Framework to enable integration of anti-spam technologies

US 20040139160A1
Filed: 01/09/2003
Published: 07/15/2004
Est. Priority Date: 01/09/2003
Status: Active Grant

First Claim

Patent Images

1. A method of determining if a message is spam in a system having a plurality of anti-spam modules comprising the steps of:

a) invoking one of the plurality of anti-spam modules;

b) receiving a spam confidence level from the one of the plurality of anti-spam modules;

c) applying a tuning factor to the spam confidence level to create a tuned spam confidence level;

d) adding the tuned spam confidence level to a summed spam confidence level;

e) comparing the summed spam confidence level to at least one threshold;

f) if the summed spam confidence level is greater than the at least one threshold, invoking an action associated with the at least one threshold; and

g) repeating steps a-f if the summed spam confidence level is less than the at least one threshold.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method that enables multiple spam detection solutions to be deployed in a manageable and rational manner to determine if a message is spam is presented. A framework invokes one or more anti-spam filters to analyze the message and return a confidence level of whether a message is spam and that confidence level is added to a summary of confidence levels. The framework evaluates a summary of confidence levels against a set of defined thresholds. If the summary of confidence levels is greater than the highest threshold set by the administrator, the action specified for the highest threshold is taken. Otherwise, subsequent filters are used to evaluate the message until either the maximum threshold is exceeded or all filters have evaluated the message. After all filters have evaluated the message, the summary of confidence levels is compared against all thresholds and the action associated with that matching threshold is taken.

136 Citations

31 Claims

1. A method of determining if a message is spam in a system having a plurality of anti-spam modules comprising the steps of:
- a) invoking one of the plurality of anti-spam modules;
  
  b) receiving a spam confidence level from the one of the plurality of anti-spam modules;
  
  c) applying a tuning factor to the spam confidence level to create a tuned spam confidence level;
  
  d) adding the tuned spam confidence level to a summed spam confidence level;
  
  e) comparing the summed spam confidence level to at least one threshold;
  
  f) if the summed spam confidence level is greater than the at least one threshold, invoking an action associated with the at least one threshold; and
  
  g) repeating steps a-f if the summed spam confidence level is less than the at least one threshold.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein the at least one threshold comprises a plurality of thresholds including a top threshold and a bottom threshold, the method further comprising the steps of:
    - comparing the summed spam confidence level to each of the plurality of thresholds;
      
      determining if the summed spam confidence level is higher than at least one of the plurality of thresholds;
      
      if the summed spam confidence level is higher than at least one of the plurality of thresholds;
      
      determining which of the at least one of the plurality of thresholds is closest to the top threshold; and
      
      invoking the action associated with the at least one of the plurality of thresholds that is closest to the top threshold.
  - 3. The method of claim 1 wherein step of applying a tuning factor to the spam confidence level comprises the step of applying a scaling factor to each spam confidence level.
  - 4. The method of claim 3 wherein the step of applying a scaling factor comprising scaling the spam confidence level by one.
  - 5. The method of claim 3 wherein the step of applying a scaling factor comprising scaling the spam confidence level by a user'"'"'s confidence level in the one of the plurality of anti-spam modules.
  - 6. The method of claim 1 wherein the step of applying a tuning factor to the spam confidence level comprises the step of normalizing the spam confidence level using a non-linear confidence level normalization.
  - 7. The method of claim 1 wherein the step of invoking the action includes invoking one of deleting the message, sending a non-delivery notification, and passing the message to a client with the summed spam confidence level.
  - 8. The method of claim 1 wherein the step of invoking the action includes:
    - dropping a connection if the summed spam confidence level exceeds a first threshold level;
      
      returning a non-delivery message to a sender if the summed spam confidence level exceeds a second threshold level and is below the first threshold level;
      
      delivering the message to a junk mail folder if the message exceeds a third threshold level and is below the second threshold level.
  - 9. The method of claim 8 wherein the first threshold is a ninety nine percent spam confidence level, the second threshold is a seventy percent spam confidence level, and the third threshold level is a forty percent spam confidence level.
  - 10. The method of claim 1 further comprising the step of adding the summed spam confidence level to the message.
  - 11. The method of claim 1 wherein the plurality of anti-spam modules includes one of a blackhole list and a turf list.

12. A method of integrating the spam confidence levels of a plurality of anti-spam modules comprising the steps of:
- invoking at least one of the plurality of anti-spam modules to process a message;
  
  receiving a spam confidence level of the message from the at least one of the plurality of anti-spam modules;
  
  applying a tuning factor to the spam confidence level to create a tuned spam confidence level;
  
  adding the tuned spam confidence level to a summed spam confidence level;
  
  comparing the summed spam confidence level to at least one threshold; and
  
  if the summed spam confidence level is greater than the at least one threshold, invoking an action associated with the at least one threshold.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12 wherein the step of invoking at least one of the plurality of anti-spam modules comprises the steps of invoking the plurality of anti-spam modules until one of the summed spam confidence level is above the at least one threshold and all of the plurality of anti-spam modules have been invoked.
  - 14. The method of claim 12 wherein the step of the step of invoking the action includes:
    - dropping a connection if the summed spam confidence level exceeds a first threshold level;
      
      returning a non-delivery message to a sender if the summed spam confidence level exceeds a second threshold level and is below the first threshold level;
      
      delivering the message to a junk mail folder if the message exceeds a third threshold level and is below the second threshold level.
  - 15. The method of claim 14 wherein the first threshold is a ninety nine percent spam confidence level, the second threshold is a seventy percent spam confidence level, and the third threshold level is a forty percent spam confidence level.
  - 16. The method of claim 14 further comprising the step of logging the action taken with the message.
  - 17. The method of claim 12 wherein the step of applying a scaling factor comprising scaling the spam confidence level by one.
  - 18. The method of claim 12 wherein the step of applying a scaling factor comprising scaling the spam confidence level by a confidence level of the one of the plurality of anti-spam modules.
  - 19. The method of claim 12 wherein the step of applying a tuning factor to the spam confidence level comprises the step of normalizing the spam confidence level using a non-linear confidence level normalization.

20. A computer-readable medium having computer executable instructions for determining if a message is spam in a system having a plurality of anti-spam modules, the instructions comprising the steps of:
- a) invoking at least one of the plurality of anti-spam modules;
  
  b) receiving a spam confidence level of the message from the at least one of the plurality of anti-spam modules;
  
  c) applying a scaling factor to the spam confidence level to create a normalized spam confidence level;
  
  d) adding the normalized spam confidence level to a summed spam confidence level;
  
  e) comparing the summed spam confidence level to at least one threshold;
  
  f) if the summed spam confidence level is greater than the at least one threshold, invoking an action associated with the at least one threshold; and
  
  g) repeating steps a-f if the summed spam confidence level is less than the at least one threshold until one of the summed span confidence level is greater than the at least one threshold and the plurality of anti-spam modules have been invoked.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 21. The computer-readable medium of claim 20 wherein the at least one threshold comprises a plurality of thresholds including a top threshold and a bottom threshold, the instructions further comprising the steps of:
    - comparing the summed spam confidence level to each of the plurality of thresholds;
      
      determining if the summed spam confidence level is higher than at least one of the plurality of thresholds; and
      
      if the summed spam confidence level is higher than at least one of the plurality of thresholds;
      
      invoking the action associated with the at least one of the plurality of thresholds that is closest to the top threshold.
  - 22. The computer-readable medium of claim 20 wherein step of applying a tuning factor to the spam confidence level comprises the step of applying a scaling factor to each spam confidence level.
  - 23. The computer-readable medium of claim 22 wherein the step of applying a scaling factor comprising scaling the spam confidence level by one.
  - 24. The computer-readable medium of claim 22 wherein the step of applying a scaling factor comprising scaling the spam confidence level by a user'"'"'s confidence level in the one of the plurality of anti-spam modules.
  - 25. The computer-readable medium of claim 20 wherein the step of applying a tuning factor to the spam confidence level comprises the step of normalizing the spam confidence level using a non-linear confidence level normalization.
  - 26. The computer-readable medium of claim 20 wherein the step of invoking the action includes invoking one of deleting the message, sending a non-delivery notification, and passing the message to a client with the summed spam confidence level.
  - 27. The computer-readable medium of claim 20 wherein the step of invoking the action includes:
    - dropping a connection if the summed spam confidence level exceeds a first threshold level;
      
      returning a non-delivery message to a sender if the summed spam confidence level exceeds a second threshold level and is below the first threshold level;
      
      delivering the message to a junk mail folder if the message exceeds a third threshold level and is below the second threshold level.
  - 28. The computer-readable medium of claim 27 wherein the first threshold is a ninety nine percent spam confidence level, the second threshold is a seventy percent spam confidence level, and the third threshold level is a forty percent spam confidence level.
  - 29. The computer-readable medium of claim 20 further comprising the step of adding the summed spam confidence level to the message.
  - 30. The computer-readable medium of claim 20 wherein the step of invoking at least one of the plurality of anti-spam modules includes the step of providing a list of recipient addresses in the message.
  - 31. The computer-readable medium of claim 20 having further computer executable instructions for performing the step comprising cracking an encoded content of the message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Wang, Qiang, Neely, Samuel J., Koorland, Neil K., Wallace, Andrew J., Atwell, Simon P.

Granted Patent

US 7,171,450 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/206
CPC Class Codes

H04L 51/00 User-to-user messaging in p...

H04L 51/212 using filtering or selectiv...

Framework to enable integration of anti-spam technologies

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

136 Citations

31 Claims

Specification

Use Cases

Quick Links

Others

Framework to enable integration of anti-spam technologies

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

136 Citations

31 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others