Search Images Maps Play YouTube News Gmail Drive More »
Sign in
Screen reader users: click this link for accessible mode. Accessible mode has the same essential features but works better with your reader.

Patents

  1. Advanced Patent Search
Publication numberUS20020016824 A1
Publication typeApplication
Application numberUS 09/086,345
Publication dateFeb 7, 2002
Filing dateMay 29, 1998
Priority dateNov 25, 1997
Also published asUS6393465, US20020198950
Publication number086345, 09086345, US 2002/0016824 A1, US 2002/016824 A1, US 20020016824 A1, US 20020016824A1, US 2002016824 A1, US 2002016824A1, US-A1-20020016824, US-A1-2002016824, US2002/0016824A1, US2002/016824A1, US20020016824 A1, US20020016824A1, US2002016824 A1, US2002016824A1
InventorsRobert G. Leeds
Original AssigneeRobert G. Leeds
Export CitationBiBTeX, EndNote, RefMan
External Links: USPTO, USPTO Assignment, Espacenet
Junk electronic mail detector and eliminator
US 20020016824 A1
Abstract
A method and system for parsing and analyzing incoming electronic mail messages to determine a confidence factor indicative of whether or not the messages are junk e-mail. The method and system utilize message services which attempt to contact the purported sender in order to verify that the identified host computer actually exists and accepts outgoing mail services for the specified user. The routing history is also examined to ensure that identified intermediate sites are also valid. Likewise, seed addresses can alert an e-mail provider to potential mass mailings by reporting when mail is received for ghost or non-existent accounts.
Images(9)
Previous page
Next page
Claims(26)
I claim what is new and desired to be secured by Letters Patent is:
1. A computer program product, comprising:
a computer storage medium and a computer program code mechanism embedded in the computer storage medium for causing a computer to process electronic mail messages, the computer program code mechanism comprising:
a first computer code device configured to receive an incoming electronic mail message;
a second computer code device configured to determine a candidate machine and a candidate user id of a purported sender of the incoming electronic mail message;
a third computer code device configured to send a verification request to the candidate user id at the candidate machine;
a fourth computer code device configured to receive a verification response to the verification request; and
a fifth computer code device configured to block delivery of the incoming electronic mail message based on the verification response when the response indicates that the candidate machine does not exist.
2. The computer program product as claimed in claim 1, further comprising:
a sixth computer code device configured to send an authentication message to an authenticator to determine if the incoming electronic mail message purportedly from the candidate user id and candidate machine should be blocked;
a seventh computer code device configured to receive an authentication response from the authenticator indicating whether the incoming electronic mail message should be blocked; and
an eighth computer code device configured to block delivery of the incoming electronic mail message based on the authentication response.
3. The computer program product as claimed in claim 1, wherein the second computer code device comprises a sixth computer code device configured to parse a “From:” field into the candidate machine and the candidate user id.
4. The computer program product as claimed in claim 1, wherein the second computer code device comprises a sixth computer code device configured to parse a “Reply-To:” field into the candidate machine and the candidate user id.
5. The computer program product as claimed in claim 1, wherein the fifth computer code device comprises a sixth computer code device configured to block delivery of the incoming electronic mail message based on filtering rules and based on the verification response when the verification response indicates that the candidate machine does not exist or the candidate user id is invalid.
6. The computer program product as claimed in claim 2, wherein the fifth and eighth computer code devices comprise a ninth computer code device configured to use a weighted metric to block delivery of the incoming electronic mail message based on the authentication response and based on the verification response when the verification response indicates that the candidate machine does not exist or the candidate user id is invalid.
7. The computer program product as claimed in claim 1, further comprising:
a sixth computer code device configured to remove the incoming electronic mail message from a user's mail box after delivery when the incoming electronic mail message subsequently is identified as a junk electronic mail message.
8. The computer program product as claimed in claim 2, wherein:
the second computer code device comprises a ninth computer code device configured to parse a unique identification code from the incoming electronic mail message; and
the sixth computer code device comprises a tenth computer code device configured to send the unique identification code, the candidate machine, and the candidate user id to the authenticator.
9. A computer program product, comprising:
a computer storage medium and a computer program code mechanism embedded in the computer storage medium for causing a computer to process electronic mail messages, the computer program code mechanism comprising:
a first computer code device configured to receive an incoming electronic mail message;
a second computer code device configured to parse out an intended addressee for the incoming electronic mail message;
a third computer code device configured to compare the intended addressee to a list of seed addresses which identify possible mass mailings; and
a fourth computer code device configured to block delivery of other electronic mail messages when a message body of the other electronic mail messages is similar to a message body of the incoming electronic mail message.
10. The computer program product as claimed in claim 9, wherein the fourth computer code device comprises a fifth computer code device configured to send the message body of the incoming electronic mail message to a remote authenticator.
11. The computer program product as claimed in claim 9, wherein the fourth computer code device comprises a fifth computer code device configured to send the message body of the incoming electronic mail message to a local authenticator.
12. A computer-implemented method of utilizing a computer memory to perform the steps of:
receiving an incoming electronic mail message;
determining a candidate machine and a candidate user id of a purported sender of the incoming electronic mail message;
sending a verification request to the candidate user id at the candidate machine;
receiving a verification response to the verification request; and
blocking delivery of the incoming electronic mail message based on the verification response when the verification response indicates that the candidate machine does not exist.
13. The computer-implemented method as claimed in claim 12, further comprising the steps of:
sending an authentication message to an authenticator to determine if the incoming electronic mail message purportedly from the candidate user id and candidate machine should be blocked;
receiving an authentication response from the authenticator indicating whether the incoming electronic mail message should be blocked; and
blocking delivery of the incoming electronic mail message based on the authentication response.
14. The computer-implemented method as claimed in claim 12, wherein the step of determining comprises the sub-step of parsing a “From:” field into the candidate machine and the candidate user id.
15. The computer-implemented method as claimed in claim 12, wherein the step of determining comprises the sub-step of parsing a “Reply-To:” field into the candidate machine and the candidate user id.
16. The computer-implemented method as claimed in claim 12, wherein the step of blocking comprises the sub-step of blocking delivery of the incoming electronic mail message based on filtering rules and based on the verification response when the verification response indicates that the candidate machine does not exist or the candidate user id is invalid.
17. The computer-implemented method as claimed in claim 13, wherein the steps of blocking comprise a combined sub-step of using a weighted metric to block delivery of the incoming electronic mail message based on the authentication response and based on the verification response when the verification response indicates that the candidate machine does not exist or the candidate user id is invalid.
18. The computer-implemented method as claimed in claim 12, further comprising:
removing the incoming electronic mail message from a user's mail box after delivery when the incoming electronic mail message subsequently is identified as a junk electronic mail message.
19. The computer-implemented method as claimed in claim 13, wherein:
the step of determining comprises the sub-step of parsing a unique identification code from the incoming electronic mail message; and
the step of sending the verification request comprises sending the unique identification code, the candidate machine, and the candidate user id to the authenticator.
20. A computer-implemented method of utilizing a computer memory to perform the steps of:
receiving an incoming electronic mail message;
parsing out an intended addressee for the incoming electronic mail message;
comparing the intended addressee to a list of seed addresses which identify possible mass mailings; and
blocking delivery of other electronic mail messages when a message body of the other electronic mail messages is similar to a message body of the incoming electronic mail message.
21. The computer-implemented method as claimed in claim 20, wherein the step of blocking comprises sending the message body of the incoming electronic mail message to a remote authenticator.
22. The computer-implemented method as claimed in claim 20, wherein the step of blocking comprises sending the message body of the incoming electronic mail message to a local authenticator.
23. A computer program product, comprising:
a computer storage medium and a computer program code mechanism embedded in the computer storage medium for causing a computer to process electronic mail messages, the computer program code mechanism comprising:
a first computer code device configured to receive an incoming electronic mail message;
a second computer code device configured to determine a candidate machine and a candidate user id of a purported sender of the incoming electronic mail message;
a third computer code device configured to send a verification request to the candidate user id at the candidate machine;
a fourth computer code device configured to receive a verification response to the verification request; and
a fifth computer code device configured to block delivery of the incoming electronic mail message based on the verification response when the response indicates that the candidate user id is invalid.
24. A computer-implemented method of utilizing a computer memory to perform the steps of:
receiving an incoming electronic mail message;
determining a candidate machine and a candidate user id of a purported sender of the incoming electronic mail message;
sending a verification request to the candidate user id at the candidate machine;
receiving a verification response to the verification request; and
blocking delivery of the incoming electronic mail message based on the verification response when the verification response indicates that the candidate user id is invalid.
25. A system for blocking undesired e-mails, the system comprising:
means for receiving an incoming electronic mail message;
means for determining a candidate machine and a candidate user id of a purported sender of the incoming electronic mail message;
means for sending a verification request to the candidate user id at the candidate machine;
means for receiving a verification response to the verification request; and
means for blocking delivery of the incoming electronic mail message based on the verification response when the verification response indicates that the candidate user id is invalid.
26. A system for blocking undesired e-mails, the system comprising:
means for receiving an incoming electronic mail message;
means for determining a candidate machine and a candidate user id of a purported sender of the incoming electronic mail message;
means for sending a verification request to the candidate user id at the candidate machine;
means for receiving a verification response to the verification request; and
means for blocking delivery of the incoming electronic mail message based on the verification response when the verification response indicates that the candidate machine does not exist.
Description

[0001] This is a non-provisional application based on Provisional Application Ser. No. 60/066,292 filed Nov. 25, 1997, the contents of which are incorporated herein by reference.

BACKGROUND OF THE INVENTION

[0002] 1. Field of the Invention

[0003] The present invention concerns electronic messaging in general and electronic mail in particular, and provides a method and system for handling electronic mail messages, verifying the origination of messages to determine the probability that they are or are not junk e-mail, and detecting that a mass mailing has been initiated by utilizing special addresses.

[0004] 2. Description of the Background

[0005] Digital storage of information brings with it the ability to transfer such information easily and inexpensively. As a result of this situation, unwanted or unsolicited junk e-mail (sometimes referred to as “spam”) has become prevalent on the Internet since messages can be sent without a specific “per-character” cost. As a result, the average e-mail account currently receives a number of unsolicited, unwelcome pieces of junk e-mail each day, with a rapidly increasing number of pieces being forecast.

[0006] Documents are available which describe electronic mail handling procedures. In particular, two Internet standards on e-mail are incorporated herein by reference in their entirety. They are: Internet STD0014 entitled “MAIL ROUTING AND THE DOMAIN SYSTEM” (also known as RFC 974) and Internet STD0010 entitled “SIMPLE MAIL TRANSFER PROTOCOL” (also known as RFC 821). The contents of the Second Edition of “sendmail” by Bryan Costales and Eric Allman, published by O'Reilly Publishing, is also incorporated herein by reference. Further, some issued patents address the general handling of electronic mail. For example, U.S. Pat. No. 5,377,354 teaches a method for prioritizing a plurality of incoming electronic mail messages by comparing the messages with a list of key words. U.S. Pat. No. 5,619,648 teaches a method for reducing junk e-mail which uses non-address information and uses a filtering system that has access to models of the user's correspondents. The e-mail system adds a recipient identifier that is used to further specify the recipients in the group to whom the message is sent who should actually receive the message.

[0007] U.S. Pat. No. 5,555,426 teaches a method and apparatus for disseminating messages to unspecified users in a data processing system. The method permits users to associate conditions of interest, such as keywords or originator identities, but does not perform any verification of the originator's identity. The method permits messages to be sent based upon probable interest in the message, rather than being addressed to any specific individual.

[0008] U.S. Pat. No. 5,627,764 teaches a method for implementing a rules-based system that can run a user's set of rules under system control and process messages according to the user's rules. Peloria Mail Scout uses rules to screen junk mail by limiting messages to only known and acceptable senders, but makes no provision for unknown, yet acceptable senders.

[0009] U.S. Pat. No. 5,675,733 teaches a method for collecting, sorting, and compiling statistical summaries of message acknowledgment data, also known as Confirmations of Delivery or COD's. The invention teaches a method for acknowledging a single message to multiple recipients and generating a statistical list of information delivery under such circumstances. Each of the above-referenced U.S. Patents are incorporated herein by reference in their entirety.

SUMMARY OF THE INVENTION

[0010] It is an object of the present invention to address deficiencies in known e-mail handling systems.

[0011] This object and other objects of the present invention are addressed through the use of a computer system or mail handling system which provides enhanced blocking of junk e-mail. Accordingly, the present invention first ascertains if the sender of the e-mail has a verifiable identity and valid computer address. Based upon that determination, certain user-assignable and computable confidence ratios may be automatically determined. If the identity cannot be verified or the address is determined not to be valid or usable for a reply to the sender, the mail can be assigned a presumptive classification as junk e-mail. By applying additional filters, the confidence ratio can be increased to nearly 100%, and the mail can be handled in accordance with standard rules-based procedures, providing for a range of alternatives that include deletion or storage in a manner determined by the user.

[0012] The system of the present invention also advantageously utilizes a cooperative tool, known as an authenticator, to determine if a received e-mail is a junk e-mail. The mail handling system, either automatically or as part of a mail filter, contacts an authenticator with information about a received e-mail. If the authenticator has received negative or adverse notifications from other users who have received the same or similar e-mails, the authenticator informs any mail handling systems that ask that the received e-mail is very likely junk e-mail. This information from the authenticator along with other factors can be weighted to provide an overall confidence rating.

[0013] The system of the present invention also advantageously utilizes a list of “seed” addresses that do not correspond to real users but, rather, to special non-existent (or ghost) accounts. When a message is received that is addressed to a ghost account, the system searches other incoming and recently received messages for the same message body. For messages with the same message body as received for the ghost account, the system marks the messages as having a high probability of being junk e-mail. In an alternate embodiment, the system of the present invention provides cooperative filtering by sending the message body to authenticators or other systems to help the authenticators or other systems to determine that the message is probably a junk e-mail.

BRIEF DESCRIPTION OF THE DRAWINGS

[0014]FIG. 1 is a schematic illustration of a computer system for performing the method of the present invention;

[0015]FIG. 2 is a listing of a first exemplary header that is analyzed according to the present invention;

[0016]FIG. 3 is a listing of a second exemplary header that is analyzed according to the present invention;

[0017]FIG. 4 is a pseudo-code listing of how deliverability is tested according to the present invention;

[0018]FIG. 5 is a pseudo-code listing of how confidence testing of a message is performed according to the present invention;

[0019]FIGS. 6A and 6B are flow diagrams of how message creation, transmission, and reception are processed according to the present invention;

[0020]FIG. 7 is a schematic illustration of plural computers which interact to send, receive, and process/authenticate e-mail according to the present invention; and

[0021]FIG. 8 is a schematic illustration of the operation of the authenticator of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

[0022] Referring now to the drawings, wherein like reference numerals designate identical or corresponding parts throughout the several views, FIG. 1 is a schematic illustration of a computer system for blocking unwanted or junk e-mails. A computer 100 implements the method of the present invention, wherein the computer housing 102 houses a motherboard 104 which contains a CPU 106, memory 108 (e.g., DRAM, ROM, EPROM, EEPROM, SRAM and Flash RAM), and other optional special purpose logic devices (e.g., ASICs) or configurable logic devices (e.g., GAL and reprogrammable FPGA). The computer 100 also includes plural input devices, (e.g., a keyboard 122 and mouse 124), and a display card 110 for controlling monitor 120. In addition, the computer system 100 further includes a floppy disk drive 114; other removable media devices (e.g., compact disc 119, tape, and removable magneto-optical media (not shown)); and a hard disk 112, or other fixed, high density media drives, connected using an appropriate device bus (e.g., a SCSI bus or an Enhanced IDE bus). Although compact disc 119 is shown in a CD caddy, the compact disc 119 can be inserted directly into CD-ROM drives which do not require caddies. Also connected to the same device bus or another device bus as the high density media drives, the computer 100 may additionally include a compact disc reader 118, a compact disc reader/writer unit (not shown) or a compact disc jukebox (not shown). In addition, a printer (not shown) also provides printed e-mails.

[0023] The system further includes at least one computer readable medium. Examples of computer readable media are compact discs 119, hard disks 112, floppy disks, tape, magneto-optical disks, PROMs (EPROM, EEPROM, Flash EPROM), DRAM, SRAM, etc. Stored on any one or on a combination of the computer readable media, the present invention includes software for controlling both the hardware of the computer 100 and for enabling the computer 100 to interact with a human user. Such software may include, but is not limited to, device drivers, operating systems and user applications, such as development tools. Such computer readable media further includes the computer program product of the present invention for blocking unwanted e-mails. These computer readable media can include programs, dynamic link libraries, scripts, or any other executable or interpreted code, including, but not limited to, Java code, C or C++ code, Perl scripts, and Active X controls.

[0024] The method and system of the present invention assign confidence ratings to messages to signify the statuses of the messages as junk e-mails or as a bona fide messages that the recipient may wish to read. The method and system begin by analyzing the origins and transmission paths of the messages. The sender's origination information is extracted from the e-mail message and an automatic reply (called a verification request) is created and sent. Based on the verification response that is received in response to the verification request, the sender is scored as to the probable characteristics, origination, validity, and desirability of the mail. Incoming messages (e-mails) are automatically scanned and parsed, either (1) at a server located at an Internet provider (prior to delivery to the intended ultimate recipient), (2) at a LAN-based receiving station, or (3) at the actual ultimate recipient's mail machine, i.e., local to the user. Once the message has been parsed or broken down into fields, the message is compared with several user defined rules for handling messages, and a confidence rating is assigned to the message. In one embodiment, the message header information is analyzed and a verification request(s) is/are automatically sent to the purported sender(s), as identified by fields such as “From:” or “Reply-To:”. If there is a delivery problem in delivering the verification request, the presumed validity of the message is reduced in accordance with a set of user-definable criteria. In addition to determining the purported origination point, the present invention automatically analyzes all information pertaining to the sender, the path of delivery, any information pertaining to copies, blind copies, or other indicia of validity of the origin of the message to determine if there has been a discernable effort to obscure the origin, disguise the sender, or in some other way to inhibit the recipient from performing verification of the sender's identity. For example, if a message has purportedly been relayed through a machine named mail.fromnowhere.com and the mail handling system has determined that such a machine does not actually exist, the confidence rating for the message should be decreased.

[0025] Techniques for reducing the amount of junk e-mail by using confidence rating technology based upon characteristics of junk e-mail are also implemented in the invention. Factors that the invention incorporates in a determination of the status of mail as junk e-mail or a valid message, include maintaining (1) a list of certain mail providers known to be an origination point of junk e-mail, (2) a dictionary of certain content frequently found in junk e-mail, and (3) a learning knowledge base that creates its own rules to ascertain prior junk e-mail characteristics and subsequently adds those criteria to the knowledge base to prevent future junk e-mail with the same or similar characteristics from being delivered.

[0026] Primary components of the invention are (1) screening all incoming messages by the receiver on either the mail server or the local receiving facility and (2) automatically sending a reply (in the form of a verification request) to the purported sender(s). The verification request is sent to all address locations contained in the sender's address information or any subset of those addresses as determined by the recipient. If that verification request is undeliverable (as determined by the receipt of the corresponding verification response), the message can be automatically deleted or marked as junk e-mail. In addition, rules filters can be used in conjunction with the presumptive test for a purported sender's address, to determine a confidence rating based upon a scoring technique, which the user can set forth based upon factors the user considers to be most significant. The e-mail filtering can be used in conjunction with the verification response to refine the confidence rating. As an example, a previously read junk e-mail can be added to the rules base to look for certain phrases. This may not be sufficient, however, to screen out valid mail that cites or quotes from the junk e-mail. If, however, the content is combined with an address that cannot pass a verification request, the user may wish to assign a 100% confidence rating, and the mail can optionally be automatically deleted.

[0027]FIG. 2 shows an exemplary e-mail header that is received by the system of the present invention. The fields for “Return Path:,” “From:,” and “Reply-To:” are highlighted as three of the fields which the present invention will parse from the message header. The line:

[0028] From: 48941493@notarealaddress.com

[0029] is broken down into a user id (48941493) and a host name (notarealaddress.com). Likewise, the line:

[0030] Reply-To: junker@notarealaddress3.com

[0031] is also broken down into its corresponding user id (junker) and host name (notarealaddress3.com). Both of these addresses will receive verification requests attempting to verify that these addresses represent valid user and host names. The same process is performed on the message header shown in FIG. 3.

[0032] Accordingly, the system of the present invention can analyze e-mail headers to determine whether or not the e-mail has been received from a site suspected of sending junk e-mail. A received e-mail that conforms to RFC 821 includes fields identifying the sender and the recipient, i.e., the “From:” and the “To:” fields, respectively. Messages may optionally contain a “Reply-To:” field if a user wishes to have his/her replies directed to a different e-mail address. Since junk e-mails often come from either non-existent users or non-existent sites or both, a first level check is to determine if the alleged sender identified by the “From:” or “Reply-To:” fields are valid. This first level check corresponds to issuing a verification request and can be in many forms, including: (1) sending a message to the user identified by the “From:” or “Reply-To:” fields and examining whether the message can be successfully delivered, (2) using the UNIX “whois” command to determine if a site (or host) by that name actually exists, (3) using the UNIX “finger” command to identify if a user name exists at a verifiable host, (4) using the “vrfy” command when connected to a sendmail daemon to verify that a user exists at a particular site, and (5) using the UNIX “traceroute” command to make sure there is a valid route back to the specified host. It is presently preferred to utilize a method which does not create an endless cycle of messages while attempting to verify a sender's address. That is, if each message generated a sender verification message which in turn generated a sender verification message, then the system would quickly become inundated with extra messages. Accordingly, the present invention utilizes messaging for sender verification that do not generate a cascade of new verification requests. In an alternate embodiment, the system keeps track of which verification requests are outstanding and thereby prevents cascading requests by limiting the system to sending a single verification message for a particular address within a period of time The system thus maintains a cache of recently authorized and recently denied addresses.

[0033]FIG. 4 shows a test of deliverability for three messages received by a mail handling system. Each of the three header messages is parsed into fields to enable the system to determine purported senders. The system then generates replies to the messages in the form of verification requests. Each of the verification requests is sent to the purported sender of its corresponding message, and the replies or verification responses are analyzed. For each of the verification requests that were undeliverable, the system marks the message as suspected junk e-mail, otherwise the message passes the sender deliverability test. Additionally, the verification request, when successful, performs the function of providing a return receipt verification.

[0034] The process of FIG. 4 can be augmented in an alternate embodiment to include the confidence testing shown in FIG. 5. By analyzing phrases and keywords in the message bodies, better confidence values can be assigned to each e-mail message.

[0035] When verifying that a user is a valid user by sending a verification request in the form of an e-mail message, the system creates and transmits an e-mail message and examines the verification response as shown in FIGS. 6A, 6B, and 7. The network that connects the computers can either be a local area network, a wide area network, or the Internet. Table I below shows the steps of creating and transmitting an e-mail message and of receiving a delivery result message as shown in FIGS. 6A and 6B.

TABLE I
A. Message Creation
1. Address header
2. Subject
3. Message content
B. Message Transmission
1. Address Header
2. Routing
a) To
b) From
(1) Test From Address for validity
c) Reply
(1) Test Reply Address for validity
d) Received 1
(1) Test for Validity
e) Received 2
(1) Test for Validity
f) Received 3
(1) Test of Validity
C. Message Receipt
1. Server
a) Review results of tests
b) Apply rules based on test results
c) Assign confidence rating
d) File mail based on confidence rating rule
2. Local
a) Review results of tests
b) Apply rules based on test results
c) Assign confidence rating
d) File mail based on confidence rating rule

[0036] As shown in FIG. 8, the general mail blocking program can be supplemented with an authenticator component to enable cooperative determination of junk e-mail. This works just as described above, except that it adds the facility of replying to an address supplied by the present invention to the subscriber. Users of the present invention would be provided with an authentication code certifying that they are not known spammers. In effect, the system would vouch for the authenticity, and the “spam check” would be sent to the system of the present invention and auto-responded to. If it turned out that the sender had abused his authentication privileges, the authentication address would be added to a list that automatically responds with a known key phrase in the subject line of the message so that the recipient would know immediately that this sender is not trustworthy. This eliminates having to reply to the original sender, who may be unknown due to blind carbon copies (BCCs), etc. Further, the authenticator would potentially be receiving additional information on whether or not a message was a junk e-mail while the message was present in a user's inbox. If the message was determined to be a junk e-mail, the mail program would be informed, and the user would be able to have the message automatically discarded or to be marked as potentially junk. If a message has previously been checked but the message was not yet known to be junk, and if the user has not yet read the message, the authenticator may “call back” the mail program that previously checked the message and identify that the message, although previously thought to be okay, is now believed to be junk.

[0037] In order to provide each user with an authentication ID that the authenticator can use to quickly determine if the sender is a known junk e-mailer, the e-mail users would each register, potentially for a fee, and their e-mail program would be assigned a unique identification code. Preferably, the e-mail program would maintain the unique code in secret by the mail program such that the users and others would not see the message. For example, to prevent a recipient from stealing a unique code of another user from which he/she has received a message, the e-mail program or the e-mail handling system at an ISP or corporate level could strip the unique code before delivering the message. That is, when a message is received, the mail program or mail handling system would send the unique code and the “From:” identifier to the authenticator for authentication. The code and the “From:” identifier would be checked against the database of known junk e-mailers as well as checked for consistency between the two parts. If the code was for a known junk e-mailer, or if the code and the “From:” field did not match, the mail program or mail handling system would be warned of the problem. Since the message would then be authenticated, the unique code would no longer be needed and could be stripped before passing the mail message to the user.

[0038] In an alternate embodiment, the unique code is further protected by being used in conjunction with message signing and encryption. The mail program (or mail handling system) would send the authenticator a message to be authenticated, including the digitally signed part, the signature, and the unique code. The authenticator then would check the signed part of the message against the signature using the encryption key which is registered to the unique code. In this way, added protection from junk e-mail is obtained.

[0039] In an alternate embodiment, e-mail programs would send mail to be authenticated directly to an authentication server. The authentication server would check the message as in any of the above methods. When the authenticator had verified that the message was not part of a junk e-mail effort, the authenticator would “sign” the message and send the signed message on to its intended recipient. The user's mail program that eventually received the message would be able to authenticate it immediately as having been pre-authenticated, either by the signature or by the IP address from which the “signed” message was received. This would avoid the mail program from having to perform a remote communication before delivering the message.

[0040] In an alternate embodiment, a series of “seeded” e-mail addresses would be provided on the e-mail service that would be considered early warning notification of a junk e-mail effort. These addresses would correspond to non-existent or ghost accounts which a system has reserved for junk e-mail detection, e.g., Al Aardvark and Arnie Apple. If these messages use the first set of ASCII characters, then the system would be notified early when Al Aardvark and Arnie Apple receive the beginning of a mass junk e-mailing. Thus, the system could immediately identify the remaining messages with the same or similar contents as junk e-mail. An alternate way to do this would be to “seed ” newsgroups and member profiles with phony addresses that only the provider would know of As a result, these addresses could be watched for incoming junk e-mail and a notification from the authentication server could then be broadcast to users indicating that mail with the subject of “XYZ” is junk e-mail. This would allow the client or server of the present invention to automatically eliminate the junk e-mail. Alternatively, a user requesting a service provider to handle this automatically would have the seeded addresses watched, notice the junk e-mail, and automatically prevent the mail from being transmitted any further to users that have requested services of the system of the present invention.

[0041] All of the above are only some of the examples of available embodiments of the present invention. Those skilled in the art will readily observe that numerous other modifications and alterations may be made without departing from the spirit and scope of the invention.

Referenced by
Citing PatentFiling datePublication dateApplicantTitle
US6778941 *Nov 13, 2001Aug 17, 2004Qualia Computing, Inc.Message and user attributes in a message filtering method and system
US6829635 *Jul 1, 1998Dec 7, 2004Brent TownshendSystem and method of automatically generating the criteria to identify bulk electronic mail
US7149778 *Jan 31, 2001Dec 12, 2006Yahoo! Inc.Unsolicited electronic mail reduction
US7209954Mar 30, 2005Apr 24, 2007Mcafee, Inc.System and method for intelligent SPAM detection using statistical analysis
US7209956 *Nov 30, 2000Apr 24, 2007Sony Deutschland GmbhProtocol for instant messaging
US7219131Jan 16, 2003May 15, 2007Ironport Systems, Inc.Electronic message delivery using an alternate source approach
US7275082 *Sep 4, 2003Sep 25, 2007Pang Stephen Y FSystem for policing junk e-mail messages
US7363490Sep 12, 2002Apr 22, 2008International Business Machines CorporationMethod and system for selective email acceptance via encoded email identifiers
US7461397 *Jan 5, 2004Dec 2, 2008Kryptiq CorporationCustomized electronic messaging
US7523496 *Jul 31, 2001Apr 21, 2009International Business Machines CorporationAuthenticating without opening electronic mail
US7571319Oct 14, 2004Aug 4, 2009Microsoft CorporationValidating inbound messages
US7599993Dec 27, 2004Oct 6, 2009Microsoft CorporationSecure safe sender list
US7603422Dec 27, 2004Oct 13, 2009Microsoft CorporationSecure safe sender list
US7620690Oct 25, 2004Nov 17, 2009Lashback, LLCPrivacy control system for electronic communication
US7644274 *Mar 30, 2000Jan 5, 2010Alcatel-Lucent Usa Inc.Methods of protecting against spam electronic mail
US7647376 *Feb 5, 2002Jan 12, 2010Mcafee, Inc.SPAM report generation system and method
US7653695Feb 17, 2005Jan 26, 2010Ironport Systems, Inc.Collecting, aggregating, and managing information relating to electronic messages
US7653879 *Sep 16, 2003Jan 26, 2010Microsoft CorporationUser interface for context sensitive creation of electronic mail message handling rules
US7685242 *Sep 27, 2007Mar 23, 2010Stephen Y. F. PangSystem for policing junk e-mail messages
US7748038Dec 6, 2004Jun 29, 2010Ironport Systems, Inc.Method and apparatus for managing computer virus outbreaks
US7752440Apr 29, 2004Jul 6, 2010Alcatel-Lucent Usa Inc.Method and apparatus for reducing e-mail spam and virus distribution in a communications network by authenticating the origin of e-mail messages
US7756930May 28, 2004Jul 13, 2010Ironport Systems, Inc.Techniques for determining the reputation of a message sender
US7779080 *Aug 20, 2007Aug 17, 2010Pang Stephen Y FSystem for policing junk e-mail messages
US7844669 *Sep 16, 2004Nov 30, 2010Avaya Inc.Out of office autoreply filter
US7849142May 27, 2005Dec 7, 2010Ironport Systems, Inc.Managing connections, messages, and directory harvest attacks at a server
US7870200May 27, 2005Jan 11, 2011Ironport Systems, Inc.Monitoring the flow of messages received at a server
US7873695May 27, 2005Jan 18, 2011Ironport Systems, Inc.Managing connections and messages at a server by associating different actions for both different senders and different recipients
US7913079Dec 6, 2007Mar 22, 2011International Business Machines CorporationMethod and system for selective email acceptance via encoded email identifiers
US7917588May 26, 2005Mar 29, 2011Ironport Systems, Inc.Managing delivery of electronic messages using bounce profiles
US8135790Nov 14, 2009Mar 13, 2012Lashback, LLCPrivacy control system for electronic communication
US8166310May 26, 2005Apr 24, 2012Ironport Systems, Inc.Method and apparatus for providing temporary access to a network device
US8219620Feb 20, 2001Jul 10, 2012Mcafee, Inc.Unwanted e-mail filtering system including voting feedback
US8219627 *Mar 22, 2010Jul 10, 2012Fortune Communications, L.L.C.System for policing junk e-mail messages
US8484456 *Dec 8, 2005Jul 9, 2013Alien Camel Pty Ltd.Trusted electronic messaging system
US8601160Feb 9, 2006Dec 3, 2013Mcafee, Inc.System, method and computer program product for gathering information relating to electronic content utilizing a DNS server
US8645697 *Aug 9, 2004Feb 4, 2014Radix Holdings, LlcMessage authorization
US8744979Dec 6, 2010Jun 3, 2014Microsoft CorporationElectronic communications triage using recipient's historical behavioral and feedback
US8843564 *May 13, 2005Sep 23, 2014Blackberry LimitedSystem and method of automatically determining whether or not to include message text of an original electronic message in a reply electronic message
US20010003203 *Nov 30, 2000Jun 7, 2001Niels MacheProtocol for instant messaging
US20060259554 *May 13, 2005Nov 16, 2006Research In Motion LimitedSystem and method of automatically determining whether or not to include message text of an original electronic message in a reply electronic message
US20110055196 *Aug 28, 2009Mar 3, 2011Microsoft CorporationData mining electronic communications
US20150012597 *Jul 3, 2013Jan 8, 2015International Business Machines CorporationRetroactive management of messages
CN1767507B *Oct 13, 2005Nov 26, 2014微软公司System and method for verifying messages
EP1575228A1 *Feb 22, 2005Sep 14, 2005Lucent Technologies Inc.Method and apparatus for reducing e-mail spam and virus distribution in a communications network by authenticating the origin of e-mail messages
EP1647930A1 *Oct 12, 2005Apr 19, 2006Microsoft CorporationValidating inbound messages
EP1675057A1 *Dec 8, 2005Jun 28, 2006Microsoft CorporationSecure safe sender list
EP1676206A1 *Sep 24, 2004Jul 5, 2006Trusted Delivery Pty LtdMethod and system for delivering electronic messages using a trusted delivery system
EP2562975A1 *Mar 6, 2003Feb 27, 2013McAfee, Inc.Systems and methods for enhancing electronic communication security
Classifications
U.S. Classification709/207
International ClassificationH04L12/58
Cooperative ClassificationH04L12/585, H04L51/12
European ClassificationH04L51/12, H04L12/58F
Legal Events
DateCodeEventDescription
Nov 21, 2013FPAYFee payment
Year of fee payment: 12
Nov 23, 2009FPAYFee payment
Year of fee payment: 8
May 19, 2006FPAYFee payment
Year of fee payment: 4
May 19, 2006SULPSurcharge for late payment
Dec 7, 2005REMIMaintenance fee reminder mailed
Nov 23, 2001ASAssignment
Owner name: NIXMAIL CORPORATION, FLORIDA
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:LEEDS, ROBERT G.;REEL/FRAME:012320/0632
Effective date: 20011121
Owner name: NIXMAIL CORPORATION 1753 KINSMERE DRIVE NEW PORT R
Owner name: NIXMAIL CORPORATION 1753 KINSMERE DRIVENEW PORT RI
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:LEEDS, ROBERT G. /AR;REEL/FRAME:012320/0632
Owner name: NIXMAIL CORPORATION 1753 KINSMERE DRIVENEW PORT RI
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:LEEDS, ROBERT G. /AR;REEL/FRAME:012320/0632
Effective date: 20011121
Owner name: NIXMAIL CORPORATION 1753 KINSMERE DRIVE NEW PORT R
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:LEEDS, ROBERT G.;REEL/FRAME:012320/0632
Effective date: 20011121