IDENTIFYING UNWANTED ELECTRONIC MESSAGES
First Claim
1. A method of processing messages, the method comprising:
- receiving a first electronic message sent to an intended recipient;
accessing, from electronic storage, data used to identify unacceptable messages;
analyzing the first electronic message with respect to the accessed data used to identify unacceptable messages;
determining that the first electronic message is presently acceptable based on the analysis of the first electronic message;
causing the first electronic message to be stored in electronic storage such that the intended recipient is able to access the first electronic message;
tracking a location of the first electronic message stored in the electronic storage;
receiving a second electronic message subsequent to receipt of the first electronic message;
inspecting the second electronic message;
updating the data used to identify unacceptable messages based on the inspection of the second electronic message;
reassessing whether the first electronic message is acceptable based on the update to the data used to identify unacceptable messages;
determining that the first electronic message is now unacceptable based on the reassessment of the first electronic message;
based on the determination that the first electronic message is now unacceptable, removing the first electronic message from the electronic storage using the tracked location of the first electronic message.
11 Assignments
0 Petitions
Accused Products
Abstract
An unwanted message may be identified by inspecting the payload portion of a message being communicated, comparing the characteristics of the payload portion with stored data indicating characteristics of other messages, and identifying a security condition based on a comparison of the message inspected. The characteristics inspected may include the payload portion of a message or the whole message when the characteristics are being compared against messages being exchanged on more than one local exchanging system. Furthermore, the characteristics of messages may be tracked for comparison against the characteristics of future messages. A threshold number of those characteristics may subsequently implicate a hostile security condition, even if a current comparison of these characteristics does not reach the threshold necessary to implicate a hostile security condition.
72 Citations
20 Claims
-
1. A method of processing messages, the method comprising:
-
receiving a first electronic message sent to an intended recipient;
accessing, from electronic storage, data used to identify unacceptable messages;
analyzing the first electronic message with respect to the accessed data used to identify unacceptable messages;
determining that the first electronic message is presently acceptable based on the analysis of the first electronic message;
causing the first electronic message to be stored in electronic storage such that the intended recipient is able to access the first electronic message;
tracking a location of the first electronic message stored in the electronic storage;
receiving a second electronic message subsequent to receipt of the first electronic message;
inspecting the second electronic message;
updating the data used to identify unacceptable messages based on the inspection of the second electronic message;
reassessing whether the first electronic message is acceptable based on the update to the data used to identify unacceptable messages;
determining that the first electronic message is now unacceptable based on the reassessment of the first electronic message;
based on the determination that the first electronic message is now unacceptable, removing the first electronic message from the electronic storage using the tracked location of the first electronic message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of processing messages, the method comprising:
-
receiving, at an electronic messaging system, a first electronic message sent to an intended recipient;
analyzing the first electronic message with respect to data used to identify unacceptable messages;
based on the analysis of the first electronic message with respect to the data used to identify unacceptable messages, determining that more information is needed to determine whether the first electronic message is acceptable or unacceptable;
in response to determining that more information is needed to determine whether the first electronic message is acceptable or unacceptable, delaying delivery of the first electronic message by storing the first electronic message in electronic storage associated with the electronic messaging system;
receiving, at the electronic messaging system, a second electronic message subsequent to receipt of the first electronic message;
analyzing the second electronic message;
reassessing whether the first electronic message is acceptable or unacceptable based on the analysis of the second electronic message;
determining that the first electronic message is acceptable based on the reassessment of the first electronic message; and
in response to the determining that the first electronic message is acceptable;
accessing the first electronic message from the electronic storage associated with the first electronic messaging system; and
delivering the first electronic message to the intended recipient. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method of processing electronic messages in an electronic messaging system that includes multiple local exchanging systems, the method comprising:
-
maintaining first stored data indicating characteristics of electronic messages inspected by a first local exchanging system included in an electronic messaging system;
maintaining second stored data indicating characteristics of electronic messages inspected by a second local exchanging system included in the electronic messaging system, the second local exchanging system being different than the first local exchanging system;
receiving, at the first local exchanging system, an electronic message;
inspecting, at the first local exchanging system, the electronic message to identify characteristics of the electronic message;
accessing the first stored data indicating characteristics of electronic messages inspected by the first local exchanging system;
accessing the second stored data indicating characteristics of electronic messages inspected by the second local exchanging system;
comparing the identified characteristics of the electronic message with the accessed first stored data indicating characteristics of electronic messages inspected by the first local exchanging system and the accessed second stored data indicating characteristics of electronic messages inspected by the second local exchanging system;
based on comparison results, identifying a security condition for the electronic message; and
processing the electronic message based on the security condition. - View Dependent Claims (17, 18, 19, 20)
-
Specification