Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail
First Claim
Patent Images
1. A method for detecting transmission of potentially unwanted e-mail messages, comprising:
- receiving a plurality of e-mail messages;
generating hash values, as generated hash values, based on one or more portions of the plurality of e-mail messages;
determining whether the generated hash values match hash values associated with prior e-mail messages; and
determining that one of the plurality of e-mail messages is a potentially unwanted e-mail message when one or more of the generated hash values associated with the one of the plurality of e-mail messages match one or more of the hash values associated with the prior e-mail messages.
7 Assignments
0 Petitions
Accused Products
Abstract
A system (120) detects transmission of potentially unwanted e-mail messages. The system (120) may receive e-mail messages and generate hash values based on one or more portions of the e-mail messages. The system (120) may then determine whether the generated hash values match hash values associated with prior e-mail messages. The system (120) may determine that one of the e-mail messages is a potentially unwanted e-mail message when one or more of the generated hash values associated with the e-mail message match one or more of the hash values associated with the prior e-mail messages.
-
Citations
66 Claims
-
1. A method for detecting transmission of potentially unwanted e-mail messages, comprising:
-
receiving a plurality of e-mail messages;
generating hash values, as generated hash values, based on one or more portions of the plurality of e-mail messages;
determining whether the generated hash values match hash values associated with prior e-mail messages; and
determining that one of the plurality of e-mail messages is a potentially unwanted e-mail message when one or more of the generated hash values associated with the one of the plurality of e-mail messages match one or more of the hash values associated with the prior e-mail messages. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A system for detecting transmission of potentially unwanted e-mails, comprising:
-
means for observing a plurality of e-mails;
means for hashing one or more portions of the plurality of e-mails to generate hash values, as generated hash values;
means for determining whether the generated hash values match hash values associated with prior e-mails; and
means for determining that the plurality of e-mails are potentially unwanted e-mails when one or more of the generated hash values match one or more of the hash values associated with the prior e-mails.
-
-
31. A mail server, comprising:
-
one or more hash memories configured to store count values associated with a plurality of hash values; and
a hash processor configured to;
receive an e-mail message, hash one or more portions of the e-mail message to generate hash values, as generated hash values, increment the count values corresponding to the generated hash values, as incremented count values, and determine whether the e-mail message is a potentially unwanted e-mail message based on the incremented count values. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55)
-
-
56. A method for detecting transmission of unwanted e-mail messages, comprising:
-
receiving a plurality of e-mail messages; and
detecting unwanted e-mail messages from the plurality of e-mail messages based on hashes of previously received e-mail messages, where multiple hashes are performed on each of the plurality of e-mail messages.
-
-
57. A method for detecting transmission of potentially unwanted e-mail messages, comprising:
-
receiving an e-mail message;
generating a plurality of hash values, as generated hash values, over blocks of the received e-mail message, the blocks including at least two of a main text portion, an attachment portion, and a header portion of the received e-mail message;
determining whether the generated hash values match hash values associated with prior e-mail messages; and
determining that the received e-mail message is a potentially unwanted e-mail message when one or more of the generated hash values associated with the received e-mail message match one or more of the hash values associated with the prior e-mail messages. - View Dependent Claims (58)
-
-
59. In a network of cooperating mail servers, one of the mail servers comprising:
-
one or more hash memories configured to store information relating to hash values corresponding to previously-observed e-mails; and
a hash processor configured to;
receive at least some of the hash values from another one or more of the cooperating mail servers, store information relating to the at least some of the hash values in at least one of the one or more hash memories, receive an e-mail message, hash one or more portions of the received e-mail message to generate hash values, as generated hash values, determine whether the generated hash values match the hash values corresponding to previously-observed e-mails, and identify the received e-mail message as a potentially unwanted e-mail message when one or more of the generated hash values associated with the received e-mail message match one or more of the hash values corresponding to previously-observed e-mails.
-
-
60. A mail server, comprising:
-
one or more hash memories configured to store count values associated with a plurality of hash values; and
a hash processor configured to;
receive e-mail messages, hash one or more portions of the received e-mail messages to generate hash values, as generated hash values, increment the count values corresponding to the generated hash values, as incremented count values, and generate suspicion scores for the received e-mail messages based on the incremented count values. - View Dependent Claims (61, 62, 63, 64)
-
-
65. A method for preventing transmission of unwanted e-mail messages, comprising:
-
receiving an e-mail message;
generating a plurality of hash values, as generated hash values, over portions of the e-mail message as the e-mail message is being received;
incrementally determining whether the generated hash values match hash values associated with prior e-mail messages;
generating a suspicion score for the e-mail message based on the incremental determining; and
rejecting the e-mail message when the suspicion score of the e-mail message is above a threshold. - View Dependent Claims (66)
-
Specification