Automated message security scanner detection system
First Claim
Patent Images
1. A method of determining whether an electronic message was delivered to an intended recipient or intercepted by a sandbox, comprising:
- by a message generation server;
identifying a recipient for receiving a message,selecting a first identifier that may be actuated and a second identifier that may be actuated, wherein the first identifier comprises a hyperlink that is associated with a web page at a web address,generating an electronic message so that the message includes the hyperlink, andtransmitting the electronic message to the recipient via a communication network for delivery to an address of the recipient; and
by a web server;
hosting the web page so that the web page includes the second identifier in a format that is not visible to a human user of the web page,monitoring whether interaction occurs with the second identifier, anddetermining whether a sandbox may have intercepted the electronic message based on whether the web server detects interaction with the second identifier.
5 Assignments
0 Petitions
Accused Products
Abstract
An electronic messaging system includes a messaging server that identifies a recipient for an electronic message. The messaging system sends the recipient an electronic message that includes instrumented content. A web server monitors activity and determines whether interaction occurred with the instrumented content. The web server determines whether a sandbox intercepted the message based on whether interaction occurred, or did not occur, with the instrumented content within a threshold time period or with one or more activity characteristics.
-
Citations
22 Claims
-
1. A method of determining whether an electronic message was delivered to an intended recipient or intercepted by a sandbox, comprising:
-
by a message generation server; identifying a recipient for receiving a message, selecting a first identifier that may be actuated and a second identifier that may be actuated, wherein the first identifier comprises a hyperlink that is associated with a web page at a web address, generating an electronic message so that the message includes the hyperlink, and transmitting the electronic message to the recipient via a communication network for delivery to an address of the recipient; and by a web server; hosting the web page so that the web page includes the second identifier in a format that is not visible to a human user of the web page, monitoring whether interaction occurs with the second identifier, and determining whether a sandbox may have intercepted the electronic message based on whether the web server detects interaction with the second identifier. - View Dependent Claims (2)
-
-
3. A method of determining whether an electronic message was intercepted by a sandbox, comprising:
-
by a message generation server; selecting a first identifier that may be actuated and a second identifier that may be actuated, so that the first identifier and the second identifier share at least one common attribute, and so that the first identifier and the second identifier also include at least one attribute that is not common, and generating a first electronic message so that the first electronic message includes the first and second identifiers, and transmitting the first electronic message for delivery to a first recipient address via a communication network; and by a web server; detecting interaction with the first identifier, monitoring whether interaction occurs with the second identifier within a threshold period of time after detecting interaction with the first identifier, and if interaction occurs with the second identifier within the threshold period of time, determining that the first electronic message has been intercepted by a sandbox, otherwise determining that the first electronic message has not been intercepted. - View Dependent Claims (4, 5, 6, 7, 8)
-
-
9. A method of generating an electronic message, comprising:
-
by a message generation server; selecting a first identifier that may be actuated, selecting a second identifier associated with a recipient, generating a plurality of electronic messages so that; each electronic message embeds the first identifier using one of a plurality of embedding methods, and the plurality of electronic messages collectively use more than one of the plurality of embedding messages; and each electronic message embeds the second identifier in a way that the message generation server knows is likely to be accessed; generating a recipient address associated with a recipient that the message generation server knows is invalid or that the message generation server determines is likely to be invalid, and transmitting the plurality of electronic messages for delivery to the recipient address via a communication network; and by a web server; monitoring whether one or more interactions occur with the first and second identifiers in the plurality of electronic messages within a threshold period of time, and generating a cumulative fingerprint based on the one or more interactions with the first and second identifier in the plurality of electronic messages. - View Dependent Claims (10, 11)
-
-
12. An electronic messaging system, comprising:
-
a message generation server comprising a processor and a memory portion containing programming instructions that are configured to cause the message generation server to; identify a recipient for receiving a message, select a first identifier that may be actuated and a second identifier that may be actuated, wherein the first identifier comprises a hyperlink that is associated with a web page at a web address, generate an electronic message so that the message includes the hyperlink, and transmit the electronic message to the recipient via a communication network for delivery to an address of the recipient; and a web server comprising a processor and a memory portion containing programming instructions that are configured to cause the web server to; host the web page so that the web page includes the second identifier in a format that is not visible to a human user of the web page, monitor whether interaction occurs with the second identifier, and determine whether a sandbox may have intercepted the electronic message based on whether the web server detects interaction with the second identifier. - View Dependent Claims (13)
-
-
14. An electronic messaging system, comprising:
-
a message generation server comprising a processor and a memory portion containing programming instructions that are configured to cause the message generation server to; select a first identifier that may be actuated and a second identifier that may be actuated, so that the first identifier and the second identifier share at least one common attribute, and so that the first identifier and the second identifier also include at least one attribute that is not common, and generate a first electronic message so that the first electronic message includes the first and second identifiers, and transmit the first electronic message for delivery to a first recipient address via a communication network; and a web server comprising a processor and a memory portion containing programming instructions that are configured to cause the web server to; detect interaction with the first identifier, monitor whether interaction occurs with the second identifier within a threshold period of time after detecting interaction with the first identifier, and if interaction occurs with the second identifier within the threshold period of time, determine that the first electronic message has been intercepted by a sandbox, otherwise determine that the first electronic message has not been intercepted by the sandbox. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. An electronic messaging system, comprising:
-
a message generation server comprising a processor and a memory portion containing programming instructions that are configured to cause the message generation server to; select a first identifier that may be actuated, select a second identifier associated with a recipient, generate a plurality of electronic messages so that; each electronic message embeds the first identifier using one of a plurality of embedding methods, and the plurality of electronic messages collectively use more than one of the plurality of embedding messages, and each electronic message embeds the second identifier in a way that the message generation server knows is likely to be accessed, generate a recipient address associated with a recipient that the message generation server knows is invalid or that the message generation server determines is likely to be invalid, and transmit the plurality of electronic messages for delivery to the recipient address via a communication network; and a web server comprising a processor and a memory portion containing programming instructions that are configured to cause the web server to; monitor whether one or more interactions occur with the first and second identifiers in the plurality of electronic messages within a threshold period of time, and generate a cumulative fingerprint based on the one or more interactions with the first and second identifier in the plurality of electronic messages. - View Dependent Claims (21, 22)
-
Specification