REAL-TIME DETECTION AND PREVENTION OF BULK MESSAGES
First Claim
1. A computer-implemented method for detecting unwanted messages in real-time at a message delivery host, the method comprising:
- generating at least one key for a message based on an attribute of the message;
for each generated key, determining a status associated with the key; and
processing the message according to the statuses associated with the generated keys.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for detecting and preventing bulk messages in real-time is provided. A detection server detects and prevents bulk messages in real-time by analyzing the network traffic pattern of attributes of messages, such as email messages, that are passing through the network against an expected network traffic pattern. The expected network traffic pattern may be specified as a combination of a rate and one or more thresholds, where each threshold has a corresponding status. The rate specifies a quantity of an attribute measured with respect to a quantity of time. A status associated with a threshold is attained when the rate is exceeded the requisite threshold number of times. The status indicates an action that is to be taken in processing the email message containing the attribute. An email message can then be processed in accordance with a status assigned to an attribute of the email message.
-
Citations
20 Claims
-
1. A computer-implemented method for detecting unwanted messages in real-time at a message delivery host, the method comprising:
-
generating at least one key for a message based on an attribute of the message; for each generated key, determining a status associated with the key; and processing the message according to the statuses associated with the generated keys. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer-implemented method for assigning statuses to keys at a detection server, the keys based on attributes of messages, the method comprising:
-
providing an association between a plurality of threshold values and corresponding statuses, wherein each threshold value specifies a number of times a rate has to be exceeded; for each key, providing a count of a number of times the rate is exceeded on the detection server; receiving from a message delivery host an indication of a key; determining whether the rate is exceeded; and upon determining that the rate is exceeded, incrementing the count of the number of times the rate is exceeded on the detection server; determining whether one of the threshold values is crossed; and upon determining that one of the threshold values is crossed, assigning to the key the status associated with the threshold value that is crossed. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A detection server comprising:
-
a host component that receives a request for a status of a key from a message delivery host, that determines the status of the specified key, and that sends the status of the key to the message delivery host; and a peer component that sends advertisements of suspicious keys to peer detection servers, and that receives advertisements of suspicious keys from peer detection servers. - View Dependent Claims (19, 20)
-
Specification