CTS Email Security protects you with a two layer filtration system backed by our partners Barracuda and Avanan. Understanding the basics on how to use these filters will not only help you improve their effectiveness overtime, but will also insure important communications are not missed.
Barracuda
CTS Cloud security partner, Barracuda, provides the first line of defense against malicious emails. They are an industry leader when it comes to the speed and frequency of updates to their threat-detection algorithms.
Essentials Overview
What does Barracuda do?
Barracuda quickly filters and sanitizes every email before it is delivered to your inbox to protect you from email-borne threats, such as viruses and malware. Barracuda will allow safe emails into your inbox and block anything it deems unsafe. If Barracuda is unsure about the safety of an email, it lists it as “quarantined” and sets it aside for you to review. Note: Barracuda’s AI is very intelligent, but it could still flag legitimate emails as unsafe. This is why taking a look at your daily quarantine digests is highly recommended. By releasing emails, you will train and improve Barracuda’s function.
What does Quarantine mean?
Most of your interaction with Barracuda regards emails with “quarantined” status. Simply put, a quarantined email is an email that is suspicious and requires your review. Quarantined emails are not allowed into the inbox until manually released by a user, which can be done a few different ways. Quarantined emails are automatically deleted after 30 days unless released. You can access the complete list of quarantined emails at any time through the Quarantine Portal or view newly quarantined emails in the Quarantine Summary email notifications. A user must set up their Barracuda account in order to release any emails. If you’re expecting an email but it doesn’t arrive in your inbox, it’s likely stuck in quarantine. There are other categories Barracuda uses to sort emails: Blocked, Deferred, Allowed, and UI Delivered. Emails sorted under these other categories have specific implications and can only be accessed through the Quarantine Portal. More information on that here.
Learn More!
Barracuda is a powerful tool and has many features! We’ve listed the key features in this guide and included a troubleshooting guide for your convenience. As always, if you have any questions that are not covered in this document, please do not hesitate to reach out to support@ctsitcare.com.
Sign in to your Barracuda Portal
Your Barracuda Account is integrated with your Microsoft 365 Email account credentials. This makes the sign in process easier.
- Go to ess.barracudanetworks.com and enter your email address in the field.
- The next page will redirect you to a Microsoft login page. Enter the password you use for your email address.
- If this is your first time, it may ask you to accept permissions. Please agree to all permission requests to proceed.
Message Log Overview
Portal Link: ess.barracudanetworks.com The Message Log is for viewing all emails (allowed, blocked, or otherwise) in one space. It is the easiest place to adjust permissions for emails and see the large picture of your email security. To Access, go to ess.barracudanetworks.com and login with your credentials. By default, Barracuda will show you the last 2 days of quarantined emails. To filter emails, use the filter options provided. See filter definitions here:
All | All emails, delivered and undelivered. |
Allowed | All delivered emails. |
Not Allowed | All undelivered messages. Includes blocked, deferred and quarantine. |
Quarantined | Email is possibly spam/suspicious. Requires review. |
Blocked | Emails blocked due to CTS Security Policies. |
Deferred | Email was marked Spam/Suspicious for multiple reasons. High risk. |
UI Delivered | Emails delivered due to Admin Whitelist status. |
Shown above: How to toggle between message filters
Quarantine Summary Emails
Barracuda sends notifications twice a day (except weekends) to let users know that they have quarantined messages (see image below). These notifications list all emails that were newly quarantined from your inbox. Emails listed in the summary are automatically deleted after 30 days unless released. If no emails were quarantined, you will not receive this email. See image below for an example of how the emails look like. It is important to note that only “quarantined” messages are listed on the email summaries. Emails sorted under other categories can only be accessed through the Quarantine Portal.
Shown above: Example Quarantine Summary Email
Release and Deliver Emails
There are two methods of releasing quarantined emails: through the portal or via quarantine summary emails. Email that have been categorized as “Blocked” or “Deferred” can only be released through the Portal.
Via Quarantine Portal (All Emails)
- Go to barracudanetworks.com
- Select the email in question and select [Load Remote Content] to view. Always verify the content of the email you want to receive.
- Select [Deliver] from available options
- If selecting more than one email, select each checkbox and then click [Deliver]. That’s it!
Note: Released emails may take a few minutes to appear in your inbox.
Via Quarantine Summary Email Notifications (Only Quarantined Emails)
- Click on [Deliver] next to the email information. This process may take a while before you see the email on your inbox.
Allow List Emails/Domains
Warning
Please use with caution as Allow List bypasses our security system for the specified sender/domain. This means that if an Allow Listed sender is hacked and is sending malicious emails, our system will skip any/all security checks and their emails will be allowed into your inbox.
Via Quarantine Portal (All Emails)
Method 1
When reviewing an email in the Quarantine Summary, you can select [Allow List] to add the email address to the allow list and deliver the quarantined email.
Method 2
While in the Quarantine Summary, select [Settings] then [Sender Policy]. Enter the sender’s domain or email address and select [Exempt] to Allow List the sender.
Via Quarantine Summary Email Notifications (Only Quarantined Emails)
When viewing the email digest, there is an option to whitelist the email. Please select [Allow List] and this will automatically add the email address to the allow list policy.
Block Emails / Domains
There are multiple ways to block emails or domains using the portal. See steps below.
Method 1
When reviewing an email in the portal, you can select [Block] to add the email address or domain to the block list.
Method 2
While in the Quarantine Summary, select [Settings] then [Sender Policy]. Enter the sender’s domain or email address and select [Block] to block the sender.
Troubleshooting
Please use the following troubleshooting guides if you are having issues.
Expected email hasn’t arrived in your inbox
Check your Quarantine Portal! The email has likely been quarantined.
Emails are blocked, and redelivery keeps failing.
Please contact us at support@ctsitcare.com so we can investigate the email. In most cases, this is due to the domain being found on a global blacklist or content inside the email containing a virus.
Emails from a trusted sender keeps getting blocked, even after whitelist
Please contact us at support@ctsitcare.com. Most cases, this is due to email addresses being on global blacklist.
A sender notified me that their email is getting blocked, but I don’t see the email in my Quarantine Summary.
Barracuda by default won’t show you Blocked emails in the email digest. Instead, please log in to the Quarantine Portal and filter by blocked emails. This way, you should be able to locate the email in question and submit for delivery.
Additional Resources
Onboarding Video Are you a visual learner? Then check out this short video we put together summarizing the content of this document! Email Encryption Barracuda can also encrypt your emails, therefore allowing you an extra secure way to send sensitive information. Email Encryption service is only available for external communications, as internal emails do not leave the mail server. Check out this video to learn more!
Avanan
Avanan scans emails after they have passed through Barracuda, but before they land in the inbox. Its threat detection AI is among the best in the industry, and we have been training it for two weeks to learn about your unique email flow. Much like Barracuda, suspicious emails are marked with various flags to indicate their suspected threat. Please familiarize yourself with the following flagged statuses:
Flag Types
Phishing Attack
These emails pretend to be from a legitimate source with the intention of stealing your information. You can read more about phishing attacks here. When an email is flagged as a phishing attack, it will be quarantined. You will receive an email with an option to restore it. It is very rare for a legitimate email to be flagged as a phishing attack. When in doubt, we suggest following the steps below before restoring such email from the quarantine:
- Contact the sender directly and ask if they sent you this email.
- If you are still in doubt after checking with the sender, you can forward the quarantine notification to our support team at support@ctsitcare.com for further review.
Suspected Phishing Attack
An email that is not positively identified as a phishing attack may be flagged as a suspect based on various factors. These emails will get delivered to your inbox with a warning header. If and when you receive such emails, please be extra cautious when interacting with their content. When in doubt, you can always follow the steps below:
- Contact the sender directly and ask if they sent you this email.
- If you are still in doubt after checking with the sender, you can forward the quarantine notification to our support team at support@ctsitcare.com for further review.
Malware Attack
These are emails with malicious file attachments. You can read more about malware here. Such attacks are extremely dangerous and can cause irreversible damage very quickly. When an email is flagged as a malware attack, it will be quarantined. You will receive an email with an option to request restore from an admin. If you receive a such notification, we suggest following the steps below:
- Contact the sender directly and ask if they sent you this email
- If email seems to be legitimate, you can request a restore of this email and one of our team members will inspect then release it to your inbox
Suspected Malware Attack
An email that is not positively identified as a malware attack may be flagged as suspect based on various factors. When an email is flagged as a suspected malware attack, it will be quarantined. You will receive an email with an option to restore it. When in doubt, we suggest following the steps below before restoring such email from quarantine:
- Contact the sender directly and ask if they sent you this email.
- If you are still in doubt after checking with the sender, you can forward the quarantine notification to our support team at support@ctsitcare.com for further review.
Spam
As a bonus, CTS advance protection will insert [SPAM] in the subject header of any email flagged as spam when delivering it to your inbox.
Quarantined Emails with Self Restore
Email flagged as phishing attacks or suspected malware attacks will be quarantined from your inbox. A notice of this quarantine will be sent to your inbox. In these notices (see image below) the subject is replaced with a quarantined notice and the original subject is provided in brackets. The body of the message is stripped and replaced with a warning to the user. The attachment (if any) is also stripped and noted in the replaced body. If a false positive is suspected, the user can release the quarantined email using the link. If released, the original email and attachment will be immediately delivered back to the inbox.
Quarantined Emails with Admin Restore Request
Email flagged as malware attacks will be quarantined from your inbox. A notice of this quarantine will be sent to your inbox. In these notices (see image below) the subject is replaced with a quarantined notice and the original subject is provided in brackets. The body of the message is replaced with a warning message to the user along with a link to request release of the email. The attachment (if any) is also stripped and noted in the replaced body. If a false positive is suspected, the user can request the release the quarantined email using the link. If released, the original email and attachment will be delivered back to the inbox once approved by a CTS admin.
Emails Flagged with a Warning Header
Email flagged as suspected phishing attacks will be delivered to your inbox with a warning header. The contents of the warning header will change based on the detected threat. In these notices, users are warned of the potential risks detected in the email by an embedded banner that explains the nature of the risk. Clicking “Yes” will whitelist the sender. Clicking "No" will alert the system that the email should continue to be flagged as a security event.
Emails Flagged as Spam
Email flagged as spam will be delivered with [SPAM] in the subject header.