Authenticating and confidence marking e-mail messages
First Claim
1. A computer-implemented method of authenticating an e-mail message, wherein the e-mail message is sent by a first entity in a manner purporting to be on behalf of a second entity, and wherein the second entity is a legal entity not inherently associated with the first entity, the computer-implemented method comprising:
- extracting a plurality of e-mail headers from said e-mail message;
from the extracted plurality of e-mail headers, identifying a sending edge mail transfer agent (MTA) associated with the first entity;
from said e-mail message, identifying the second entity and a domain associated with the second entity;
retrieving via a wide area network (WAN) a record in association with the domain of the second entity, and processing the record to determine whether the identified sending edge MTA associated with the first entity is explicitly identified by the record as authorized to send said e-mail messages on behalf of the second entity; and
responsively authenticating said e-mail message.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for authenticating and confidence marking e-mail messages are described. One embodiment describes a method of authenticating an e-mail message. This method involves extracting a plurality of e-mail headers associated with the e-mail message, and identifying a sending edge mail transfer agent (MTA). The method then calls for determining if the sending edge MTA is authorized to send the e-mail message.
37 Citations
24 Claims
-
1. A computer-implemented method of authenticating an e-mail message, wherein the e-mail message is sent by a first entity in a manner purporting to be on behalf of a second entity, and wherein the second entity is a legal entity not inherently associated with the first entity, the computer-implemented method comprising:
-
extracting a plurality of e-mail headers from said e-mail message; from the extracted plurality of e-mail headers, identifying a sending edge mail transfer agent (MTA) associated with the first entity; from said e-mail message, identifying the second entity and a domain associated with the second entity; retrieving via a wide area network (WAN) a record in association with the domain of the second entity, and processing the record to determine whether the identified sending edge MTA associated with the first entity is explicitly identified by the record as authorized to send said e-mail messages on behalf of the second entity; and responsively authenticating said e-mail message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 23)
-
-
12. An apparatus for authenticating an e-mail message, wherein the e-mail message is sent by a first entity in a manner purporting to be on behalf of a second entity, and wherein the second entity is a legal entity not inherently associated with the first entity, said apparatus comprising instructions stored on non-transitory, machine-readable media, said instructions when executed to cause at least one computer to:
-
extract a plurality of e-mail headers from said e-mail message; from the extracted plurality of e-mail headers, identify a sending edge mail transfer agent (MTA) associated with the first entity; from said e-mail message, identify the second entity and a domain associated with the second entity; retrieve via a wide area network (WAN) a record in association with the domain of the second entity, and process the record to determine whether the identified sending edge MTA associated with the first entity is explicitly identified by the record as authorized to send said e-mail messages on behalf of the second entity; and responsively authenticate said e-mail message. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
24. An apparatus for authenticating an e-mail message, wherein the e-mail message is sent by a first entity in a manner purporting to be on behalf of a second entity, and wherein the second entity is a legal entity not inherently associated with the first entity, said apparatus comprising instructions stored on non-transitory, machine-readable media, said instructions when executed to cause an e-mail client of at least one computer to:
-
extract a plurality of e-mail headers from said e-mail message; from the extracted plurality of e-mail headers, identify a sending edge mail transfer agent (MTA) associated with the first entity; from said e-mail message, identify the second entity and a domain associated with the second entity, including by causing the at least one computer to from the extracted plurality of e-mail headers, identify one or more domains of prior senders which are not inherently associated with the first entity, transmit a request via a WAN to a validation service, wherein the validation service is to compare the one or more domains with a list of known, trustworthy entities having names similar to the one or more domains, and receive a response from the validation service which provides information to identify a SPF record corresponding to one of the known, trustworthy entities; retrieve via a wide area network (WAN) the SPF record corresponding to the one of the known, trustworthy entities, and process the retrieved SPF record to determine whether the identified sending edge MTA associated with the first entity is explicitly identified by the record as authorized to send said e-mail messages on behalf of the one of the known, trustworthy entities; and responsively authenticate said e-mail message and cause display of the e-mail message in the e-mail client in a manner that visually indicates that the e-mail message has been verified.
-
Specification