Method and system for categorizing and processing e-mails
First Claim
1. In a network, a method for categorizing received e-mail messages comprising:
- a) receiving an e-mail message;
b) identifying information about a sender of the e-mail message including at least one of the following;
i) an actual sender ii) a final IP address used by the sender;
iii) a final domain name used by the sender;
iv) an IP path used by the sender;
c) sending the information about the sender and disposition of the e-mail message to at least one database, wherein the at least one database includes one of the following;
i) a central database;
ii) at least two centrally-maintained databases, each storing and compiling different information and statistics; and
iii) a local database;
d) compiling statistics based on the information about the sender; and
e) using compiled statistics to create a score indicating a likelihood the received e-mail message is unsolicited e-mail.
2 Assignments
0 Petitions
Accused Products
Abstract
An e-mail filtering method and system that categorize received e-mail messages based on information about the sender. Data about the sender is contained in the message and is used to identify the actual sender of the message using a signature combining pieces of information from the message header or derived from information in the message header. This and other information about the message is then sent by each member of an e-mail network to one or more central databases (in one embodiment, the information will also be stored at a database associated with the recipient'"'"'s e-mail program and filtering software) which stores the information and compiles statistics about e-mails sent by the sender to indicate the likelihood that the e-mail is unsolicited and determine the reputation of the sender (a good reputation indicates the sender does not send unwanted messages while a bad reputation indicates the sender sends unsolicited e-mail messages). Information from the central database is then sent to recipients in order to determine the likelihood that a received e-mail message is spam (information may also be obtained from the local database associated with the recipient'"'"'s e-mail program and filtering software).
178 Citations
118 Claims
-
1. In a network, a method for categorizing received e-mail messages comprising:
-
a) receiving an e-mail message;
b) identifying information about a sender of the e-mail message including at least one of the following;
i) an actual sender ii) a final IP address used by the sender;
iii) a final domain name used by the sender;
iv) an IP path used by the sender;
c) sending the information about the sender and disposition of the e-mail message to at least one database, wherein the at least one database includes one of the following;
i) a central database;
ii) at least two centrally-maintained databases, each storing and compiling different information and statistics; and
iii) a local database;
d) compiling statistics based on the information about the sender; and
e) using compiled statistics to create a score indicating a likelihood the received e-mail message is unsolicited e-mail. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
-
2. The method of claim 1 wherein the actual sender is identified by a signature including at least two of the following fields from the message header:
-
a) an e-mail address used by the sender;
b) a display name used by the sender;
c) a domain name used by the sender;
d) the final IP address used by the sender;
e) the final domain name used by the sender;
f) the name of client software used by the actual sender;
g) user-agent;
h) timezone;
i) source IP address;
j) sendmail version used by a first receiver; and
k) the IP path used to route the message.
-
-
3. The method of claim 1 wherein the actual sender is identified by a signature including a range of IP addresses and at least one of the following fields from the message header:
-
a) an e-mail address used by the sender;
b) a display name used by the sender;
c) a domain name used by the sender;
d) the final IP address used by the sender;
e) the final domain name used by the sender;
f) the name of client software used by the actual sender;
g) user-agent;
h) timezone;
i) source IP address;
j) sendmail version used by a first receiver; and
k) the IP path used to route the message.
-
-
4. The method of claim 1 wherein the score increases as a number of accepted messages having the same information about the sender as the received message increases, the information including one of the following:
-
a) an actual sender;
b) a final IP address used by the sender;
c) a final domain name used by the sender;
d) an IP path used by the sender.
-
-
5. The method of claim 1 wherein the score decreases as a number of rejected messages having the same information about the sender as the received message increases, the information including one of the following:
-
a) an actual sender;
b) a final IP address used by the sender;
c) a final domain name used by the sender;
d) an IP path used by the sender.
-
-
6. The method of claim 1 wherein the score increases as a number of unique users in the network accepting messages having the same information about the sender as the received message increases, the information including one of the following:
-
a) an actual sender;
b) a final IP address used by the sender;
c) a final domain name used by the sender;
d) an IP path used by the sender.
-
-
7. The method of claim 1 wherein the score decreases as a number of unique users in the network rejecting messages having the same information about the sender as the received message increases, the information including one of the following:
-
a) an actual sender;
b) a final IP address used by the sender;
c) a final domain name used by the sender;
d) an IP path used by the sender.
-
-
8. The method of claim 1 further comprising determining the final IP address by identifying an IP address of a first network device used to send the e-mail message to a second network device trusted by a recipient of the message.
-
9. The method of claim 1 further comprising determining the final domain name by identifying a domain name of an IP address of a first network device used to send the e-mail message to a second network device trusted by a recipient of the message.
-
10. The method of claim 9 further comprising determining the final domain name used by the sender by removing a predetermined number of subdomains from the domain name of the IP address of the first network device used to send the e-mail message to the second network device trusted by the recipient of the message.
-
11. The method of claim 1 further comprising creating a whitelist indicating which messages will be accepted by a recipient, the accepted messages identified by at least one of the following:
-
a) an e-mail address;
b) an actual sender;
c) a display name;
d) a domain name;
e) a final domain name;
f) a final IP address; and
g) an IP path.
-
-
12. The method of claim 11 further comprising placing the message in the recipient'"'"'s inbox if the whitelist indicates the recipient will accept the message.
-
13. The method of claim 1 further comprising creating a blacklist which indicates which messages will not be accepted by a recipient, the unaccepted messages identified by at least one of the following:
-
a) an e-mail address;
b) an actual sender;
c) a display name;
d) a domain name;
e) a final domain name;
f) a final IP address; and
g) an IP path.
-
-
14. The method of claim 13 further comprising disposing of the message if the blacklist indicates the recipient will not accept the message, the disposal of the message including one of the following:
-
a) placing the message in a spam folder;
orb) deleting the message.
-
-
15. The method of claim 1 wherein information about received messages sent to the at least one database includes at least two of the following:
-
a) information about the actual sender;
b) whether the actual sender is included on a recipient'"'"'s whitelist;
c) whether the actual sender is included on a recipient'"'"'s blacklist;
d) information about the final IP address;
e) whether the final IP address is included on the recipient'"'"'s whitelist;
f) whether the final IP address is included on the recipient'"'"'s blacklist;
g) information about the final domain name;
h) whether the final domain name is included on the recipient'"'"'s whitelist;
i) whether the final domain name is included on the recipient'"'"'s blacklist;
j) information about the IP path;
k) whether the IP path is included on the recipient'"'"'s whitelist;
l) whether the IP path is included on the recipient'"'"'s blacklist;
m) whether the message could be categorized locally; and
n) whether a recipient changed a whitelist/blacklist status of the message.
-
-
16. The method of claim 15 further comprising storing information about received messages at the at least one database.
-
17. The method of claim 1 further comprising requesting the at least one database to send a recipient of the e-mail message statistics about at least one of the following:
-
a) an actual sender;
b) a final IP address;
c) a final domain name;
d) an IP path.
-
-
18. The method of claim 16 further comprising storing information about messages sent from an actual sender including at least one of the following:
-
a) a total number of messages sent;
b) a number of messages sent over a first predetermined time period;
c) a total number of messages sent to recipients in the network who have included the actual sender on a whitelist;
d) a number of messages sent to recipients in the network who have included the actual sender on the whitelist over a second predetermined time period;
e) a number of recipients who know the actual sender;
f) a total number of times a recipient changed an actual sender'"'"'s whitelist/blacklist status;
g) a number of times a recipient changed an actual sender'"'"'s whitelist/blacklist status over a third predetermined time period;
h) a total number of messages sent to recipients in the network who don'"'"'t know the actual sender;
i) a number of messages sent to recipients in the network who don'"'"'t know the actual sender over a fourth predetermined time period;
j) a total number of unique recipients in the network who have received at least one message from the actual sender;
k) a total number of messages sent to unique recipients in a network who have included the actual sender on a whitelist; and
l) a total number of messages sent to unique recipients in the network who have not included the actual sender on the whitelist.
-
-
19. The method of claim 16 further comprising storing information about messages sent from a final IP address including at least one of the following:
-
a) a total number of messages sent;
b) a number of messages sent over a first predetermined time period;
c) a total number of messages sent to recipients in the network who have included a sender on a whitelist;
d) a number of messages sent to recipients in the network who have included the sender on the whitelist over a second predetermined time period;
e) a number of recipients who have whitelisted senders having the final IP address;
f) a total number of times a recipient changed a whitelist/blacklist status of any sender using the final IP address;
g) a number of times a recipient changed the whitelist/blacklist status of any sender using the final IP address over a third predetermined time period;
h) a total number of messages sent to recipients in the network who have not included the sender on the whitelist;
i) a number of messages sent to recipients in the network who have not included the sender on the whitelist over a fourth predetermined time period;
j) a total number of unique recipients in the network who have received at least one message from at least one sender using the final IP address;
k) a total number of messages sent to unique recipients in the network who have included the sender on the whitelist; and
l) a total number of messages sent to unique recipients in the network who have not included the sender on the whitelist.
-
-
20. The method of claim 16 further comprising storing information about messages sent from a final domain name including at least one of the following:
-
a) a total number of messages sent;
b) a number of messages sent over a first predetermined time period;
c) a total number of messages sent to recipients in the network who have included a sender on a whitelist;
d) a number of messages sent to recipients in the network who have included the sender on the whitelist over a second predetermined time period;
e) a number of recipients who have whitelisted senders using the final domain name;
f) a total number of times a recipient changed a whitelist/blacklist status of any sender using the final domain name;
g) a number of times a recipient changed the whitelist/blacklist status of any sender using the final domain name over a third predetermined time period;
h) a total number of messages sent to recipients in the network who have not included the sender on the whitelist;
i) a number of messages sent to recipients in the network who have not included the sender on the whitelist over a fourth predetermined time period;
j) a total number of unique recipients in the network who have received at least one message from at least one sender using the final domain name;
k) a total number of messages sent to unique recipients in the network who have included the sender on the whitelist; and
l) a total number of messages sent to unique recipients in the network who have not included the sender on the whitelist.
-
-
21. The method of claim 16 further comprising storing information about messages using an IP path including at least one of the following:
-
a) a total number of messages sent;
b) a number of messages sent over a first predetermined time period;
c) a total number of messages sent to recipients in the network who have included a sender on a whitelist;
d) a number of messages sent to recipients in the network who have included the sender on the whitelist over a second predetermined time period;
e) a number of recipients who have whitelisted senders using the IP path;
f) a total number of times a recipient changed a whitelist/blacklist status of any sender using the IP path;
g) a number of times a recipient changed the whitelist/blacklist status of any sender using the IP path over a third predetermined time period;
h) a total number of messages sent to recipients in the network who have not included the sender on the whitelist;
i) a number of messages sent to recipients in the network who have not included the sender on the whitelist over a fourth predetermined time period;
j) a total number of unique recipients in the network who have received at least one message from at least one sender using the IP path;
k) a total number of messages sent to unique recipients in the network who have included the sender on the whitelist; and
l) a total number of messages sent to unique recipients in the network who have not included the sender on the whitelist.
-
-
22. The method of claim 1 wherein compiling statistics includes at least one of the following:
-
a) determining a ratio of a first number e-mail messages sent by an actual sender to recipients in the network who have included the sender on the whitelist in a predetermined time period divided by a second number of e-mail messages sent by an actual sender to users in the network in the predetermined time period;
b) determining a ratio of a first number of recipients in the network who have included the sender on the whitelist divided by a second number of unique recipients in the network who received e-mails from the actual sender in a predetermined time period;
c) determining a ratio of a first number of times in a predetermined time interval a message from the actual sender was moved from a whitelist to a blacklist divided by a second number of times a message from the actual sender was moved from a whitelist to a blacklist;
d) determining a ratio of a first number of times in a predetermined time interval a message from the actual sender was moved from a blacklist to a whitelist divided by a second number of times a message from the actual sender was moved from a blacklist to a whitelist;
e) determining a ratio of a first number of unique users within the network who whitelisted an actual sender within a predetermined time period compared to a second number of unique users within the network who blacklisted the actual sender within the predetermined time period;
f) determining a ratio reflecting whether an actual sender sends a majority of messages to known recipients;
g) determining a ratio reflecting a first number of wanted messages sent by the actual sender compared to a second number of unwanted or total messages sent by the actual sender;
h) determining a difference between a first number of expected messages sent by the actual sender and a second number of unexpected messages sent by the actual sender;
i) determining a difference between a first number of times a user whitelisted a message from an actual sender and a second number of times a user blacklisted a message from the actual sender; and
j) determining a difference reflecting whether the actual sender sends a majority of messages to known recipients.
-
-
23. The method of claim 1 wherein compiling statistics includes at least one of the following:
-
a) determining a ratio of a first number e-mail messages sent by any sender using a final IP address to recipients in the network who have included the sender on the whitelist in a predetermined time period divided by a second number of e-mail messages sent by an any sender using the final IP address to users in the network in the predetermined time period;
b) determining a ratio of a first number of recipients in the network who have included the sender on the whitelist divided by a second number of unique recipients in the network who received e-mails from any sender using the final IP address in a predetermined time period;
c) determining a ratio of a first number of times in a predetermined time interval a message from any sender using the final IP address was moved from a whitelist to a blacklist divided by a second number of times a message from any sender using the final IP address was moved from a whitelist to a blacklist;
d) determining a ratio of a first number of times in a predetermined time interval a message from any sender using the final IP address was moved from a blacklist to a whitelist divided by a second number of times a message from any sender using the final IP address was moved from a blacklist to a whitelist;
e) determining a ratio of a first number of unique users within the network who whitelisted any sender using the final IP address within a predetermined time period compared to a second number of unique users within the network who blacklisted any sender using the final IP address within the predetermined time period;
f) determining a ratio reflecting whether any sender using the final IP address sends a majority of messages to recipients who have included the sender on the whitelist;
g) determining a ratio reflecting a first number of wanted messages sent by any sender using the final IP address compared to a second number of unwanted or total messages sent by any sender using the final IP address;
h) determining a difference between a first number of expected messages sent by any sender using the final IP address and a second number of unexpected messages sent by any sender using the final IP address;
i) determining a difference between a first number of times a user whitelisted a message from an actual sender and a second number of times a user blacklisted a message from any sender using the final IP address; and
j) determining a difference reflecting whether any sender using the final IP address sends a majority of messages to recipients who have included the sender on the whitelist.
-
-
24. The method of claim 1 wherein compiling statistics includes at least one of the following:
-
a) determining a ratio of a first number e-mail messages sent by any sender using a final domain name to recipients in the network who have included the sender on the whitelist in a predetermined time period divided by a second number of e-mail messages sent by an any sender using the final domain name to users in the network in the predetermined time period;
b) determining a ratio of a first number of recipients in the network who have included the sender on the whitelist divided by a second number of unique recipients in the network who received e-mails from any sender using the final domain name in a predetermined time period;
c) determining a ratio of a first number of times in a predetermined time interval a message from any sender using the final domain name was moved from a whitelist to a blacklist divided by a second number of times a message from any sender using the final domain name was moved from a whitelist to a blacklist;
d) determining a ratio of a first number of times in a predetermined time interval a message from any sender using the final domain name was moved from a blacklist to a whitelist divided by a second number of times a message from any sender using the final domain name was moved from a blacklist to a whitelist;
e) determining a ratio of a first number of unique users within the network who whitelisted any sender using the final domain name within a predetermined time period compared to a second number of unique users within the network who blacklisted any sender using the final domain name within the predetermined time period;
f) determining a ratio reflecting whether any sender using the final domain name sends a majority of messages to recipients who have included the sender on the whitelist;
g) determining a ratio reflecting a first number of wanted messages sent by any sender using the final domain name compared to a second number of unwanted or total messages sent by any sender using the final domain name;
h) determining a difference between a first number of expected messages sent by any sender using the final domain name and a second number of unexpected messages sent by any sender using the final domain name;
i) determining a difference between a first number of times a user whitelisted a message from an actual sender and a second number of times a user blacklisted a message from any sender using the final domain name; and
j) determining a difference reflecting whether any sender using the final domain name sends a majority of messages to recipients who have included the sender on the whitelist.
-
-
25. The method of claim 1 wherein compiling statistics includes at least one of the following:
-
a) determining a ratio of a first number e-mail messages sent by any sender using an IP path to recipients in the network who have included the sender on the whitelist in a predetermined time period divided by a second number of e-mail messages sent by any sender using the IP path to users in the network in the predetermined time period;
b) determining a ratio of a first number of recipients in the network who have included the sender on the whitelist divided by a second number of unique recipients in the network who received e-mails from any sender using the IP path in a predetermined time period;
c) determining a ratio of a first number of times in a predetermined time interval a message from any sender using the IP path was moved from a whitelist to a blacklist divided by a second number of times a message from any sender using the IP path was moved from a whitelist to a blacklist;
d) determining a ratio of a first number of times in a predetermined time interval a message from any sender using the IP path was moved from a blacklist to a whitelist divided by a second number of times a message from any sender using the IP path was moved from a blacklist to a whitelist;
e) determining a ratio of a first number of unique users within the network who whitelisted any sender using the IP path within a predetermined time period compared to a second number of unique users within the network who blacklisted any sender using the IP path within the predetermined time period;
f) determining a ratio reflecting whether any sender using the IP path sends a majority of messages to recipients who have included the sender on the whitelist;
g) determining a ratio reflecting a first number of wanted messages sent by any sender using the IP path compared to a second number of unwanted or total messages sent by any sender using the IP path;
h) determining a difference between a first number of expected messages sent by any sender using the IP path and a second number of unexpected messages sent by any sender using the IP path;
i) determining a difference between a first number of times a user whitelisted a message from an actual sender and a second number of times a user blacklisted a message from any sender using the IP path; and
j) determining a difference reflecting whether any sender using the IP path sends a majority of messages to recipients who have included the sender on the whitelist.
-
-
26. The method of claim 1 further comprising setting a predetermined threshold for accepting messages identified by one of the following:
-
a) the actual sender;
b) a final IP address;
c) a final domain name;
d) a final IP path.
-
-
27. The method of claim 26 further comprising accepting messages when information about the message exceeds the predetermined threshold.
-
28. The method of claim 2 further comprising setting a low threshold to differentiate wanted messages from unsolicited messages, wherein the low threshold is either:
-
a) greater than one percent of a number of messages sent are accepted, wherein the messages are characterized by one of the following;
i) an actual sender;
ii) a final IP address;
iii) a final domain name;
or iv) an IP path;
b) greater than one percent of a number of unique users accepting a message wherein the message is characterized by one of the following;
i) an actual sender;
ii) a final IP address;
iii) a final domain name;
or iv) an IP path.
-
-
29. The method of claim 1 further comprising revising statistics when a recipient changes a whitelist/blacklist status of one of the following:
-
a) an actual sender;
b) a final IP address;
c) a final domain name;
ord) an IP path.
-
-
30. The method of claim 15 further comprising creating a key for storing information about the actual sender.
-
31. The method of claim 30 wherein the key is the information used to identify the actual sender.
-
32. The method of claim 29 wherein a manual reversal of a whitelist/blacklist status is more heavily weighted when computing statistics.
-
33. The method of claim 1 wherein processing the received message includes placing the message in the recipient'"'"'s inbox.
-
34. The method of claim 1 wherein processing the received message includes placing the message in a spam folder.
-
35. The method of claim 34 further comprising monitoring the spam folder at predetermined intervals to determine whether messages should be released.
-
36. The method of claim 35 further comprising automatically releasing the message from the spam folder when the reputation of one of the following:
-
a) the actual sender;
b) the final IP address;
c) the final domain name;
ord) the IP path;
passes a predetermined threshold.
-
-
37. The method of claim 34 further comprising reevaluating the spam folder immediately before it is displayed to a recipient such that information about messages in the spam folder is current when viewed by the recipient.
-
38. The method of claim 34 further comprising manually transferring the message from the spam folder to the recipient'"'"'s inbox.
-
39. The method of claim 1 further comprising sending the recipient information about at least one of the following:
-
a) the actual sender;
b) the final IP address;
c) the final domain name; and
d) the IP path.
-
-
40. The method of claim 39 further comprising the sending the recipient information about at least one of the following:
-
a) the final IP address;
b) the final domain name; and
c) the IP path;
when there is insufficient information about the actual sender.
-
-
41. The method of claim 29 wherein a manual reversal of a whitelist/blacklist status is more heavily weighted when revising statistics.
-
42. The method of claim 1 further comprising applying the score to the appropriate message in a spam folder.
-
43. The method of claim 26 further comprising each user setting a predetermined personalized spam threshold, wherein an incoming message that exceeds the spam threshold is sent to a folder designated to hold spam messages.
-
44. The method of claim 26 further comprising each user setting a predetermined personalized delete threshold, wherein an incoming message that exceeds the delete threshold is deleted.
-
45. The method of claim 1 further comprising maintaining at either the central database or the at least two centrally-maintained databases at least four of the following values:
-
a) a number of messages which were explicitly ranked good;
b) a number of messages which were implicitly ranked good;
c) a number of messages whose ranking is unknown;
d) a number of messages which were explicitly ranked bad; and
e) a number of messages which were implicitly ranked bad;
wherein the values are based on messages having the same information about the sender including one of the following;
i) an actual sender;
ii) a final IP address used by the sender;
iii) a final domain name used by the sender;
oriv) an IP path used by the sender.
-
-
46. The method of claim 45 wherein the values represent one of the following:
-
a) message counts;
orb) ratings of unique users within the network.
-
-
47. The method of claim 46 further comprising at least four of the values being returned to the recipient to allow the recipient to apply different weights to a message in order to categorize the message.
-
48. The method of claim 1 further comprising evaluating an unknown sender based on statistics of one of the following:
-
a) a known final IP address used by the sender;
orb) a known final domain name used by the sender.
-
-
49. The method of claim 1 further comprising evaluating an unknown sender using either a known final IP address or a known final domain name based on statistics about other new senders using either the known final IP address or the known final domain.
-
50. The method of claim 1 further comprising giving an unknown final IP address or final domain name an initial good rating.
-
51. The method of claim 1 further comprising giving an unknown final IP address or domain name an initial rating based on the length of time the network has been in operation.
-
52. The method of claim 15 further comprising older members of the network overwriting a new member'"'"'s message ratings when the new member'"'"'s ratings are inconsistent when compared to other member'"'"'s ratings.
-
53. The method of claim 1 wherein a final message score is determined by one of the following:
-
a) an average of two scores for a message;
orb) a product of two scores for the message;
wherein the scores for messages are based on statistics associated with a least two of the following;
a) an actual sender of the message;
b) a final IP address used by the sender;
c) a final domain name used by the sender;
ord) an IP path used by the sender.
-
-
54. The method of claim 17 wherein personal statistics are checked at the local database before global statistics at either the central database or the at least two centrally-maintained databases are checked.
-
55. The method of claim 1 further comprising rating a sender by:
-
a) releasing small numbers a sender'"'"'s messages to recipients; and
b) monitoring the recipients'"'"' classification of these messages.
-
-
56. The method of claim 1 further comprising changing one user'"'"'s rating when other members outvote the user'"'"'s rating.
-
57. The method of claim 17 wherein either the central database or the at least two centrally-maintained databases return more than one value to the recipient.
-
58. The method of claim 33 further comprising monitoring the inbox at predetermined intervals to determine whether messages should remain in the inbox.
-
59. The method of claim 1 wherein a first score for an unknown sender using a known final IP address or final domain name may be obtained by multiplying a second score for the final IP address or final domain name by a number less than one.
-
60. The method of claim 11 further comprising creating the whitelist by adding the following to the whitelist:
-
a) any e-mail addresses stored by a user of the e-mail program;
b) any e-mail address in an outgoing message; and
c) any e-mail address of a sender of a message having the same subject line as another message previously sent by the user.
-
-
61. The method of claim 60 further comprising combining each e-mail address added to the whitelist with at least one other piece of information from the message header including:
-
a) a display name used by the sender;
b) a domain name used by the sender;
c) the final IP address used by the sender;
d) the final domain name used by the sender;
e) the name of client software used by the actual sender;
f) user-agent;
g) timezone;
h) source IP address;
i) sendmail version used by a first receiver; and
j) the IP path used to route the message.
-
-
62. The method of claim 60 further comprising:
-
a) scanning messages received by the user; and
b) determining if a sender of a received message is on the whitelist, wherein if the sender is on the whitelist;
i) identifying information about the sender of the message based on data in the message, the identified information about the sender including at least one of the following;
A) an actual sender of the message;
B) a final IP address used by the sender;
C) a final domain name used by the sender;
orD) an IP path used by the sender; and
ii) sending the identified information to the at least one database.
-
-
63. The method of claim 1 further comprising categorizing a received message that cannot be rated locally when user activity is observed.
-
64. The method of claim 1 further comprising using a second formula to compute the score for the message when the message is reevaluated, wherein the second formula differs from a first formula used to compute the previous message score.
-
65. The method of claim 1 further comprising sending recipients a notification when any sender'"'"'s reputation changes.
-
66. The method of claim 65 further comprising reviewing all messages received in a predetermined time period preceding receipt of the notification and updating the categorization of the message as necessary.
-
2. The method of claim 1 wherein the actual sender is identified by a signature including at least two of the following fields from the message header:
-
-
67. In a network, a method for rating received e-mail messages in a network environment comprising:
-
a) collecting information about a sender of an e-mail message, wherein the information includes at least one of the following;
i) an actual sender;
ii) a final IP address used by the sender;
iii) a final domain name used by the sender; and
iv) an IP path used by the sender;
b) compiling statistics at at least one database about the sender based on the collected information, wherein the at least one database includes one of the following;
i) a central database;
ii) at least two centrally-maintained databases, each storing and compiling different information and statistics; and
iii) a local database; and
c) creating a score based on the compiled statistics indicating the likelihood a message is unsolicited e-mail. - View Dependent Claims (68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118)
-
68. The method of claim 67 wherein the actual sender is identified by a signature including at least two of the following fields from the message header:
-
a) an e-mail address used by the sender;
b) a display name used by the sender;
c) a domain name used by the sender;
d) the final IP address used by the sender;
e) the final domain name used by the sender;
f) the name of client software used by the actual sender;
g) user-agent;
h) timezone;
i) source IP address;
j) sendmail version used by a first receiver; and
k) the IP path used to route the message.
-
-
69. The method of claim 67 wherein the actual sender is identified by a signature including a range of IP addresses and at least one of the following fields from the message header:
-
a) an e-mail address used by the sender;
b) a display name used by the sender;
c) a domain name used by the sender;
d) the final IP address used by the sender;
e) the final domain name used by the sender;
f) the name of client software used by the actual sender;
g) user-agent;
h) timezone;
i) source IP address;
j) sendmail version used by a first receiver; and
k) the IP path used to route the message.
-
-
70. The method of claim 67 wherein the score increases as a number of accepted messages having the same information about the sender as the received message increases, the information including one of the following:
-
a) an actual sender;
b) a final IP address used by the sender;
c) a final domain name used by the sender;
d) an IP path used by the sender.
-
-
71. The method of claim 67 wherein the score decreases as a number of rejected messages having the same information about the sender as the received message increases, the information including one of the following:
-
a) an actual sender;
b) a final IP address used by the sender;
c) a final domain name used by the sender;
d) an IP path used by the sender.
-
-
72. The method of claim 67 wherein the score increases as a number of unique users in the network accepting messages having the same information about the sender as the received message increases, the accepted messages characterized by one of the following:
-
a) an actual sender;
b) a final IP address used by the sender;
c) a final domain name used by the sender;
d) an IP path used by the sender.
-
-
73. The method of claim 67 the score decreases as a number of unique users in the network rejecting messages having the same information about the sender as the received message increases, the information including one of the following:
-
a) an actual sender;
b) a final IP address used by the sender;
c) a final domain name used by the sender;
d) an IP path used by the sender.
-
-
74. The method of claim 67 further comprising determining the final IP address by identifying an IP address of a first network device used to send the e-mail message to a second network device trusted by a recipient of the message.
-
75. The method of claim 67 further comprising determining the final domain name by identifying a domain name of an IP address of a first network device used to send the e-mail message to a second network device trusted by a recipient of the message.
-
76. The method of claim 75 further comprising determining the final domain name used by the sender by removing a predetermined number of subdomains from the domain name of the IP address of the first network device used to send the e-mail message to the second network device trusted by the recipient of the message.
-
77. The method of claim 67 further comprising sending information about received messages to the at least one database, the information including at least two of the following:
-
a) information about the actual sender;
b) whether the actual sender is included on a recipient'"'"'s whitelist;
c) whether the actual sender is included on a recipient'"'"'s blacklist;
d) information about the final IP address;
e) whether the final sender is included on the recipient'"'"'s whitelist;
f) whether the final sender is included on the recipient'"'"'s blacklist;
g) information about the final domain name;
h) whether the final domain name is included on the recipient'"'"'s whitelist;
i) whether the final domain name is included on the recipient'"'"'s blacklist;
j) information about the IP path;
k) whether the IP path is included on the recipient'"'"'s whitelist;
l) whether the IP path is included on the recipient'"'"'s blacklist;
m) whether the message could be categorized locally; and
n) whether a recipient changed a whitelist/blacklist status of the message.
-
-
78. The method of claim 67 further comprising requesting the at least one database to send a recipient statistics about at least one of the following:
-
a) the actual sender;
b) the final IP address;
c) the final domain name; and
d) the IP path.
-
-
79. The method of claim 67 further comprising storing information about messages sent from an actual sender including at least one of the following:
-
a) a total number of messages sent;
b) a number of messages sent over a first predetermined time period;
c) a total number of messages sent to recipients in a network who have included the actual sender on a whitelist;
d) a number of messages sent to recipients in the network who have included the actual sender on the whitelist over a second predetermined time period;
e) a number of recipients who know the actual sender;
f) a total number of times a recipient changed an actual sender'"'"'s whitelist/blacklist status;
g) a number of times a recipient changed an actual sender'"'"'s whitelist/blacklist status over a third predetermined time period;
h) a total number of messages sent to recipients in the network who don'"'"'t know the actual sender;
i) a number of messages sent to recipients in the network who don'"'"'t know the actual sender over a fourth predetermined time period;
j) a total number of unique recipients in the network who have received at least one message from the actual sender;
k) a total number of messages sent to unique recipients in a network who have included the actual sender on a whitelist; and
l) a total number of messages sent to unique recipients in the network who have not included the actual sender on the whitelist.
-
-
80. The method of claim 67 further comprising storing information about messages sent from a final IP address including at least one of the following:
-
a) a total number of messages sent;
b) a number of messages sent over a first predetermined time period;
c) a total number of messages sent to recipients in the network who have included a sender on a whitelist;
d) a number of messages sent to recipients in the network who have included the sender on the whitelist over a second predetermined time period;
e) a number of recipients known to any senders having the final IP address;
f) a total number of times a recipient changed a whitelist/blacklist status of any sender using the final IP address;
g) a number of times a recipient changed the whitelist/blacklist status of any sender using the final IP address over a third predetermined time period;
h) a total number of messages sent to recipients in the network who have not included the sender on the whitelist;
i) a number of messages sent to recipients in the network who have not included the sender on the whitelist over a fourth predetermined time period;
j) a total number of unique recipients in the network who have received at least one message from at least one any sender using the final IP address;
k) a total number of messages sent to unique recipients in the network who have included the sender on the whitelist; and
l) a total number of messages sent to unique recipients in the network who have not included the sender on the whitelist.
-
-
81. The method of claim 67 further comprising storing information about messages sent from a final domain name including at least one of the following:
-
a) a total number of messages sent;
b) a number of messages sent over a first predetermined time period;
c) a total number of messages sent to recipients in the network who have included a sender on a whitelist;
d) a number of messages sent to recipients in the network who have included the sender on the whitelist over a second predetermined time period;
e) a number of recipients known to any senders having the final domain name;
f) a total number of times a recipient changed a whitelist/blacklist status of any sender using the final domain name;
g) a number of times a recipient changed the whitelist/blacklist status of any sender using the final domain name over a third predetermined time period;
h) a total number of messages sent to recipients in the network who have not included the sender on the whitelist;
i) a number of messages sent to recipients in the network who have not included the sender on the whitelist over a fourth predetermined time period;
j) a total number of unique recipients in the network who have received at least one message from at least one any sender using the final domain name;
k) a total number of messages sent to unique recipients in the network who have included the sender on the whitelist; and
l) a total number of messages sent to unique recipients in the network who have not included the sender on the whitelist.
-
-
82. The method of claim 67 further comprising storing information about messages sent using an IP path including at least one of the following:
-
a) a total number of messages sent;
b) a number of messages sent over a first predetermined time period;
c) a total number of messages sent to recipients in the network who have included a sender on a whitelist;
d) a number of messages sent to recipients in the network who have included the sender on the whitelist over a second predetermined time period;
e) a number of recipients known to any senders using the IP path;
f) a total number of times a recipient changed a whitelist/blacklist status of any sender using the final domain name;
g) a number of times a recipient changed the whitelist/blacklist status of any sender using the IP path over a third predetermined time period;
h) a total number of messages sent to recipients in the network who have not included the sender on the whitelist;
i) a number of messages sent to recipients in the network who have not included the sender on the whitelist over a fourth predetermined time period;
j) a total number of unique recipients in the network who have received at least one message from at least one any sender using the IP path;
k) a total number of messages sent to unique recipients in the network who have included the sender on the whitelist; and
l) a total number of messages sent to unique recipients in the network who have not included the sender on the whitelist.
-
-
83. The method of claim 67 wherein compiling statistics includes at least one of the following:
-
a) determining a ratio of a first number e-mail messages sent by an actual sender to recipients in the network who have included the sender on the whitelist in a predetermined time period divided by a second number of e-mail messages sent by an actual sender to users in the network in the predetermined time period;
b) determining a ratio of a first number of recipients in the network who have included the sender on the whitelist divided by a second number of unique recipients in the network who received e-mails from the actual sender in a predetermined time period;
c) determining a ratio of a first number of times in a predetermined time interval a message from the actual sender was moved from a whitelist to a blacklist divided by a second number of times a message from the actual sender was moved from a whitelist to a blacklist;
d) determining a ratio of a first number of times in a predetermined time interval a message from the actual sender was moved from a blacklist to a whitelist divided by a second number of times a message from the actual sender was moved from a blacklist to a whitelist;
e) determining a ratio of a first number of unique users within the network who whitelisted an actual sender within a predetermined time period compared to a second number of unique users within the network who blacklisted the actual sender within the predetermined time period;
f) determining a ratio reflecting whether an actual sender sends a majority of messages to known recipients;
g) determining a ratio reflecting a first number of wanted messages sent by the actual sender compared to a second number of unwanted or total messages sent by the actual sender;
h) determining a difference between a first number of expected messages sent by the actual sender and a second number of unexpected messages sent by the actual sender;
i) determining a difference between a first number of times a user whitelisted a message from an actual sender and a number of times a user blacklisted a message from the actual sender; and
j) determining a difference reflecting whether the actual sender sends a majority of messages to known recipients.
-
-
84. The method of claim 67 wherein compiling statistics includes at least one of the following:
-
a) determining a ratio of a first number e-mail messages sent by any sender using a final IP address to recipients in the network who have included the sender on the whitelist in a predetermined time period divided by a second number of e-mail messages sent by an any sender using the final IP address to users in the network in the predetermined time period;
b) determining a ratio of a first number of recipients in the network who have included the sender on the whitelist divided by a second number of unique recipients in the network who received e-mails from any sender using the final IP address in a predetermined time period;
c) determining a ratio of a first number of times in a predetermined time interval a message from any sender using the final IP address was moved from a whitelist to a blacklist divided by a second number of times a message from any sender using the final IP address was moved from a whitelist to a blacklist;
d) determining a ratio of a first number of times in a predetermined time interval a message from any sender using the final IP address was moved from a blacklist to a whitelist divided by a second number of times a message from any sender using the final IP address was moved from a blacklist to a whitelist;
e) determining a ratio of a first number of unique users within the network who whitelisted any sender using the final IP address within a predetermined time period compared to a second number of unique users within the network who blacklisted any sender using the final IP address within the predetermined time period;
f) determining a ratio reflecting whether any sender using the final IP address sends a majority of messages to recipients who have included the sender on the whitelist;
g) determining a ratio reflecting a first number of wanted messages sent by any sender using the final IP address compared to a second number of unwanted or total messages sent by any sender using the final IP address;
h) determining a difference between a first number of expected messages sent by any sender using the final IP address and a second number of unexpected messages sent by any sender using the final IP address;
i) determining a difference between a first number of times a user whitelisted a message from an actual sender and a number of times a user blacklisted a message from any sender using the final IP address; and
j) determining a difference reflecting whether any sender using the final IP address sends a majority of messages to recipients who have included the sender on the whitelist.
-
-
85. The method of claim 67 wherein compiling statistics includes at least one of the following:
-
a) determining a ratio of a first number e-mail messages sent by any sender using a final domain name to recipients in the network who have included the sender on the whitelist in a predetermined time period divided by a second number of e-mail messages sent by an any sender using the final domain name to users in the network in the predetermined time period;
b) determining a ratio of a first number of recipients in the network who have included the sender on the whitelist divided by a second number of unique recipients in the network who received e-mails from any sender using the final domain name in a predetermined time period;
c) determining a ratio of a first number of times in a predetermined time interval a message from any sender using the final domain name was moved from a whitelist to a blacklist divided by a second number of times a message from any sender using the final domain name was moved from a whitelist to a blacklist;
d) determining a ratio of a first number of times in a predetermined time interval a message from any sender using the final domain name was moved from a blacklist to a whitelist divided by a second number of times a message from any sender using the final domain name was moved from a blacklist to a whitelist;
e) determining a ratio of a first number of unique users within the network who whitelisted any sender using the final domain name within a predetermined time period compared to a second number of unique users within the network who blacklisted any sender using the final domain name within the predetermined time period;
f) determining a ratio reflecting whether any sender using the final domain name sends a majority of messages to recipients who have included the sender on the whitelist;
g) determining a ratio reflecting a first number of wanted messages sent by any sender using the final domain name compared to a second number of unwanted or total messages sent by any sender using the final domain name;
h) determining a difference between a first number of expected messages sent by any sender using the final domain name and a second number of unexpected messages sent by any sender using the final domain name;
i) determining a difference between a first number of times a user whitelisted a message from an actual sender and a number of times a user blacklisted a message from any sender using the final domain name; and
j) determining a difference reflecting whether any sender using the final domain name sends a majority of messages to recipients who have included the sender on the whitelist.
-
-
86. The method of claim 67 wherein compiling statistics includes at least one of the following:
-
a) determining a ratio of a first number e-mail messages sent by any sender using an IP path to recipients in the network who have included the sender on the whitelist in a predetermined time period divided by a second number of e-mail messages sent by an any sender using the IP path to users in the network in the predetermined time period;
b) determining a ratio of a first number of recipients in the network who have included the sender on the whitelist divided by a second number of unique recipients in the network who received e-mails from any sender using the IP path in a predetermined time period;
c) determining a ratio of a first number of times in a predetermined time interval a message from any sender using the IP path was moved from a whitelist to a blacklist divided by a second number of times a message from any sender using the IP path was moved from a whitelist to a blacklist;
d) determining a ratio of a first number of times in a predetermined time interval a message from any sender using the IP path was moved from a blacklist to a whitelist divided by a second number of times a message from any sender using the IP path was moved from a blacklist to a whitelist;
e) determining a ratio of a first number of unique users within the network who whitelisted any sender using the IP path within a predetermined time period compared to a second number of unique users within the network who blacklisted any sender using the IP path within the predetermined time period;
f) determining a ratio reflecting whether any sender using the IP path sends a majority of messages to recipients who have included the sender on the whitelist; and
g) determining a ratio reflecting a first number of wanted messages sent by any sender using the IP path compared to a second number of unwanted or total messages sent by any sender using the IP path;
h) determining a difference between a first number of expected messages sent by any sender using the IP path and a second number of unexpected messages sent by any sender using the IP path;
i) determining a difference between a first number of times a user whitelisted a message from an actual sender and a number of times a user blacklisted a message from any sender using the IP path; and
j) determining a difference reflecting whether any sender using the IP path sends a majority of messages to recipients who have included the sender on the whitelist.
-
-
87. The method of claim 67 further comprising setting a predetermined threshold for accepting messages based on statistics associated with one of the following:
-
a) an actual sender;
b) a final IP address;
c) a final domain name;
d) an IP path.
-
-
88. The method of claim 87 further comprising accepting messages when information about the message exceeds the predetermined threshold.
-
89. The method of claim 88 further comprising setting a low threshold to differentiate wanted messages from unsolicited messages, wherein the low threshold is either:
-
a) greater than one percent of a number of messages sent are accepted, wherein the messages are characterized by one of the following;
i) an actual sender;
ii) a final IP address;
iii) a final domain name;
oriv) an IP path;
b) greater than one percent of a number of unique users accepting a message wherein the message is characterized by one of the following;
i) an actual sender;
ii) a final IP address;
iii) a final domain name;
oriv) an IP path.
-
-
90. The method of claim 67 further comprising revising statistics when a recipient changes a whitelist/blacklist status of one of the following:
-
a) an actual sender;
b) a final IP address;
c) a final domain name; and
d) an IP path.
-
-
91. The method of claim 67 further comprising creating a key for storing information about the actual sender.
-
92. The method of claim 91 wherein the key is the information used to identify the actual sender.
-
93. The method of claim 90 wherein a manual reversal of a whitelist/blacklist status is more heavily weighted when computing statistics.
-
94. The method of claim 67 further comprising sending the recipient information about at least one of the following:
-
a) the actual sender;
b) the final IP address;
c) the final domain name; and
d) the IP path.
-
-
95. The method of claim 67 further comprising applying the score to the appropriate message in a spam folder.
-
96. The method of claim 87 further comprising each user setting a predetermined personalized spam threshold, wherein an incoming message that exceeds the spam threshold is sent to a folder designated to hold spam messages.
-
97. The method of claim 87 further comprising each user setting a predetermined personalized delete threshold, wherein an incoming message that exceeds the delete threshold is deleted.
-
98. The method of claim 67 further comprising maintaining at either the central database or the at least two centrally-maintained databases at least four of the following values:
-
a) a number of messages which were explicitly ranked good;
b) a number of messages which were implicitly ranked good;
c) a number of messages whose ranking is unknown;
d) a number of messages which were explicitly ranked bad; and
e) a number of messages which were implicitly ranked bad;
wherein the values are based on messages having the same information about the sender including one of the following;
a) an actual sender;
b) a final IP address used by the sender;
c) a final domain name used by the sender;
ord) an IP path used by the sender.
-
-
99. The method of claim 98 wherein the values represent one of the following:
-
a) message counts;
orb) ratings of unique users within the network.
-
-
100. The method of claim 99 further comprising at least four of the values being returned to the recipient to allow the recipient to apply different weights to a message in order to categorize the message.
-
101. The method of claim 67 further comprising evaluating an unknown sender based on statistics of one of the following:
-
a) a known final IP address used by the sender;
orb) a known final domain name used by the sender.
-
-
102. The method of claim 67 further comprising evaluating an unknown sender using either a known final IP address or a known final domain name based on statistics about other new senders using either the known final IP address or the known final domain.
-
103. The method of claim 67 further comprising giving an unknown final IP address or final domain name an initial good rating.
-
104. The method of claim 67 further comprising giving an unknown final IP address or domain name an initial rating based on the length of time the network has been in operation.
-
105. The method of claim 77 further comprising older members of the network overwriting a new member'"'"'s message ratings when the new member'"'"'s ratings are inconsistent when compared to other member'"'"'s ratings.
-
106. The method of claim 67 wherein a final message score is determined by one of the following:
-
a) an average of two scores for a message;
orb) a product of two scores for the message;
wherein the scores for messages are based on statistics associated with a least two of the following;
a) an actual sender of the message;
b) a final IP address used by the sender;
c) a final domain name used by the sender;
ord) an IP path used by the sender.
-
-
107. The method of claim 78 wherein personal statistics are checked at the local database before global statistics at either the central database or the at least two centrally-maintained databases are checked.
-
108. The method of claim 77 further comprising rating a sender by:
-
a) releasing small numbers a sender'"'"'s messages to recipients; and
b) monitoring the recipients'"'"' classification of these messages.
-
-
109. The method of claim 77 further comprising changing one user'"'"'s rating when other members outvote the user'"'"'s rating.
-
110. The method of claim 78 wherein either the central database or the at least two centrally-maintained databases return more than one value to the recipient.
-
111. The method of claim 67 wherein a first score for an unknown sender using a known final IP address or final domain name may be obtained by multiplying a second score for the final IP address or final domain name by a number less than one.
-
112. The method of claim 67 further comprising creating a whitelist indicating which messages will be accepted by the recipient by adding the following to the whitelist:
-
a) any e-mail addresses stored by a user of the e-mail program;
b) any e-mail address in an outgoing message; and
c) any e-mail address of a sender of a message having the same subject line as another message previously sent by the user.
-
-
113. The method of claim 112 further comprising combining each e-mail address added to the whitelist with at least one other piece of information from the message header including:
-
a) a display name used by the sender;
b) a domain name used by the sender;
c) the final IP address used by the sender;
d) the final domain name used by the sender;
e) the name of client software used by the actual sender;
f) user-agent;
g) timezone;
h) source IP address;
i) sendmail version used by a first receiver; and
j) the IP path used to route the message.
-
-
114. The method of claim 112 further comprising:
-
a) scanning messages received by the user; and
b) determining if a sender of a received message is on the whitelist, wherein if the sender is on the whitelist;
i) identifying information about the sender of the message based on data in the message, the identified information about the sender including at least one of the following;
A) an actual sender of the message;
B) a final IP address used by the sender;
C) a final domain name used by the sender;
orD) an IP path used by the sender; and
ii) sending the identified information to the at least one database.
-
-
115. The method of claim 67 further comprising categorizing a received message that cannot be rated locally when user activity is observed.
-
116. The method of claim 67 further comprising using a second formula to compute the score for the message when the message is reevaluated, wherein the second formula differs from a first formula used to compute the previous message score.
-
117. The method of claim 67 further comprising sending recipients a notification when any sender'"'"'s reputation changes.
-
118. The method of claim 117 further comprising reviewing all messages received in a predetermined time period preceding receipt of the notification and updating the categorization of the message as necessary.
-
68. The method of claim 67 wherein the actual sender is identified by a signature including at least two of the following fields from the message header:
-
Specification
- Resources
-
Current AssigneeAbaca Technology Corp. (Proofpoint Incorporated)
-
Original AssigneeAbaca Technology Corp. (Proofpoint Incorporated)
-
InventorsKirsch, Steven T., Murray, David J.
-
Application NumberUS10/683,951Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current709/206CPC Class CodesH04L 51/00 User-to-user messaging in p...H04L 51/212 using filtering or selectiv...