Method and apparatus for filtering junk email

US 6,321,267 B1
Filed: 11/23/1999
Issued: 11/20/2001
Est. Priority Date: 11/23/1999
Status: Expired due to Term

First Claim

Patent Images

1. A system for detecting and selectively preventing reception of an electronic message to a local message transfer agent (MTA), the electronic message having an address identifying a sender and transferred over a connection from a remote host, the system comprising:

a dialup filter determining whether the connection is a dialup connection and, if the connection is a dialup connection, terminating the connection;

a relay filter determining whether the remote host is an open relay and, if the remote host is an open relay, terminating the connection; and

, a user filter verifying whether the sender of the electronic message is authorized and, if the sender of the electronic message is not authorized, terminating the connection;

wherein, said system establishes communication over the connection between said remote host and the local MTA if said system determines that the connection is not a dialup connection, said relay filter determines that the remote host is not an open relay and said user filter verifies the sender as authorized.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An Active Filtering proxy filters electronic junk mail (also known as spam, bulk mail, or advertising) received at a Message Transfer Agent from remote Internet hosts using the Simple Mail Transfer Protocol (SMTP). The proxy actively probes remote hosts that attempt to send mail to the protected mail server in order to identify dialup PCs, open relays, and forged email. The system provides multiple layers of defense including: connect-time filtering based on IP address, identification of dialup PCs attempting to send mail, testing for permissive (open) relays, testing for validity of the sender'"'"'s address, and message header filtering. A sender'"'"'s message must successfully pass through all relevant layers, or it is rejected and logged. Subsequent filters feed IP addresses back to the IP filtering mechanism, so subsequent mail from the same host can be easily blocked.

841 Citations

68 Claims

1. A system for detecting and selectively preventing reception of an electronic message to a local message transfer agent (MTA), the electronic message having an address identifying a sender and transferred over a connection from a remote host, the system comprising:
- a dialup filter determining whether the connection is a dialup connection and, if the connection is a dialup connection, terminating the connection;
  
  a relay filter determining whether the remote host is an open relay and, if the remote host is an open relay, terminating the connection; and
  
  , a user filter verifying whether the sender of the electronic message is authorized and, if the sender of the electronic message is not authorized, terminating the connection;
  
  wherein, said system establishes communication over the connection between said remote host and the local MTA if said system determines that the connection is not a dialup connection, said relay filter determines that the remote host is not an open relay and said user filter verifies the sender as authorized.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 2. The system of claim 1, wherein said system attempts to establish a reverse connection from said system to the remote host, wherein if the reverse connection cannot be established then said dialup filter determines whether the connection is a dialup connection, and if the reverse connection is established then said relay filter determines whether the remote host is an open relay.
  - 3. The system of claim 2, wherein after said dialup filter determines whether the connection is a dialup connection or if the relay filter is unable to determine whether the remote host is an open relay, said user filter verifies whether the sender is authorized.
  - 4. The system of claim 1, wherein said user filter verifies the sender in response to said relay filter not being able to determine whether the remote host is an open relay.
  - 5. The system of claim 1, wherein said system is part of a firewall host.
  - 6. The system of claim 1, wherein the electronic message is transferred in accordance with Simple Mail Transfer Protocol or Extended Simple Mail Transfer Protocol.
  - 7. The system of claim 1, wherein said system validates the electronic message after a mail from transaction is received from the remote host.
  - 8. The system of claim 1, further comprising a memory, wherein said system validates the electronic message after a data transaction is received, the memory storing intended recipients of the rejected electronic message.
  - 9. The system of claim 1, wherein said system operates in a packet transfer mode once the connection is established with the local host.
  - 10. The system of claim 1, wherein said system is integrated within a wrapper program.
  - 11. The system of claim 1, further comprising an IP filter having a blacklist database, said IP filter terminating the connection if the remote host corresponds to a blacklisted host on the blacklist database.
  - 12. The system of claim 11, wherein said dialup filter adds any remote host determined to be a dialup to the blacklist database.
  - 13. The system of claim 11, wherein said relay filter adds any remote host determined to be an open relay to the blacklist database.
  - 14. The system of claim 1, further comprising an electronic mail address filter having a whitelist database, wherein said system establishes a connection to the remote host if a mail from address of the sender is in the whitelist database.
  - 15. The system of claim 1, further comprising a trusted host database, wherein said system establishes a connection between the remote host and the local MTA if a domain name or IP address for the remote host is stored in the trusted host database.
  - 16. The system of claim 1, said dialup filter having a dialup database listing remote hosts that were predetermined as not having a dialup connection, said dialup filter determining that the connection is not a dialup connection if the remote host is configured as a non-dialup.
  - 17. The system of claim 16, said dialup filter including the remote host in the dialup database as not having a dialup connection or in cache if said dialup filter determines that the remote host does not have a dialup connection.
  - 18. The system of claim 1, said dialup filter determining whether the connection is a dialup connection if the system is unable to establish a reverse connection with the remote host and based upon a remote host name and a name for at least one host neighboring the remote host.
  - 19. The system of claim 1, said dialup filter determining whether the connection is a dialup connection if the system is unable to establish a reverse connection with the remote host and at least one host neighboring the remote host.
  - 20. The system of claim 1, said relay filter having a relay database listing remote hosts that are not open relays, said relay filter determining that the remote host is not an open relay if the remote host is listed in the relay database.
  - 21. The system of claim 1, said relay filter establishing a test connection from said system to the remote host and initiating a transaction with the remote host, said relay filter determining that the remote host is an open relay based upon the remote host'"'"'s response to the test transaction.
  - 22. The system of claim 21, said relay filter including the remote host in the non-relay database or cache if the remote host is determined not to be an open relay.
  - 23. The system of claim 21, wherein the test electronic message is addressed to the sender and said relay filter determines whether the remote host is an open relay based upon whether the remote host accepts the test electronic message.
  - 24. The system of claim 21, wherein the test electronic message is addressed to an unrelated host that is unrelated to the remote host, and said relay filter determines whether the remote host is an open relay based upon whether the remote host accepts the test electronic message.
  - 25. The system of claim 1, wherein the electronic message comprises an email.
  - 26. The system of claim 1, wherein selectively preventing reception of the electronic message at the local MTA comprises terminating the connection by said dialup filter, relay filter or user filter.
  - 27. The system of claim 1, wherein said system prevents reception of undesirable electronic messages by the local MTA.
  - 28. The system of claim 1, wherein the system comprises a filter proxy.

29. An article of manufacture for detecting and selectively preventing reception of an electronic message by a local host having a local message transfer agent (MTA), the electronic message transferred over a connection from a remote host, the article of manufacture comprising a computer-readable medium having stored thereon instructions which, when performed by a processor, cause the processor to execute the steps comprising the steps of:
- determining whether the connection is a dialup connection;
  
  terminating the connection to the remote host in response to determining that the connection was established by a dialup connection; and
  
  , forwarding the electronic message to the local host in response to determining that the connection was not established by a dialup connection.
- View Dependent Claims (30, 31, 32)
- - 30. The article of manufacture of claim 29, further comprising attempting to establish a reverse connection to the remote host, wherein the step of determining whether the connection is a dialup connection is performed only if the reverse connection is not established, otherwise determining whether the remote host is an open relay, terminating the connection to the remote host in response to determining that the remote host is an open relay, and forwarding the electronic message to the local host in response to determining that the remote host is not an open relay.
  - 31. The article of manufacture of claim 30, further comprising the steps of verifying, in response to determining that the remote host is not an open relay, whether a sender of the electronic message is authorized at a mailhost configured for the sender, terminating the connection to the remote host if the sender is not authorized at the remote host, and forwarding the electronic message to the local host if the sender is authorized.
  - 32. The article of manufacture of claim 29, wherein the steps of determining, forwarding and terminating are performed at a system located outside the local host.

33. A proxy filter comprising an input port for receiving an electronic message on a connection from a remote host, a dialup filter determining whether the connection is a dialup connection and terminating the connection if the connection is determined to be a dialup connection, and an output port forwarding the electronic message received over the connection to a local host if the connection is determined to not be a dialup connection.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 34. The proxy filter of claim 33, further comprising a an IP filter having a blacklist database, said IP filter terminating the connection if the remote host corresponds to a blacklisted host on the blacklist database.
  - 35. The proxy filter of claim 34, wherein said dialup filter adds any remote host determined to be a dialup to the blacklist database.
  - 36. The proxy filter of claim 33, further comprising a trusted host database, wherein said proxy filter forwards the electronic message to the local host if a domain name or IP address for the remote host is stored in the trusted host database.
  - 37. The proxy filter of claim 33, the dialup filter having a dialup database listing host names and addresses that are predetermined to not be a dialup, said dialup filter determining that the connection is not a dialup connection if the remote host is listed in said dialup database.
  - 38. The proxy filter of claim 33, said dialup filter including the remote host in the dialup database or cache if said dialup filter determines that the remote host does not have a dialup connection.
  - 39. The proxy filter of claim 33, said dialup filter determining that the connection is a dialup connection if the proxy filter is unable to establish a reverse connection with the remote host.
  - 40. The proxy filter of claim 39, said dialup filter determining whether the connection is a dialup connection based upon a remote host name and a name for at least one host neighboring the remote host.
  - 41. The proxy filter of claim 33, said dialup filter determining whether the connection is a dialup connection based upon a remote host name and a name for at least one host neighboring the remote host.
  - 42. The proxy filter of claim 33, said dialup filter determining whether the connection is a dialup connection if the proxy filter is unable to establish a reverse connection with the remote host and with at least one host neighboring the remote host.
  - 43. The proxy filter of claim 33, further comprising a user filter determining whether the sender of the incoming message is recognized by a mailhost that is configured for a sender'"'"'s domain if the dialup filter determines the connection is not a dialup connection and said output port only forwards the electronic message received on the connection to the local host if the electronic message is authorized by the local host.
  - 44. The proxy filter of claim 33, further comprising a relay filter determining whether the remote host permits relaying of electronic messages and terminating the connection if the remote host permits relaying of electronic messages, and the output port forwards the electronic message received over the connection to a local host if the remote host does not permit relaying of electronic messages.
  - 45. The proxy filter of claim 44, wherein said proxy filter attempts to establish a reverse connection with the remote host, said dialup filter only determines whether the connection is a dialup connection if the reverse connection is not established and said relay filter only determines whether the remote host permits relaying if the reverse connection is established.

46. A proxy filter comprising an input port for receiving an electronic message over a connection from a remote host, a relay filter determining whether the remote host permits relaying of electronic messages and terminating the connection if the remote host permits relaying of electronic messages, and an output port forwarding the electronic message received over the connection to a local host if the remote host does not permit relaying of electronic messages.
- View Dependent Claims (47, 48, 49, 50, 51)
- - 47. The proxy filter of claim 46, further comprising a user filter determining whether the sender of the incoming message is recognized by a mailhost that is configured for a sender'"'"'s domain if the relay filter determines the connection does not permit relaying of electronic messages and said output port only forwards the electronic message received on the connection to the local host if the electronic message is authorized by the local host.
  - 48. The proxy filter of claim 46, said relay filter having a relay database listing remote hosts that are not open relays, said relay filter determining that the remote host is not an open relay if the remote host is listed in the relay database.
  - 49. The proxy filter of claim 46, said relay filter establishing a reverse connection from said proxy filter to the remote host and initiating a test transaction to the sender at the remote host, the test transaction being addressed to the sender of the electronic message and said relay filter determining that the remote host is an open relay if the remote host accepts the test transaction.
  - 50. The proxy filter of claim 46, said relay filter establishing a reverse connection from said proxy filter to the remote host and initiating a test transaction to the remote host from an unrelated domain, the test transaction being addressed to an unrelated host that is unrelated to the remote host, and said relay filter determining that the remote host is an open relay if the remote host accepts the test transaction.
  - 51. The proxy filter of claim 46, wherein the relay filter dynamically determines whether the remote host permits relaying of electronic messages.

52. A proxy filter comprising an input port for receiving an electronic message on a connection from a remote host, the electronic message having an address identifying a sender, a user filter determining whether the sender of the incoming message is recognized by a mailhost that is configured for the sender'"'"'s address and an output port for forwarding the electronic message received on the connection to the local host if the electronic message is authorized by the local host.
- View Dependent Claims (53, 54)
- - 53. The proxy filter of claim 52, wherein the configured mailhost locates a highest-priority mail exchange record, and if no highest-priority mail exchange record exists, then locates a domain in the electronic message.
  - 54. The proxy filter of claim 52, wherein the user filter dynamically determines whether the sender of the incoming message is recognized by a mailhost that is configured for the sender'"'"'s address.

55. An article of manufacture for detecting and selectively preventing reception of an electronic message by a local host having a local message transfer agent (MTA), the electronic message transferred over a connection from a remote host, the article of manufacture comprising a computer-readable medium having stored thereon instructions which, when performed by a processor, cause the processor to execute the steps comprising the steps of:
- determining whether the remote host is an open relay;
  
  terminating the connection to the remote host in response to determining that the remote host is an open relay; and
  
  , forwarding the electronic message to the local host in response to determining that the remote host is not an open relay.
- View Dependent Claims (56, 57, 58, 59)
- - 56. The article of manufacture of claim 55, further comprising establishing a reverse connection to the remote host, wherein the step of determining whether the remote host is an open relay is performed only if the reverse connection is established, otherwise determining whether the connection is a dialup connection, terminating the connection to the remote host in response to determining that the connection is a dialup connection, and forwarding the electronic message to the local host in response to determining that the connection is not a dialup connection.
  - 57. The article of manufacture of claim 55, further comprising verifying, in response to determining that the connection is not a dialup connection, whether a sender of the electronic message is authorized at the remote host, terminating the connection to the remote host if the sender is not authorized at the remote host, and forwarding the electronic message to the local host if the sender is authorized.
  - 58. The article of manufacture of claim 55, wherein the steps of determining, forwarding and terminating are performed at a filter proxy located outside the local host.
  - 59. The article of manufacture of claim 55, wherein the step of determining whether the remote host is an open relay is dynamic.

60. A method for detecting and selectively preventing reception of an electronic message transferred over a connection from a remote host by a local host having a local message transfer agent (MTA), the method comprising:
- determining whether the connection was established by a dialup connection;
  
  terminating the connection to the remote host in response to determining that the connection was established by a dialup connection; and
  
  , forwarding the electronic message to the local host in response to determining that the connection was not established by a dialup connection.
- View Dependent Claims (61, 62, 63)
- - 61. The method of claim 60, further comprising establishing a reverse connection to the remote host, wherein the step of determining whether the connection is a dialup connection is performed only if the reverse connection is not established, otherwise determining whether the remote host is an open relay, terminating the connection to the remote host in response to determining that the remote host is an open relay, and forwarding the electronic message to the local host in response to determining that the remote host is not an open relay.
  - 62. The method of claim 60, further comprising verifying, in response to being unable to determine whether the remote host is an open relay, whether a sender of the electronic message is authorized at the remote host, terminating the connection to the remote host if the sender is not authorized at the remote host, and forwarding the electronic message to the local host if the sender is authorized.
  - 63. The method of claim 60, wherein the steps of determining, forwarding and terminating are performed at a filter proxy located outside the local host.

64. A method for detecting and selectively preventing reception of an electronic message transferred over a connection from a remote host by a local host having a local message transfer agent (MTA), the method comprising:
- determining whether the remote host is an open relay;
  
  terminating the connection to the remote host in response to determining that the remote host is an open relay; and
  
  , forwarding the electronic message to the local host in response to determining that the remote host is not an open relay.
- View Dependent Claims (65, 66, 67, 68)
- - 65. The method of claim 64, further comprising establishing a reverse connection to the remote host, wherein the step of determining whether the remote host is an open relay is performed only if the reverse connection is established, otherwise determining whether the connection is a dialup connection, terminating the connection to the remote host in response to determining that the connection is a dialup connection, and forwarding the electronic message to the local host in response to determining that the connection is not a dialup connection.
  - 66. The method of claim 64, further comprising verifying, in response to determining that the connection is not a dialup connection, whether a sender of the electronic message is authorized at the remote host, terminating the connection to the remote host if the sender is not authorized at the remote host, and forwarding the electronic message to the local host if the sender is authorized.
  - 67. The method of claim 64, wherein the steps of determining, forwarding and terminating are performed at a filter proxy located outside the local host.
  - 68. The method of claim 64, wherein the determining whether the remote host is an open relay is dynamic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Escom Corporation
Original Assignee
Escom Corporation
Inventors
Donaldson, Albert L.
Primary Examiner(s)
Etienne, Ario

Application Number

US09/447,590
Time in Patent Office

728 Days
Field of Search

709/229, 709/217, 709/218, 709/219, 709/232, 709/249, 709/206, 709/204, 709/227, 709/238, 370/351, 370/241, 370/392, 707/10, 713/200, 713/201, 379/219
US Class Current

709/229
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 51/48   Message addressing, e.g. ad...

H04L 63/0227   Filtering policies mail mes...

H04L 63/145   the attack involving the pr...

Method and apparatus for filtering junk email

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

841 Citations

68 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for filtering junk email

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

841 Citations

68 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links