/
Changes to Domain-Level Configuration in Email Gateway Defense

Changes to Domain-Level Configuration in Email Gateway Defense

Email Gateway Defense (EGD) recently changed how domain-level policy configuration is handled, which affects how administrators manage policy behavior in EGD. The information below explains what’s changing, when domain-level policies already configured on your account still apply, how they interact with account- and user-level policies, and what Barracuda Networks recommends going forward.

What’s changing

  • For new and existing accounts without domain-level policy settings configured, the Domains Manage button is removed, and the domain-admin role is no longer available under Users > Users list > Edit.

  • For accounts with domain-level policy settings already configured, there is no change.

Overview

Email Gateway Defense uses different “layers” of policies to decide what to do with email. Historically, policies could be set at three levels:

  • Account (for the whole organization)

  • Domain (legacy for accounts with domain-level policies already configured)

  • User (for individual mailboxes)

To make EGD easier to manage and safer to configure, EGD now relies on account-level and user-level policies for most environments; see What’s changing above for how this applies to your account.

Why domain-level existed and its limits

Domain-level controls were created for customers who manage many different domains for a single organization under one EGD account. Each domain might have its own risk level, business rules, or compliance needs. Domain-level policies helped customers:

  • Run different filtering levels on different domains

  • Handle acquisitions or separate business units

  • Move from one setup to another in stages

However, domain-level policy configuration was designed for specific scenarios and comes with limits. In many environments, these limits outweigh the benefits:

  • Harder to understand – Different rules per domain make behavior less predictable and harder to explain.

  • Inconsistent security – Some domains can end up less protected if domain-level policies are not updated correctly.

  • More work to manage – It is harder to audit, change, and document policies when domain-level policies are scattered across domains.

  • Less aligned with new features – Newer features are designed to work best with strong account-level policies and small user-level exceptions.

For most customers, domain-level policies create more problems than benefits, and account-level policies should be the primary control point.

How this affects your account

What you see in the user interface depends on whether your account has domain-level policy settings configured.

Accounts without domain-level policy settings

For new and existing accounts without domain-level policy settings configured, administrators will not see any domain-level policy configuration in the user interface.

  • No domain-level policy configuration.

  • No domain-admin role.

  • No Domains Manage button.

Note: You can still manage domain configuration related to mail flow (for example, SMTP server settings).

Configure everything at the account level, with limited user-level exceptions where appropriate.

Accounts with domain-level policy settings already configured

  • Those domain-level policies continue to apply as they do today.

  • You can still view and manage those domain-level policies in the user interface.

  • Your current behavior and protection are not changed.

Over time, Barracuda Networks recommends migrating those domain-level policies to account-level and user-level policies, using the guidance in this article.

Best practices

Account-level recommendations

Use account-level policies as your main control point:

  • Set a single global baseline for spam, phishing, impersonation, and attachment/URL protection.

  • Manage organization-wide block and allow lists, and how you handle authentication and suspicious senders, at the account level.

For MSPs and multi-tenant setups

  • One customer per account (supported model) – EGD does not support managing multiple unrelated customers in a single account. MSPs must provision a separate EGD account for each client to keep policies, reporting, and access isolated.

  • Multiple domains for a single customer – A single customer can have multiple domains under one EGD account. When those domains represent different business units with different requirements, domain-level policies (where already configured) may still be appropriate, alongside strong account-level baselines and limited user-level exceptions.

If you have questions about these changes, contact Barracuda Networks Technical Support.

We value your feedback.
If you have questions, suggestions, or feedback on our documentation, contact the Campus Product Documentation team.
For general product inquiries or technical support, please contact the global Barracuda Support team.