Two things are most likely killing your deliverability: tracking pixels and click-tracking URLs in your templates, and poor sender reputation on your sending IP or domain. Fix both and you'll stop hitting walls at most enterprise security gateways.
What You're Actually Up Against
Mimecast is known in cold email circles for being particularly aggressive. According to GMass, a cold email platform, Mimecast is known to flag or block emails containing shared tracking pixels or click-tracking URLs — features that are standard in most cold email tools but that Mimecast treats as spam signals. Mimecast's own SLA backs up just how tight the filter is: their spam filter stops 99% of spam with a 0.0001% false positive rate (Mimecast). Legitimate cold email can easily get caught in that net.
Barracuda works differently but is just as punishing. It maintains the Barracuda Reputation Block List (BRBL) — a real-time database that tracks the sending history of IP addresses and URLs worldwide, and feeds those verdicts directly into spam filtering decisions across every Barracuda product deployed globally (Warmy, an email warmup vendor). Critically, Barracuda evaluates both your sending IP and every URL inside your message body independently — so even a clean IP won't save you if a link in your email has a bad reputation (Barracuda Central). The combined system claims a 95% spam accuracy rate, with most threats rejected at the SMTP connection stage before the full message is even downloaded (Barracuda Central).
For B2B outbound specifically, a Barracuda block is especially brutal: there's often no bounce notification and no signal in your sending platform. Your email just vanishes.
Move #1: Kill the Tracking Pixels and Click-Tracking URLs
This week, strip all open-tracking pixels and click-tracking redirects from your cold email templates. Mimecast in particular flags shared tracking links as suspicious because they're a common vector in spam campaigns. According to GMass, turning off open and click tracking "could help" you get past Mimecast's filters — and setting up a custom tracking domain (rather than a shared one) is always a good first move before disabling tracking entirely.
Yes, you lose open-rate data. But getting silently blocked is worse than flying blind on opens. Use reply rate and meeting bookings as your primary success metrics while you sort out deliverability.
Move #2: Clean Up Your Sender Reputation
Go to Barracuda Central's lookup tool right now and check whether your sending IP or domain is listed on the BRBL. If you're on it, you've got work to do.
The path back is straightforward but takes time:
- Authenticate your domain — SPF, DKIM, and DMARC are non-negotiable.
- Reduce sending volume and ramp back up gradually from a clean base.
- Scrub your contact list — Barracuda runs spam trap honeypots, and hitting even one of those addresses flags your IP immediately. Purchased or stale lists are a near-certain source of trap hits (Warmy).
- Audit every link in your templates — Barracuda follows redirect chains to the final destination URL and flags domains registered recently as high-risk (Warmy).
Barracuda may also throttle suspicious IPs before issuing a full block — accepting only one email per minute — which gives you a narrow window to correct behavior before the situation gets worse (Warmy).