Monitoring page removed. [BNESS-16452]

The following two regions are now available for Barracuda Essentials:

• Australia [BNESS-16238]

• Canada [BNESS-16239]

• Beta Feature: Search for Messages Across All Domains Simultaneously – In the Message Log, you can now search for messages across all the domains in your account simultaneously. Previously, there was a search limit of 10 domains. You can now search by single domains or by all domains. [BNESS-15948]

• Updated MX record configuration messages. [BNESS-15287]

• Clarified MX records and aliased domains. For details, refer to Understanding the Domains Page.

• Message Log has cleaner look. Displays Action and Reason for selected message. Click Show Details to view additional information about the message. [BNESS-14793]

• Spam/Not Spam buttons are now renamed as Report as Incorrectly Delivered/Report as Incorrectly Blocked. These options appear only when a message is blocked or allowed based on Barracuda policies, not your own configuration. Clicking one of these buttons for the selected message returns a pop-up window, confirming report has been sent. [BNESS-14796]

• New Reasons added to Message Log when issue is remediated by Barracuda Sentinel or by Barracuda Forensics & Incident Response. [BNESS-15084]

• Added instruction for moving from LDAP to Azure in How to Configure User Authentication with Microsoft Entra ID.

• Added information on Message History in Campus and online help.

• Message History added to Message Log. [BNESS-12566]

• Moved Spam and Not Spam buttons in Message Log. [BNESS-14795]

• Azure AD authorized domain no longer shows authorization date. [BNESS-12566]

• Automated end-user Linked Accounts page. [BNESS-14805]

• Set up HTTP API errors. [BNESS-14883]

• Message Log: Identify messages that have been remediated by either Barracuda Sentinel or Barracuda Forensics & Incident Response. [BNESS-14143]

• SPF macros are now evaluated. [BNESS-8518]

• Fixed issue where some messages were not showing up in the Advanced Threat Protection (ATP) log.  [BNESS-14846]

• Automated end-user Change Password page. [BNESS-12819]

• Fixed issues with LDAP sync. [BNESS-14726]

• Fixed user-aliases issue related to blank message log search. [BNESS-14646]

• A Domain Specific Policies flag now appears on the Domains page when a domain has its own setting for External Sender Warning. [BNESS-14424]

• Reset to account polices functionality now works for all policies - including the Allow end users to view and deliver blocked messages setting. [BNESS-14424]

• Fixed an issue where helpdesk users were unable to block senders from the message log. [BNESS-13377]

• Changed the text on the "Advanced Search" button in message log. [BNESS-11478]

• Removed unneeded navigation elements for End Users, Help Desk Users and Domain Admins. [BNESS-12581]

• Added a “Login as Administrator” link on the login page. [BNESS-11511]

• Improvement to Advanced Search on Message Logs. [BNESS-11478]

• Advanced Threat Protection notification email text change. [BNESS-13009]

• Clarified CNAME record setup steps when moving a domain to a different account. [BNESS-13145]

• Improved speed and consistency of DKIM validation. [BNESS-13049]

• Fixed an issue when extracting 7zip attachments. [BNESS-13099]

• Fixed an issue when looking up data from BRTS. [BNESS-13103]

• Added ATD Exemptions for customer-to-customer emails. [BNESS-9168]

• Fixed an issue where policies would not be honored in certain situations  [BNESS-12969]

• You can transfer a domain you own to a different account. [BNESS-11451]

• Potential LDAP sync timeout cases addressed. [BNESS-12885]

• Added a new scanning layer for image-based advertisement spam. These messages will be blocked for reason Image Analysis. [BNESS-11216]

• Attachments sent in replies are now scanned for viruses [BNESS-12573, BNESS-12718]

• Fixed an issue with messages being quarantined for DMARC. They will now be blocked. [BNESS-12663]

• Fixed problems with LDAP manual synchronization in the UK and DE regions [BNESS-10370]

• Spooling fix for empty envelope from [BNESS-12672]

• Sender whitelist always prevents the sender spoof block [BNESS-12580]

• Fixed ATP check for allow policies [BNESS-12190]

• Spam checking is done before bulk email check [BNESS-12422]

• Fixed bug affecting LDAP Synchronize Now feature in certain regions [BNESS-10370]

• Fixed an issue with sender spoof protection blocks being overwritten by other scanning layers [BNESS-12410]

• Restored the All Message Log filter for end users [BNESS-12097]