Identifying undesired email messages having attachments

US 20050091321A1
Filed: 10/14/2003
Published: 04/28/2005
Est. Priority Date: 10/14/2003
Status: Active Grant

First Claim

Patent Images

1. A method comprising the steps of:

(A) receiving an email message from a simple mail transfer protocol (SMTP) server, the email message comprising;

(A1) a 32-bit string indicative of the length of the email message;

(A2) a text body;

(A3) an SMTP email address;

(A4) a domain name corresponding to the SMTP email address;

(A5) an attachment;

(B) tokenizing the text body to generate tokens representative of words in the text;

(C) tokenizing the SMTP email address to generate a token representative of the SMTP email address;

(D) tokenizing the domain name to generate a token that is representative domain name;

(E) tokenizing the attachment to generate a token that is representative of the attachment, the tokenizing step comprising the steps of;

(E1) generating a 128-bit MD5 hash of the attachment;

(E2) appending the 32-bit string to the generated MD5 hash to produce a 160-bit number; and

(E3) UUencoding the 160-bit number to generate the token representative of the attachment;

(F) determining a probability value for each of the generated tokens;

(G) selecting a predefined number of interesting tokens, the interesting tokens being the generated tokens having the greatest non-neutral probability values;

(H) performing a Bayesian analysis on the selected interesting tokens to generate a spam probability; and

(I) categorizing the email message as a function of the generated spam probability.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Several embodiments, among others, provided in the present disclosure provide for tokenizing portions of an email message, which previously were not tokenized. The tokenizing of these portions generates tokens that are representative of these portions. The generated tokens are used to determine whether or not the email message is spam. In some embodiments, the tokenized portions may include attachments in email messages. In other embodiments, the tokenized portions may include a simple mail transfer protocol (SMTP) email address and a domain name corresponding to the SMTP email address.

187 Citations

38 Claims

1. A method comprising the steps of:
- (A) receiving an email message from a simple mail transfer protocol (SMTP) server, the email message comprising;
  
  (A1) a 32-bit string indicative of the length of the email message;
  
  (A2) a text body;
  
  (A3) an SMTP email address;
  
  (A4) a domain name corresponding to the SMTP email address;
  
  (A5) an attachment;
  
  (B) tokenizing the text body to generate tokens representative of words in the text;
  
  (C) tokenizing the SMTP email address to generate a token representative of the SMTP email address;
  
  (D) tokenizing the domain name to generate a token that is representative domain name;
  
  (E) tokenizing the attachment to generate a token that is representative of the attachment, the tokenizing step comprising the steps of;
  
  (E1) generating a 128-bit MD5 hash of the attachment;
  
  (E2) appending the 32-bit string to the generated MD5 hash to produce a 160-bit number; and
  
  (E3) UUencoding the 160-bit number to generate the token representative of the attachment;
  
  (F) determining a probability value for each of the generated tokens;
  
  (G) selecting a predefined number of interesting tokens, the interesting tokens being the generated tokens having the greatest non-neutral probability values;
  
  (H) performing a Bayesian analysis on the selected interesting tokens to generate a spam probability; and
  
  (I) categorizing the email message as a function of the generated spam probability.

2. A method comprising the steps of:
- receiving an email message comprising a text body having non-displaying characters;
  
  removing the non-displaying characters from the text body to generate a displayable text body;
  
  tokenizing the words in the displayable text body to generate tokens representative of the displayable text body.
- View Dependent Claims (3, 4, 5)
- - 3. The method of claim 2, wherein the step of removing the non-displaying characters comprises the step of:
    - removing non-displaying comment lines.
  - 4. The method of claim 3, wherein the step of removing the non-displaying characters comprises the step of:
    - removing non-displaying control characters.
  - 5. The method of claim 4, wherein the step of removing the non-displaying control characters comprises the step of:
    - removing characters associated with document format.

6. A method comprising the steps of:
- receiving an email message comprising a text body, an SMTP email address, and a domain name corresponding to the SMTP email address;
  
  tokenizing the SMTP email address to generate a token representative of the SMTP email address;
  
  tokenizing the domain name to generate a token representative of the domain name; and
  
  determining a spam probability from the generated tokens.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
- - 7. The method of claim 6, further comprising the steps of:
    - removing non-displaying characters from the text body to generate a displayable text body;
      
      tokenizing the words in the displayable text body to generate tokens representative of the displayable text body.
  - 8. The method of claim 7, wherein the step of removing the non-displaying characters comprises the step of:
    - removing non-displaying comment lines.
  - 9. The method of claim 7, wherein the step of removing the non-displaying characters comprises the step of:
    - removing non-displaying control characters.
  - 10. The method of claim 9, wherein the step of removing the non-displaying control characters comprises the step of:
    - removing characters associated with document format.
  - 11. The method of claim 6, wherein the step of determining the spam probability comprises the steps of:
    - assigning a spam probability value to the token representative of the SMTP email address;
      
      assigning a spam probability value to the token representative of the domain name; and
      
      generating a Bayesian probability value using the spam probability values assigned to the tokens.
  - 12. The method of claim 11, wherein the step of determining the spam probability further comprises the step of:
    - comparing the generated Bayesian probability value with a predefined threshold value.
  - 13. The method of claim 12, wherein the step of determining the spam probability further comprises the step of:
    - categorizing the email message as spam in response to the Bayesian probability value being greater than the predefined threshold.
  - 14. The method of claim 12, wherein the step of determining the spam probability further comprises the step of:
    - categorizing the email message as non-spam in response to the Bayesian probability value being not greater than the predefined threshold.

15. A method comprising the steps of:
- receiving an email message comprising an attachment;
  
  tokenizing the attachment to generate a token representative of the attachment; and
  
  determining a spam probability from the generated token.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The method of claim 15, wherein the step of receiving the email message further comprises the step of:
    - receiving an email message including a text body.
  - 17. The method of claim 16, further comprising the step of:
    - tokenizing the words in the text body to generate tokens representative of the words in the text body.
  - 18. The method of claim 17, wherein the step of tokenizing the words in the text body comprises the steps of:
    - removing non-displaying characters from the text body to generate a displayable text body;
      
      tokenizing the words in the displayable text body to generate tokens representative of the displayable text body.
  - 19. The method of claim 17, wherein the step of determining the spam probability comprises the steps of:
    - assigning a spam probability value to each of the tokens representative of the words in the text body;
      
      assigning a spam probability value to the token representative of the attachment; and
      
      generating a Bayesian probability value using the spam probability values assigned to the tokens.
  - 20. The method of claim 19, wherein the step of determining the spam probability further comprises the step of:
    - comparing the generated Bayesian probability value with a predefined threshold value.
  - 21. The method of claim 20, wherein the step of determining the spam probability further comprises the step of:
    - categorizing the email message as spam in response to the Bayesian probability value being greater than the predefined threshold.
  - 22. The method of claim 20, wherein the step of determining the spam probability further comprises the step of:
    - categorizing the email message as non-spam in response to the Bayesian probability value being not greater than the predefined threshold.

23. A system comprising:
- email receive logic configured to receive an email message comprising an SMTP email address and a domain name corresponding to the SMTP email address;
  
  tokenize logic configured to tokenize the SMTP email address to generate a token representative of the SMTP email address;
  
  tokenize logic configured to tokenize the domain name to generate a token representative of the domain name; and
  
  analysis logic configured to determine a spam probability from the generated tokens.

24. A system comprising:
- means for receiving an email message comprising an SMTP email address and a domain name corresponding to the SMTP email address;
  
  means for tokenizing the SMTP email address to generate a token representative of the SMTP email address;
  
  means for tokenizing the domain name to generate a token representative of the domain name; and
  
  means for determining a spam probability from the generated tokens.

25. A computer-readable medium comprising:
- computer-readable code adapted to instruct a programmable device to receive an email message comprising an SMTP email address and a domain name corresponding to the SMTP email address;
  
  computer-readable code adapted to instruct a programmable device to tokenize the SMTP email address to generate a token representative of the SMTP email address;
  
  computer-readable code adapted to instruct a programmable device to tokenize the domain name to generate a token representative of the domain name; and
  
  computer-readable code adapted to instruct a programmable device to determine a spam probability from the generated tokens.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The computer-readable medium of claim 25, further comprising:
    - computer-readable code adapted to instruct a programmable device to assign a spam probability value to the token representative of the SMTP email address;
      
      computer-readable code adapted to instruct a programmable device to assign a spam probability value to the token representative of the domain name; and
      
      computer-readable code adapted to instruct a programmable device to generate a Bayesian probability value using the spam probability values assigned to the tokens.
  - 27. The computer-readable medium of claim 26, further comprising:
    - computer-readable code adapted to instruct a programmable device to compare the generated Bayesian probability value with a predefined threshold value.
  - 28. The computer-readable medium of claim 27, further comprising:
    - computer-readable code adapted to instruct a programmable device to categorize the email message as spam in response to the Bayesian probability value being greater than the predefined threshold.
  - 29. The computer-readable medium of claim 27, further comprising:
    - computer-readable code adapted to instruct a programmable device to categorize the email message as non-spam in response to the Bayesian probability value being not greater than the predefined threshold.

30. A system comprising:
- email receive logic configured to receive an email message comprising an attachment;
  
  tokenize logic configured to tokenize the attachment to generate a token representative of the attachment; and
  
  analysis logic configured to determine a spam probability from the generated token.

31. A system comprising:
- means for receiving an email message comprising an attachment;
  
  means for tokenizing the attachment to generate a token representative of the attachment; and
  
  means for determining a spam probability from the generated token.

32. A computer-readable medium comprising:
- computer-readable code adapted to instruct a programmable device to receive an email message comprising an attachment;
  
  computer-readable code adapted to instruct a programmable device to tokenize the attachment to generate a token representative of the attachment; and
  
  computer-readable code adapted to instruct a programmable device to determine a spam probability from the generated token.
- View Dependent Claims (33, 34, 35, 36, 37, 38)
- - 33. The computer-readable medium of claim 32, further comprising:
    - computer-readable code adapted to instruct a programmable device to receive an email message having a text body.
  - 34. The computer-readable medium of claim 33, further comprising:
    - computer-readable code adapted to instruct a programmable device to tokenize the words in the text body to generate tokens representative of the words in the text body.
  - 35. The computer-readable medium of claim 34, further comprising:
    - computer-readable code adapted to instruct a programmable device to assign a spam probability value to each of the tokens representative of the words in the text body;
      
      computer-readable code adapted to instruct a programmable device to assign a spam probability value to the token representative of the attachment; and
      
      computer-readable code adapted to instruct a programmable device to generate a Bayesian probability value using the spam probability values assigned to the tokens.
  - 36. The computer-readable medium of claim 35, further comprising:
    - computer-readable code adapted to instruct a programmable device to compare the generated Bayesian probability value with a predefined threshold value.
  - 37. The computer-readable medium of claim 36, further comprising:
    - computer-readable code adapted to instruct a programmable device to categorize the email message as spam in response to the Bayesian probability value being greater than the predefined threshold.
  - 38. The computer-readable medium of claim 36, further comprising:
    - computer-readable code adapted to instruct a programmable device to categorize the email message as non-spam in response to the Bayesian probability value being not greater than the predefined threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bellsouth Intellectual Property Corporation (AT&T, Inc.)
Original Assignee
Bellsouth Intellectual Property Corporation (AT&T, Inc.)
Inventors
Malik, Dale W., Daniell, W. Todd

Granted Patent

US 7,930,351 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/206
CPC Class Codes

H04L 51/212 using filtering or selectiv...

Identifying undesired email messages having attachments

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

187 Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Identifying undesired email messages having attachments

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

187 Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links