Additional Configuration - Barracuda

Step 1: Allowlist by IP Address (Core Deliverability)

This step ensures that mail coming from your phishing platform's servers bypasses Barracuda's primary spam, greylisting, and reputation checks.

For Barracuda Email Security Service (Cloud Control)

1. Log in to your Barracuda Cloud Control console.
2. Navigate to Email Security → Inbound Settings → IP Address Policies.
3. In the IP Blocking / Exemption section, enter the IP address listed in our Domains and IP Addresses article into the entry field.
4. In the Netmask field, enter 255.255.255.255.
5. Set the Policy field to Exempt.
6. (Optional) Add a note in the Comment field (e.g., "Secure Schools Phishing IP").
7. Click Add.

For Barracuda Email Security Gateway (On-Premises)

1. Log in to your Barracuda Email Security Gateway web interface.
2. Go to BLOCK/ACCEPT → IP Filters.
3. In the Allowed IP/Range section, enter the IP address listed in our Domains and IP Addresses article into the IP/Network Address field.
4. In the Netmask field, enter 255.255.255.255.
5. Set the Policy field to Exempt.
6. (Optional) Add a note in the Comment field.
7. Click Add.

Step 2: Bypass Intent Analysis (Link Protection)

Barracuda's Intent Analysis feature scans and rewrites URLs in email bodies. This must be bypassed for phishing simulations to ensure links are not altered, which would corrupt your test results.

For Barracuda Email Security Service (Cloud Control)

1. Log in to your Barracuda Cloud Control console.
2. Navigate to Email Security → Inbound Settings → Anti-Phishing.
3. Under the Intent section, add the domains listed in our Domains and IP Addresses article.
4. Ensure the Policy drop-down is set to Ignore for these domains.
5. Click Add for each domain.

For Barracuda Email Security Gateway (On-Premises)

1. Log in to your Barracuda Email Security Gateway web interface.
2. Navigate to Email Security Gateway → Basic → Spam Checking.
3. Under the Intent Analysis section, add the domains listed in our Domains and IP Addresses article to the URI Exemptions text box field.

Step 3: Exempt from Sender Authentication (Spoofing)

If you plan to send simulated phishing emails that spoof your own domain (e.g., an email appearing to come from your CEO), you must exempt the phishing platform's IP addresses from SPF checks.

For Barracuda Email Security Service (Cloud Control)

1. Log in to your Barracuda Cloud Control console.
2. Navigate to Email Security → Inbound Settings → Sender Authentication.
3. In the Use Sender Policy Framework centre, enter the IP address listed in our Domains and IP Addresses article into the SPF Exemptions table.

For Barracuda Email Security Gateway (On-Premises)

1. Log in to your Barracuda Email Security Gateway web interface.
2. Navigate to Email Security → Block/Accept tab and select Sender Authentication.
3. Under the Sender Policy Framework (SPF) Configuration section, ensure it is set to Yes.
4. Add the IP address listed in our Domains and IP Addresses article to the exemption list.

Step 4: Bypass Advanced Threat Protection (ATP)

If you use Barracuda's Advanced Threat Protection and your simulations include attachments, set up exemptions to ensure attachments (like fake PDFs) are not scanned, detonated, or removed.

1. Log in to your Barracuda Email Security Gateway web interface (or Cloud if applicable).
2. Select the ATP Settings tab.
3. Enter the IP address listed in our Domains and IP Addresses article
4. Click Add.

Final Checklist

• IP Addresses: Have all IP addresses been added as Exempt under IP Address Policies?
• Link Rewriting: Have all domains been added to Intent Analysis with the Ignore policy?
• Spoofing: Have all IP addresses been exempted from SPF checks to allow internal domain spoofing?
• Attachments: Have IP addresses been exempted from ATP/PDF Scanning if your simulations include attachments?
• Test: Run a small test campaign immediately after configuration to verify that the emails are delivered to the inbox with links and attachments intact.