On technical aspects, I think Barracuda needs to provide a fast response to any vulnerability on the system and enhance Barracuda support. Customer support for Barracuda Email Security Gateway needs improvement.
Regarding real-time intelligent features of the Barracuda Email Security Gateway, some spam emails are still being released by the ESG to the end users, so the functionality is not working appropriately. Even recently, I received a phishing email, and I question why it was released to one user and blocked for another. If it's considered a phishing email, it should be blocked for all users, not just some. It seems it needs to improve to better understand spam emails. In my opinion, Barracuda can make their Email Security Gateway better by exploring the coverage of our subscription. I don't feel that the threat intelligence is adequate and it could be more advanced. I have seen some phishing emails being released, which should not happen. I have submitted a case to support about it, so I think they still need to improve. I would like to see a wider range of security features from Barracuda.
The Sender Policy Authentication needs improvement. When we add some customers related to our work, all mails should be delivered, not blocked. When we add mails to email secure Sender Policy Authentication with extended options, all mails must pass this Mail Security Gateway. We detect some failures in some mails; not all mails pass through consistently. Some mails pass while others are dropped without any apparent logic, despite having the policy set for specific recipients or senders.
There is room for further integration with the wider platform. While the newly released interface is excellent and offers a fresh look and feel, I find that enhancing integration with the broader platform would be quite beneficial. That's essentially the main area I see for improvement.
There is room for improvement in the management of multiple domains. Enhancing this aspect to better meet the diverse needs of our customers would be beneficial. After four years, they should offer a replacement with a new hardware appliance, providing upgraded equipment and ensuring continued performance.
Learn what your peers think about Barracuda Email Security Gateway. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.
It consultant and Project Manager/ CTO technology officer at Cabar at Cabar SRL
Reseller
Sep 8, 2023
There is room for improvement in the speed of the interface; specifically, the cloud interface is a bit slow. I work exclusively in the cloud and not on-premises. The cloud interface is quite slow, especially when you're searching or navigating between menus. So, in the future, I'd like to see a faster interface.
Sophos Certified Product Architect at Softech Microsystems
Reseller
Jul 20, 2023
Few customers require an on-premises fabric ATP box for attack detection and response. These customers are government organizations that don't want their data to be on-cloud.
Barracuda could improve its log and export options like PDF and HDML. It can also bring in more detailing in their console so that it could be better. Some new features should be expanded and made accessible for better protection.
Customer Service Staff at a financial services firm with 201-500 employees
Real User
Jun 12, 2023
Barracuda should have a sandbox feature in the appliances. That's the only thing missing. In my company, we have four appliances, and we have to use a third-party brand for sandboxing. Moreover, sometimes phishing emails still pass through, which is a drawback. I would say it's about 80% to 90% effective.
My customers were sending OPT bulk emails and Barracuda Email Security Gateway was not able to handle it. We have to go with another different solution, such FortiMail for the task. We are implementing these combinations of the Barracuda and FortiGate, for email security. The FortiGate FortiMail security gateway we use to send only the bulk email, not for receiving emails. In a future release, they should provide machine learning capabilities on the on-premise version. Other vendors, such as Palo Alto and Check Point are coming out with machine learning and artificial intelligence features.
Information Technology Specialist at a pharma/biotech company with 1,001-5,000 employees
Real User
Top 20
Oct 26, 2022
The initial setup can be a little bit complex. When we implemented Barracuda three years back, although the deployment went smoothly, we also needed to implement some changes regarding the configuration, which were affecting the stamp control rate. Some options were not so easy to remember and we had to search for directions. For example, if I want to change the mail flow settings, there are two different options available in Barracuda. If I apply a change on one option and didn't change the configuration on the other option, the mail flow doesn't work. Yet the second option is always hidden. I always need to search for it when I need to change some mail flow settings.
The UI could be a little cleaner and require less clicking around in different modules. They give the illusion of a single pane of glass, but as you click around to different products, you're actually being transferred into a different system.
Barracuda's spam database isn't on par with its competitors. Users complain about the spam email they're receiving, and we report the issue. Barracuda said they are going to update their system to block the malicious email we received, but we're still getting the same spam. The signatures are not in their database. They need to update their spam signatures because spam is bypassing Barracuda.
Barracuda Email Security Gateway can improve reporting and anti-spam. The anti-spam engine is not working well. We are seeing a lot of problems where spam is going through the gateway. Additionally, access privilege should be given to the IT support, because they don't have a lot of privileges. We are forced to give our IT support administrative access in order to clear and deliver emails and this should not be happening. In the future, having a schedule reporting for quarantine for all users or for selected users, without reading the content of the message would be helpful.
Computer Networks and Systems Support Engineer at a real estate/law firm with 11-50 employees
Real User
Aug 19, 2022
It's good, but some spam isn't always detected. It doesn't always detect the most recent signatures or spam. The database is not updated automatically. Other solutions, such as Microsoft Exchange Online, automatically receive the most recent threat data and malware data types. I believe the Barracuda database is not being updated. That is why we are looking, and we are evaluating whether Defender for Office 365 or a Microsoft solution is better than Barracuda. That is why we are downloading all of this research to see which of the market leaders we should switch to. Spam is not always detected, and it should be more automated. We have seen that some emails are allowed by these emails, which are then stopped by Microsoft. We now have two layers of defense. Barracuda and we also have Microsoft Exchange online, but we would like to switch to one or upgrade this. We are looking for any and all solutions. That is what we are investigating right now. Because we want to ensure that some are stopped here by Barracuda and the entry point. However, for those that are not caught or blocked by Barracuda, we have the next layer of Exchange Online, which comes into the picture and checks it, sees it, and blocks it.
Barracuda Email Security Gateway can improve email detection. We have some emails that are bypassing the threat scanning. There are some impersonation emails passing through.
Barracuda Email Security Gateway should add auto-remediation to improve the solution. Additionally, there are times when we have false positives and our general emails get locked, we have mentioned this to Barracuda.
Barracuda itself should be actually working on their DMARC setup. There is a little bit of downtime in terms of that. There are some times when legit emails are trapped on Barracuda and we are unable to get that information unless we actually log on to the network to find out. The good thing is that we get logs now and you can schedule the logs and you'll be able to see the logs in the event. The user gets to see the logs. In the event you don't receive the email, so you can schedule it for every hour or whatever schedule is important for the organization. We set ours at one hour and in the event, if there's an email that didn't reach you, you'll get a notification after an hour to say, okay, this email was trapped and you are able to self-release it with the user's login, or IT can release it. I can't think of any other features that are needed.
The solution has to improve in a very specific way. When we allow our customers to send or scan email through our Barracuda Email Security Gateway, we are permitting their email server IP address, but not any domain. One of our customers has an email server where they are hosting five domains within their server. They are sending and receiving email through that server by using Barracuda Email Security Gateway. Therefore, we allow their IP address to send email through our Barracuda Email Security Gateway, then we declare MX for receiving email on behalf of our customers. After receiving the email, we deliver it to the specific IP address of the customer. Since we are only allowing the IP address, if an incident happens within a customer's email server or an email server gets compromised, then it starts sending spam. That creates a huge problem for the solution as it allows all emails because the customer's IP address is allowed to relay email through our Barracuda Email Security Gateway. Barracuda should add an option where it can add multiple domains, such as abc.com, bbc.com, and cbc.com. Therefore, this domains' emails will be allowed and other domains' emails will not be relayed through Barracuda Email Security Gateway. Whereas, if you allow the IP address, then any of the domain's emails will be relayed through Barracuda Email Security Gateway. That is the drawback that I have observed. So, Barracuda should work on this.
Director at a tech services company with 11-50 employees
Real User
Aug 31, 2021
The solution could improve by adding DomainKeys (DKIM) functionality. This is something that is essentially required nowadays for outbound security. They do not have it on their on-premise solution appliance but they have alternate arrangements for their cloud solution. You cannot force clients to go to the cloud for one feature, it would be a great benefit to have it on-premise.
Barracuda Email Security Gateway is a robust security solution that allows users to protect themselves from external threats as well as from potential data leaks. It can be managed and monitored from a centralized location. Users can efficiently and easily keep track of every aspect of their security suite all at one time. Customized protections can also be set up in a matter of minutes.
Benefits of Barracuda Email Security Gateway
Some of the benefits of using Barracuda Email Security...
On technical aspects, I think Barracuda needs to provide a fast response to any vulnerability on the system and enhance Barracuda support. Customer support for Barracuda Email Security Gateway needs improvement.
Regarding real-time intelligent features of the Barracuda Email Security Gateway, some spam emails are still being released by the ESG to the end users, so the functionality is not working appropriately. Even recently, I received a phishing email, and I question why it was released to one user and blocked for another. If it's considered a phishing email, it should be blocked for all users, not just some. It seems it needs to improve to better understand spam emails. In my opinion, Barracuda can make their Email Security Gateway better by exploring the coverage of our subscription. I don't feel that the threat intelligence is adequate and it could be more advanced. I have seen some phishing emails being released, which should not happen. I have submitted a case to support about it, so I think they still need to improve. I would like to see a wider range of security features from Barracuda.
The Sender Policy Authentication needs improvement. When we add some customers related to our work, all mails should be delivered, not blocked. When we add mails to email secure Sender Policy Authentication with extended options, all mails must pass this Mail Security Gateway. We detect some failures in some mails; not all mails pass through consistently. Some mails pass while others are dropped without any apparent logic, despite having the policy set for specific recipients or senders.
There is room for further integration with the wider platform. While the newly released interface is excellent and offers a fresh look and feel, I find that enhancing integration with the broader platform would be quite beneficial. That's essentially the main area I see for improvement.
There is room for improvement in the management of multiple domains. Enhancing this aspect to better meet the diverse needs of our customers would be beneficial. After four years, they should offer a replacement with a new hardware appliance, providing upgraded equipment and ensuring continued performance.
Sometimes, Barracuda Blacklist blocks the general IP list from the source domains. They block the genuine sources, too.
There is room for improvement in the speed of the interface; specifically, the cloud interface is a bit slow. I work exclusively in the cloud and not on-premises. The cloud interface is quite slow, especially when you're searching or navigating between menus. So, in the future, I'd like to see a faster interface.
Few customers require an on-premises fabric ATP box for attack detection and response. These customers are government organizations that don't want their data to be on-cloud.
Barracuda Email Security Gateway should include ATP in the next release.
Some customers experience issues with integration.
Barracuda could improve its log and export options like PDF and HDML. It can also bring in more detailing in their console so that it could be better. Some new features should be expanded and made accessible for better protection.
Barracuda should have a sandbox feature in the appliances. That's the only thing missing. In my company, we have four appliances, and we have to use a third-party brand for sandboxing. Moreover, sometimes phishing emails still pass through, which is a drawback. I would say it's about 80% to 90% effective.
The solution should add automatic alerts to the mobile.
Barracuda isn't catching everything. We're still getting quite a few phishing emails, so we're looking for something else.
We are using the tool’s 400 model which does not offer accurate spam detection. We have also had performance issues with the tool.
My customers were sending OPT bulk emails and Barracuda Email Security Gateway was not able to handle it. We have to go with another different solution, such FortiMail for the task. We are implementing these combinations of the Barracuda and FortiGate, for email security. The FortiGate FortiMail security gateway we use to send only the bulk email, not for receiving emails. In a future release, they should provide machine learning capabilities on the on-premise version. Other vendors, such as Palo Alto and Check Point are coming out with machine learning and artificial intelligence features.
I have noticed that it takes a little time to get familiar with after deploying and some tweaks need to be done as things come up.
The pricing is a little bit high, and it is causing the company to rethink renewal. If they could lower the pricing, that would be ideal.
The initial setup can be a little bit complex. When we implemented Barracuda three years back, although the deployment went smoothly, we also needed to implement some changes regarding the configuration, which were affecting the stamp control rate. Some options were not so easy to remember and we had to search for directions. For example, if I want to change the mail flow settings, there are two different options available in Barracuda. If I apply a change on one option and didn't change the configuration on the other option, the mail flow doesn't work. Yet the second option is always hidden. I always need to search for it when I need to change some mail flow settings.
The UI could be a little cleaner and require less clicking around in different modules. They give the illusion of a single pane of glass, but as you click around to different products, you're actually being transferred into a different system.
Barracuda's spam database isn't on par with its competitors. Users complain about the spam email they're receiving, and we report the issue. Barracuda said they are going to update their system to block the malicious email we received, but we're still getting the same spam. The signatures are not in their database. They need to update their spam signatures because spam is bypassing Barracuda.
Barracuda Email Security Gateway can improve reporting and anti-spam. The anti-spam engine is not working well. We are seeing a lot of problems where spam is going through the gateway. Additionally, access privilege should be given to the IT support, because they don't have a lot of privileges. We are forced to give our IT support administrative access in order to clear and deliver emails and this should not be happening. In the future, having a schedule reporting for quarantine for all users or for selected users, without reading the content of the message would be helpful.
It's good, but some spam isn't always detected. It doesn't always detect the most recent signatures or spam. The database is not updated automatically. Other solutions, such as Microsoft Exchange Online, automatically receive the most recent threat data and malware data types. I believe the Barracuda database is not being updated. That is why we are looking, and we are evaluating whether Defender for Office 365 or a Microsoft solution is better than Barracuda. That is why we are downloading all of this research to see which of the market leaders we should switch to. Spam is not always detected, and it should be more automated. We have seen that some emails are allowed by these emails, which are then stopped by Microsoft. We now have two layers of defense. Barracuda and we also have Microsoft Exchange online, but we would like to switch to one or upgrade this. We are looking for any and all solutions. That is what we are investigating right now. Because we want to ensure that some are stopped here by Barracuda and the entry point. However, for those that are not caught or blocked by Barracuda, we have the next layer of Exchange Online, which comes into the picture and checks it, sees it, and blocks it.
Barracuda Email Security Gateway can improve email detection. We have some emails that are bypassing the threat scanning. There are some impersonation emails passing through.
Barracuda Email Security Gateway should add auto-remediation to improve the solution. Additionally, there are times when we have false positives and our general emails get locked, we have mentioned this to Barracuda.
Barracuda itself should be actually working on their DMARC setup. There is a little bit of downtime in terms of that. There are some times when legit emails are trapped on Barracuda and we are unable to get that information unless we actually log on to the network to find out. The good thing is that we get logs now and you can schedule the logs and you'll be able to see the logs in the event. The user gets to see the logs. In the event you don't receive the email, so you can schedule it for every hour or whatever schedule is important for the organization. We set ours at one hour and in the event, if there's an email that didn't reach you, you'll get a notification after an hour to say, okay, this email was trapped and you are able to self-release it with the user's login, or IT can release it. I can't think of any other features that are needed.
The solution has to improve in a very specific way. When we allow our customers to send or scan email through our Barracuda Email Security Gateway, we are permitting their email server IP address, but not any domain. One of our customers has an email server where they are hosting five domains within their server. They are sending and receiving email through that server by using Barracuda Email Security Gateway. Therefore, we allow their IP address to send email through our Barracuda Email Security Gateway, then we declare MX for receiving email on behalf of our customers. After receiving the email, we deliver it to the specific IP address of the customer. Since we are only allowing the IP address, if an incident happens within a customer's email server or an email server gets compromised, then it starts sending spam. That creates a huge problem for the solution as it allows all emails because the customer's IP address is allowed to relay email through our Barracuda Email Security Gateway. Barracuda should add an option where it can add multiple domains, such as abc.com, bbc.com, and cbc.com. Therefore, this domains' emails will be allowed and other domains' emails will not be relayed through Barracuda Email Security Gateway. Whereas, if you allow the IP address, then any of the domain's emails will be relayed through Barracuda Email Security Gateway. That is the drawback that I have observed. So, Barracuda should work on this.
Artificial intelligence improvement could be used to help block spam and phishing mail that is directly delivered to users.
Some of the phishing emails are not being blocked. Another problem is that we are not able to manage the date and time in our time zone.
The solution could improve by adding DomainKeys (DKIM) functionality. This is something that is essentially required nowadays for outbound security. They do not have it on their on-premise solution appliance but they have alternate arrangements for their cloud solution. You cannot force clients to go to the cloud for one feature, it would be a great benefit to have it on-premise.