PROCESSING A MESSAGE BASED ON A BOUNDARY IP ADDRESS AND DECAY VARIABLE
First Claim
Patent Images
1. A method of classifying a message transmitted over a network, the method comprising:
- receiving the message transmitted over the network and addressed to a recipient; and
executing instructions stored in a non-transitory computer readable storage medium to;
determine an associated domain from which the received message is purported to be sent,identify that the determined domain appears on a whitelist associated with the recipient,determine whether the domain has been spoofed based on whether a common classification appears across a plurality of IP addresses associated with the domain, wherein;
the domain is determined not to be spoofed if the received message is on the whitelist but has the common spam classification appearing across the plurality of IP addresses, andthe domain is determined to be spoofed if the received message is on the whitelist but has different classifications appearing across the plurality of IP addresses, andclassify the received message based on the determination whether the domain has been spoofed.
26 Assignments
0 Petitions
Accused Products
Abstract
A technique for determining a boundary IP address is disclosed. The technique includes processing a header to extract candidate IP address, locating a gateway IP address, and selecting the boundary IP address based on the location of the gateway IP address.
1 Citation
19 Claims
-
1. A method of classifying a message transmitted over a network, the method comprising:
-
receiving the message transmitted over the network and addressed to a recipient; and executing instructions stored in a non-transitory computer readable storage medium to; determine an associated domain from which the received message is purported to be sent, identify that the determined domain appears on a whitelist associated with the recipient, determine whether the domain has been spoofed based on whether a common classification appears across a plurality of IP addresses associated with the domain, wherein; the domain is determined not to be spoofed if the received message is on the whitelist but has the common spam classification appearing across the plurality of IP addresses, and the domain is determined to be spoofed if the received message is on the whitelist but has different classifications appearing across the plurality of IP addresses, and classify the received message based on the determination whether the domain has been spoofed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system of classifying a message transmitted over a network, the system comprising:
-
a communication interface that receives the message transmitted over the network and addressed to a recipient; and a processor that executes instructions stored in a non-transitory computer readable storage medium to; determine an associated domain from which the received message is purported to be sent, identify that the determined domain appears on a whitelist associated with the recipient, determine whether the domain has been spoofed based on whether a common classification appears across a plurality of IP addresses associated with the domain, wherein; the domain is determined not to be spoofed if the received message is on the whitelist but has the common spam classification appearing across the plurality of IP addresses, and the domain is determined to be spoofed if the received message is on the whitelist but has different classifications appearing across the plurality of IP addresses, and classify the received message based on the determination whether the domain has been spoofed. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable storage medium, having embodied thereon a program executable by a processor to perform a method for classifying a message transmitted over a network, the method comprising:
-
receiving the message transmitted over the network and addressed to a recipient; determining an associated domain from which the received message is purported to be sent; identifying that the determined domain appears on a whitelist associated with the recipient; determining whether the domain has been spoofed based on whether a common classification appears across a plurality of IP addresses associated with the domain, wherein; the domain is determined not to be spoofed if the received message is on the whitelist but has the common spam classification appearing across the plurality of IP addresses, and the domain is determined to be spoofed if the received message is on the whitelist but has different classifications appearing across the plurality of IP addresses; and classifying the received message based on the determination whether the domain has been spoofed.
-
Specification