Barracuda could improve its log and export options like PDF and HDML. It can also bring in more detailing in their console so that it could be better. Some new features should be expanded and made accessible for better protection.
My customers were sending OPT bulk emails and Barracuda Email Security Gateway was not able to handle it. We have to go with another different solution, such FortiMail for the task. We are implementing these combinations of the Barracuda and FortiGate, for email security. The FortiGate FortiMail security gateway we use to send only the bulk email, not for receiving emails. In a future release, they should provide machine learning capabilities on the on-premise version. Other vendors, such as Palo Alto and Check Point are coming out with machine learning and artificial intelligence features.
Learn what your peers think about Barracuda Email Security Gateway. Get advice and tips from experienced pros sharing their opinions. Updated: January 2026.
The UI could be a little cleaner and require less clicking around in different modules. They give the illusion of a single pane of glass, but as you click around to different products, you're actually being transferred into a different system.
Barracuda's spam database isn't on par with its competitors. Users complain about the spam email they're receiving, and we report the issue. Barracuda said they are going to update their system to block the malicious email we received, but we're still getting the same spam. The signatures are not in their database. They need to update their spam signatures because spam is bypassing Barracuda.
Computer Networks and Systems Support Engineer at a real estate/law firm with 11-50 employees
Real User
Aug 19, 2022
It's good, but some spam isn't always detected. It doesn't always detect the most recent signatures or spam. The database is not updated automatically. Other solutions, such as Microsoft Exchange Online, automatically receive the most recent threat data and malware data types. I believe the Barracuda database is not being updated. That is why we are looking, and we are evaluating whether Defender for Office 365 or a Microsoft solution is better than Barracuda. That is why we are downloading all of this research to see which of the market leaders we should switch to. Spam is not always detected, and it should be more automated. We have seen that some emails are allowed by these emails, which are then stopped by Microsoft. We now have two layers of defense. Barracuda and we also have Microsoft Exchange online, but we would like to switch to one or upgrade this. We are looking for any and all solutions. That is what we are investigating right now. Because we want to ensure that some are stopped here by Barracuda and the entry point. However, for those that are not caught or blocked by Barracuda, we have the next layer of Exchange Online, which comes into the picture and checks it, sees it, and blocks it.
Barracuda Email Security Gateway can improve email detection. We have some emails that are bypassing the threat scanning. There are some impersonation emails passing through.
Barracuda Email Security Gateway should add auto-remediation to improve the solution. Additionally, there are times when we have false positives and our general emails get locked, we have mentioned this to Barracuda.
Barracuda itself should be actually working on their DMARC setup. There is a little bit of downtime in terms of that. There are some times when legit emails are trapped on Barracuda and we are unable to get that information unless we actually log on to the network to find out. The good thing is that we get logs now and you can schedule the logs and you'll be able to see the logs in the event. The user gets to see the logs. In the event you don't receive the email, so you can schedule it for every hour or whatever schedule is important for the organization. We set ours at one hour and in the event, if there's an email that didn't reach you, you'll get a notification after an hour to say, okay, this email was trapped and you are able to self-release it with the user's login, or IT can release it. I can't think of any other features that are needed.
The solution has to improve in a very specific way. When we allow our customers to send or scan email through our Barracuda Email Security Gateway, we are permitting their email server IP address, but not any domain. One of our customers has an email server where they are hosting five domains within their server. They are sending and receiving email through that server by using Barracuda Email Security Gateway. Therefore, we allow their IP address to send email through our Barracuda Email Security Gateway, then we declare MX for receiving email on behalf of our customers. After receiving the email, we deliver it to the specific IP address of the customer. Since we are only allowing the IP address, if an incident happens within a customer's email server or an email server gets compromised, then it starts sending spam. That creates a huge problem for the solution as it allows all emails because the customer's IP address is allowed to relay email through our Barracuda Email Security Gateway. Barracuda should add an option where it can add multiple domains, such as abc.com, bbc.com, and cbc.com. Therefore, this domains' emails will be allowed and other domains' emails will not be relayed through Barracuda Email Security Gateway. Whereas, if you allow the IP address, then any of the domain's emails will be relayed through Barracuda Email Security Gateway. That is the drawback that I have observed. So, Barracuda should work on this.
Director at a tech services company with 11-50 employees
Real User
Aug 31, 2021
The solution could improve by adding DomainKeys (DKIM) functionality. This is something that is essentially required nowadays for outbound security. They do not have it on their on-premise solution appliance but they have alternate arrangements for their cloud solution. You cannot force clients to go to the cloud for one feature, it would be a great benefit to have it on-premise.
Consultant at a tech services company with 501-1,000 employees
Reseller
Jun 20, 2021
The DMARC security is somewhat weak and could be strengthened. Email classification is not directly integrated with Barracuda Email Security and that kind of classification would be helpful.
Presales Network & Security Engineer at a tech services company with 51-200 employees
Reseller
Apr 23, 2021
Its integration with other solutions can be improved. There should be integration for telemetry information, system information, and other types of information with other solutions. Barracuda currently doesn't have that. Barracuda has its own platform. Its integration with firewalls is quite good, and it communicates really well with firewalls, but I have not seen any other integration. Based on what I know, it does have an API at the backend, but I have not used it.
Head Information Technology Infrastructure at a manufacturing company with 5,001-10,000 employees
Real User
Jan 12, 2021
The scalability needs improvement, it's the only feature that is required. I would like to see all of the latest security details available on the device, and it should only be cloud-based, not on-premises.
The solution requires better API integration. It's really lacking right now. If there was API access that allowed us to integrate some of our own technology or features in there that would be ideal. The deep scanning feature needs to be improved. It's not as effective as we need it to be. We need to understand a bit more about how it's scanning and blocking and how, if it's possible, to tweak the settings. The solution has quite a few outdated videos. When you watch them and try to follow them for doing certain tasks, you quickly realize they are out of date. They need to update their video documentation for their user base.
I would like to have better integration with third-party archival vendors to facilitate moving data in and out. This is definitely an area that should be worked on. Having better user admin controls from an application perspective would also be helpful.
In the past, I would have said that the reporting could be improved, but they've gotten better at that in recent versions. Although I don't use reporting routinely, it's something I do when I need to check something or pull some kind of statistical report. Also, I had some difficulty in the past with the system getting swamped and overwhelmed trying to process all incoming traffic. The appliance didn't have the resources to keep up. Obviously the network is getting more and more spam and virus traffic which adds to the problem. Since I had a service contract with Barracuda, they were able to resolve the issue by shipping me newer replacement hardware with significantly more computing resources. This was all at no cost.
An improvement I would encourage is that sometimes the spam filtering is a little too aggressive. You can not get granular enough to back off what is considered spam and what is not. So it is fine that they have predefined settings for spam, but not so good that it can not be modified. If we could go in and modify the settings or affect the way it is treating spam, I think that would allow for more versatility and better results.
We had a case where right before a link was redirected and there was no chance to ignore it. A few days ago there was a feature request to clean and redirect a link because it was a false positive. Let us say false positive in the link protection and there's no easy way to correct it.
Deputy Manager IT Operations (Senior System Administrator) at a transportation company with 1,001-5,000 employees
Real User
Feb 6, 2020
The technical support service is outsourced and the accents are difficult to understand, even for people like us from the same region. The reporting can be improved. The user interface needs to be more responsive. The performance of the actual device is pretty good but the interface lags sometimes.
One aspect of the product that can be improved is the availability of support. We don't have the availability of support 24/7, and it takes some time to get answers. These technical support people are in some other country, and our time zone is not supported. We have to often give them remote access to resolve issues, so potentially it is a security risk also. Sometimes clients who we resell to will not accept that risk because you are opening a secured doorway to the internet. That can be a bit of headache in those cases, which we end up having to work-around. Actually the rest of the product is very good and it is otherwise meeting our requirements. I would only hope they would provide better support in our country.
Network Specialist at a educational organization with 1,001-5,000 employees
Real User
Jun 13, 2019
The pricing of this solution could be improved. The reports are standard, and it would be nice to be able to customize them. It would be nice if the appliance itself was scalable, rather than having to replace it.
Network Manager at a security firm with 1-10 employees
Real User
Feb 13, 2019
We had an incident where we didn't want to receive any emails or spam from a certain site and email address. We selected the mail ID, and we send it to Barracuda for analysis to see if it's spam or something like that. As of now, we haven't gotten any update or notification as to what happened with it. I would like to see there be better implementation.
Barracuda Email Security Gateway is a robust security solution that allows users to protect themselves from external threats as well as from potential data leaks. It can be managed and monitored from a centralized location. Users can efficiently and easily keep track of every aspect of their security suite all at one time. Customized protections can also be set up in a matter of minutes.
Benefits of Barracuda Email Security Gateway
Some of the benefits of using Barracuda Email Security...
Barracuda Email Security Gateway should include ATP in the next release.
Barracuda could improve its log and export options like PDF and HDML. It can also bring in more detailing in their console so that it could be better. Some new features should be expanded and made accessible for better protection.
The solution should add automatic alerts to the mobile.
We are using the tool’s 400 model which does not offer accurate spam detection. We have also had performance issues with the tool.
My customers were sending OPT bulk emails and Barracuda Email Security Gateway was not able to handle it. We have to go with another different solution, such FortiMail for the task. We are implementing these combinations of the Barracuda and FortiGate, for email security. The FortiGate FortiMail security gateway we use to send only the bulk email, not for receiving emails. In a future release, they should provide machine learning capabilities on the on-premise version. Other vendors, such as Palo Alto and Check Point are coming out with machine learning and artificial intelligence features.
I have noticed that it takes a little time to get familiar with after deploying and some tweaks need to be done as things come up.
The pricing is a little bit high, and it is causing the company to rethink renewal. If they could lower the pricing, that would be ideal.
The UI could be a little cleaner and require less clicking around in different modules. They give the illusion of a single pane of glass, but as you click around to different products, you're actually being transferred into a different system.
Barracuda's spam database isn't on par with its competitors. Users complain about the spam email they're receiving, and we report the issue. Barracuda said they are going to update their system to block the malicious email we received, but we're still getting the same spam. The signatures are not in their database. They need to update their spam signatures because spam is bypassing Barracuda.
It's good, but some spam isn't always detected. It doesn't always detect the most recent signatures or spam. The database is not updated automatically. Other solutions, such as Microsoft Exchange Online, automatically receive the most recent threat data and malware data types. I believe the Barracuda database is not being updated. That is why we are looking, and we are evaluating whether Defender for Office 365 or a Microsoft solution is better than Barracuda. That is why we are downloading all of this research to see which of the market leaders we should switch to. Spam is not always detected, and it should be more automated. We have seen that some emails are allowed by these emails, which are then stopped by Microsoft. We now have two layers of defense. Barracuda and we also have Microsoft Exchange online, but we would like to switch to one or upgrade this. We are looking for any and all solutions. That is what we are investigating right now. Because we want to ensure that some are stopped here by Barracuda and the entry point. However, for those that are not caught or blocked by Barracuda, we have the next layer of Exchange Online, which comes into the picture and checks it, sees it, and blocks it.
Barracuda Email Security Gateway can improve email detection. We have some emails that are bypassing the threat scanning. There are some impersonation emails passing through.
Barracuda Email Security Gateway should add auto-remediation to improve the solution. Additionally, there are times when we have false positives and our general emails get locked, we have mentioned this to Barracuda.
Barracuda itself should be actually working on their DMARC setup. There is a little bit of downtime in terms of that. There are some times when legit emails are trapped on Barracuda and we are unable to get that information unless we actually log on to the network to find out. The good thing is that we get logs now and you can schedule the logs and you'll be able to see the logs in the event. The user gets to see the logs. In the event you don't receive the email, so you can schedule it for every hour or whatever schedule is important for the organization. We set ours at one hour and in the event, if there's an email that didn't reach you, you'll get a notification after an hour to say, okay, this email was trapped and you are able to self-release it with the user's login, or IT can release it. I can't think of any other features that are needed.
The solution has to improve in a very specific way. When we allow our customers to send or scan email through our Barracuda Email Security Gateway, we are permitting their email server IP address, but not any domain. One of our customers has an email server where they are hosting five domains within their server. They are sending and receiving email through that server by using Barracuda Email Security Gateway. Therefore, we allow their IP address to send email through our Barracuda Email Security Gateway, then we declare MX for receiving email on behalf of our customers. After receiving the email, we deliver it to the specific IP address of the customer. Since we are only allowing the IP address, if an incident happens within a customer's email server or an email server gets compromised, then it starts sending spam. That creates a huge problem for the solution as it allows all emails because the customer's IP address is allowed to relay email through our Barracuda Email Security Gateway. Barracuda should add an option where it can add multiple domains, such as abc.com, bbc.com, and cbc.com. Therefore, this domains' emails will be allowed and other domains' emails will not be relayed through Barracuda Email Security Gateway. Whereas, if you allow the IP address, then any of the domain's emails will be relayed through Barracuda Email Security Gateway. That is the drawback that I have observed. So, Barracuda should work on this.
Artificial intelligence improvement could be used to help block spam and phishing mail that is directly delivered to users.
Some of the phishing emails are not being blocked. Another problem is that we are not able to manage the date and time in our time zone.
The solution could improve by adding DomainKeys (DKIM) functionality. This is something that is essentially required nowadays for outbound security. They do not have it on their on-premise solution appliance but they have alternate arrangements for their cloud solution. You cannot force clients to go to the cloud for one feature, it would be a great benefit to have it on-premise.
The DMARC security is somewhat weak and could be strengthened. Email classification is not directly integrated with Barracuda Email Security and that kind of classification would be helpful.
The solution should include an improvised anti-phishing feature, since it blocks certain genuine emails.
Its integration with other solutions can be improved. There should be integration for telemetry information, system information, and other types of information with other solutions. Barracuda currently doesn't have that. Barracuda has its own platform. Its integration with firewalls is quite good, and it communicates really well with firewalls, but I have not seen any other integration. Based on what I know, it does have an API at the backend, but I have not used it.
There are limited administration controls that should be improved. Additionally, the reports available currently are not enough.
The scalability needs improvement, it's the only feature that is required. I would like to see all of the latest security details available on the device, and it should only be cloud-based, not on-premises.
The solution requires better API integration. It's really lacking right now. If there was API access that allowed us to integrate some of our own technology or features in there that would be ideal. The deep scanning feature needs to be improved. It's not as effective as we need it to be. We need to understand a bit more about how it's scanning and blocking and how, if it's possible, to tweak the settings. The solution has quite a few outdated videos. When you watch them and try to follow them for doing certain tasks, you quickly realize they are out of date. They need to update their video documentation for their user base.
I would like to have better integration with third-party archival vendors to facilitate moving data in and out. This is definitely an area that should be worked on. Having better user admin controls from an application perspective would also be helpful.
This product can always be made more secure.
In the past, I would have said that the reporting could be improved, but they've gotten better at that in recent versions. Although I don't use reporting routinely, it's something I do when I need to check something or pull some kind of statistical report. Also, I had some difficulty in the past with the system getting swamped and overwhelmed trying to process all incoming traffic. The appliance didn't have the resources to keep up. Obviously the network is getting more and more spam and virus traffic which adds to the problem. Since I had a service contract with Barracuda, they were able to resolve the issue by shipping me newer replacement hardware with significantly more computing resources. This was all at no cost.
An improvement I would encourage is that sometimes the spam filtering is a little too aggressive. You can not get granular enough to back off what is considered spam and what is not. So it is fine that they have predefined settings for spam, but not so good that it can not be modified. If we could go in and modify the settings or affect the way it is treating spam, I think that would allow for more versatility and better results.
We had a case where right before a link was redirected and there was no chance to ignore it. A few days ago there was a feature request to clean and redirect a link because it was a false positive. Let us say false positive in the link protection and there's no easy way to correct it.
The technical support service is outsourced and the accents are difficult to understand, even for people like us from the same region. The reporting can be improved. The user interface needs to be more responsive. The performance of the actual device is pretty good but the interface lags sometimes.
One aspect of the product that can be improved is the availability of support. We don't have the availability of support 24/7, and it takes some time to get answers. These technical support people are in some other country, and our time zone is not supported. We have to often give them remote access to resolve issues, so potentially it is a security risk also. Sometimes clients who we resell to will not accept that risk because you are opening a secured doorway to the internet. That can be a bit of headache in those cases, which we end up having to work-around. Actually the rest of the product is very good and it is otherwise meeting our requirements. I would only hope they would provide better support in our country.
The pricing of this solution could be improved. The reports are standard, and it would be nice to be able to customize them. It would be nice if the appliance itself was scalable, rather than having to replace it.
Two improvements that are needed include an enhancement in the proxy feature, as well as the ability to more fully automate patches and updates.
We had an incident where we didn't want to receive any emails or spam from a certain site and email address. We selected the mail ID, and we send it to Barracuda for analysis to see if it's spam or something like that. As of now, we haven't gotten any update or notification as to what happened with it. I would like to see there be better implementation.