Email address farming mitigation

US 10,447,731 B2
Filed: 05/26/2017
Issued: 10/15/2019
Est. Priority Date: 05/26/2017
Status: Active Grant

First Claim

Patent Images

1. A computing apparatus comprising:

one or more computer readable storage media;

a processing system operatively coupled with the one or more computer readable storage media; and

program instructions stored on the one or more computer readable storage media, that when executed by the processing system, direct the processing system to at least;

receive requests for endpoint information that correspond to email identities included in the requests;

for ones of the requests that indicate invalid email identities, determine responses that conceal validity of the invalid email identities by deriving target endpoint information based at least on the invalid email identities; and

provide the responses that indicate the target endpoint information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, apparatuses, and software for electronic mail systems and service in computing environments are provided herein. In one example, an email service is provided that receives receive requests for endpoint information that correspond to email identities included in the requests. For ones of the requests that indicate invalid email identities, the email service determines responses that conceal validity of the invalid email identities by deriving target endpoint information based at least on the invalid email identities, and provides the responses that indicate the target endpoint information.

18 Citations

20 Claims

1. A computing apparatus comprising:
- one or more computer readable storage media;
  
  a processing system operatively coupled with the one or more computer readable storage media; and
  
  program instructions stored on the one or more computer readable storage media, that when executed by the processing system, direct the processing system to at least;
  
  receive requests for endpoint information that correspond to email identities included in the requests;
  
  for ones of the requests that indicate invalid email identities, determine responses that conceal validity of the invalid email identities by deriving target endpoint information based at least on the invalid email identities; and
  
  provide the responses that indicate the target endpoint information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computing apparatus of claim 1, wherein for each of the responses, the target endpoint information comprises at least one associated endpoint address corresponding to a valid endpoint capable of handling authentication attempts issued for associated ones of the invalid email identities.
  - 3. The computing apparatus of claim 1, wherein responsive to authentication attempts for the invalid email identities issued to endpoints indicated by the target endpoint information, the endpoints prompt for login credentials related to the invalid email identities.
  - 4. The computing apparatus of claim 1, comprising further program instructions, when executed by the processing system, direct the processing system to at least:
    - determine the responses that conceal the validity of the email identities by at least processing content of the invalid email identities with an endpoint obfuscation process to reduce potential identification of the validity of the email identities while maintaining consistent responses to the requests among each individual invalid email identity.
  - 5. The computing apparatus of claim 1, wherein the endpoint information relates to a hybrid email system comprising a distributed email system and at least one on-premises email system;
    - andcomprising further program instructions, when executed by the processing system, direct the processing system to at least;
      
      determine the responses that conceal the validity of the email identities by at least processing the invalid email identities with at least an obfuscation function to identify the target endpoint information from among the distributed email system and the at least one on-premises email system;
      
      based at least on the obfuscation function indicating the distributed email system, determine associated responses that indicate an endpoint address for the distributed email system; and
      
      based at least on the obfuscation function indicating the at least one on-premises email system, determine associated responses that indicate the at least one on-premises email system.
  - 6. The computing apparatus of claim 5, comprising further program instructions, when executed by the processing system, direct the processing system to at least:
    - based at least on the at least one on-premises email system comprising a plurality of on-premises email systems, processing the invalid email identities with at least a further obfuscation function to distribute the target endpoint information among the plurality of on-premises email systems.
  - 7. The computing apparatus of claim 1, wherein the endpoint information relates to an email system comprising a plurality of on-premises email systems;
    - andcomprising further program instructions, when executed by the processing system, direct the processing system to at least;
      
      determine the responses that conceal the validity of the email identities by at least processing the invalid email identities with at least an obfuscation function to distribute the target endpoint information among the plurality of on-premises email systems.
  - 8. The computing apparatus of claim 1, wherein the endpoint information relates to an email system comprising a distributed email system;
    - andcomprising further program instructions, when executed by the processing system, direct the processing system to at least;
      
      determine the responses that obfuscate the validity of the email identities by at least providing the valid endpoint information from among the distributed email system responsive to the requests indicating the invalid email identities.

9. A method of operating an email service, the method comprising:
- receiving requests for endpoint information that correspond to email identities included in the requests;
  
  for ones of the requests that indicate invalid email identities, determining responses that conceal validity of the invalid email identities by deriving target endpoint information based at least on the invalid email identities; and
  
  providing the responses that indicate the target endpoint information.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein for each of the responses, the target endpoint information comprises at least one associated endpoint address corresponding to a valid endpoint capable of handling authentication attempts issued for associated ones of the invalid email identities.
  - 11. The method of claim 9, wherein responsive to authentication attempts for the invalid email identities issued to endpoints indicated by the target endpoint information, the endpoints prompt for login credentials related to the invalid email identities.
  - 12. The method of claim 9, further comprising:
    - determining the responses that conceal the validity of the email identities by at least processing content of the invalid email identities with an endpoint obfuscation process to reduce potential identification of the validity of the email identities while maintaining consistent responses to the requests among each individual invalid email identity.
  - 13. The method of claim 9, wherein the endpoint information relates to a hybrid email system comprising a distributed email system and at least one on-premises email system;
    - andfurther comprising;
      
      determining the responses that conceal the validity of the email identities by at least processing the invalid email identities with at least an obfuscation function to identify the target endpoint information from among the distributed email system and the at least one on-premises email system;
      
      based at least on the obfuscation function indicating the distributed email system, determining associated responses that indicate an endpoint address for the distributed email system; and
      
      based at least on the obfuscation function indicating the at least one on-premises email system, determining associated responses that indicate the at least one on-premises email system.
  - 14. The method of claim 13, further comprising:
    - based at least on the at least one on-premises email system comprising a plurality of on-premises email systems, processing the invalid email identities with at least a further obfuscation function to distribute the target endpoint information among the plurality of on-premises email systems.
  - 15. The method of claim 9, wherein the endpoint information relates to an email system comprising a plurality of on-premises email systems;
    - andfurther comprising;
      
      determining the responses that obfuscate the validity of the email identities by at least processing the invalid email identities with at least a obfuscation function to distribute the target endpoint information from among the plurality of on-premises email systems.
  - 16. The method of claim 9, wherein the endpoint information relates to an email system comprising a distributed email system;
    - andfurther comprising;
      
      determining the responses that conceal the validity of the email identities by at least providing the target endpoint information from among the distributed email system responsive to the requests indicating the invalid email identities.

17. A computing apparatus comprising:
- one or more computer readable storage media;
  
  a processing system operatively coupled with the one or more computer readable storage media; and
  
  program instructions stored on the one or more computer readable storage media, that when executed by the processing system, direct the processing system to at least;
  
  receive requests for mailbox endpoint identities corresponding to invalid email addresses; and
  
  provide obfuscated responses that conceal validity of the invalid email addresses by returning identities of mailbox endpoints derived based at least on the invalid email addresses, wherein the identities of mailbox endpoints relate to target endpoints capable of handling authentication attempts for ones of the invalid email addresses.
- View Dependent Claims (18, 19, 20)
- - 18. The computing apparatus of claim 17, wherein the endpoint information relates to an email system comprising a distributed email service and an on-premises email service comprising a plurality of on-premises endpoints;
    - andcomprising further program instructions, when executed by the processing system, direct the processing system to at least;
      
      determine the obfuscated responses that conceal the validity of the invalid email addresses by processing each of the invalid email addresses with at least a hash function that produces a selection among the distributed email service and the on-premises email service.
  - 19. The computing apparatus of claim 18, comprising further program instructions, when executed by the processing system, direct the processing system to at least:
    - based at least on the hash function indicating the distributed email service, determine associated obfuscated responses that indicate at least a mailbox endpoint address for the distributed email service;
      
      based at least on the hash function indicating the on-premises email service, determine further associated obfuscated responses spread among the plurality of on-premises endpoints.
  - 20. The computing apparatus of claim 19, comprising further program instructions, when executed by the processing system, direct the processing system to at least:
    - determine the further associated obfuscated responses spread among the plurality of on-premises endpoints by processing each of the invalid email addresses with at least a further hash function that produces a selection among the plurality of on-premises endpoints.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Singh, Deepak Kumar, Abraham, Sabitha, Tousignant, Patrick
Primary Examiner(s)
Williams, Jeffery L

Application Number

US15/606,341
Publication Number

US 20180343282A1
Time in Patent Office

872 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 51/48   Message addressing, e.g. ad...

H04L 63/0414   during transmission, i.e. p...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/1466   Active attacks involving in...

Email address farming mitigation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Email address farming mitigation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others