Method and apparatus for authenticating electronic mail

US 7,072,944 B2
Filed: 10/07/2002
Issued: 07/04/2006
Est. Priority Date: 10/07/2002
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating an electronic mail, the method including:

parsing a “

received”

field of a header of the electronic mail to identify actual domain name data included in the header at a server receiving the electronic mail from a mail client;

parsing the header to obtain purported sender data included in the header of the electronic mail;

comparing the actual domain name data and purported sender data;

generating an authenticity indicator in response to the comparison, the authenticity indicator providing an indication of the likelihood that the electronic mail was sent from a purported sender of the electronic mail; and

presenting the authenticity indicator to the recipient of the electronic mail.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for authenticating an electronic message are provided. The method includes investigating data in a header of the electronic message, and generating an authenticity indicator in response to the investigation. The authenticity indicator may provide an indication of the likelihood that the electronic message was sent from a purported sender visible to a recipient of the electronic message. In certain embodiments, the method includes presenting the authenticity indicator to the recipient of the electronic message. Investigating data in the header may include parsing the header to obtain purported sender data in a from field populated at a mail client and to obtain actual originator data, comparing the purported sender data and actual originator data, and generating the authenticity indicator in response to the comparison. The from field may be the “FROM: . . . ” field of an email message provided to identify a sender of the email message.

Citations

29 Claims

1. A method of authenticating an electronic mail, the method including:
- parsing a “
  
  received”
  
  field of a header of the electronic mail to identify actual domain name data included in the header at a server receiving the electronic mail from a mail client;
  
  parsing the header to obtain purported sender data included in the header of the electronic mail;
  
  comparing the actual domain name data and purported sender data;
  
  generating an authenticity indicator in response to the comparison, the authenticity indicator providing an indication of the likelihood that the electronic mail was sent from a purported sender of the electronic mail; and
  
  presenting the authenticity indicator to the recipient of the electronic mail.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, in which parsing the header to obtain purported sender data includes:
    - parsing the header to obtain purported sender domain name data in a “
      
      FROM;
      
      . . . ”
      
      field populated at the mail client, the purported sender domain name data being visible to a recipient of the electronic mail.
  - 3. The method of claim 1, in which parsing the header to obtain purported sender data includes:
    - parsing the header to obtain a purported IP Address of an originator of the electronic mail;
      
      interrogating a Domain Name Server (DNS) with the actual domain name data to obtain an associated IP address of an actual domain name;
      
      comparing the associated IP address with the purported IP address; and
      
      generating the authenticity indicator in response to the comparison.
  - 4. The method of claim 1, which is executed in conjunction with virus protection software.
  - 5. The method of claim 1, wherein the header of the electronic mail includes a visible mail header which is visible to the recipient when opening the electronic mail, and a transmission data mail header including received data included by at least one server via which the electronic mail is communicated, the method including investigating data in both the visible and transmission data mail headers.
  - 6. The method of claim 1, in which parsing the header to obtain purported domain name data includes:
    - parsing the header to obtain domain name data of each server via which the electronic mail has been communicated;
      
      comparing the domain name data of each server with reference domain name data; and
      
      generating the authenticity indicator in response to the comparison.
  - 7. The method of claim 6, wherein the reference domain name data includes domain names associated with spoofed electronic mail, the method including updating the reference domain name data in an automated fashion.
  - 8. The method of claim 7, wherein the reference domain name data is stored on a client machine, the method including:
    - connecting the client machine to a remote database of reference domain name data;
      
      downloading updated reference domain name data; and
      
      storing the reference domain name data on the client machine.
  - 9. The method of claim 6, which includes downloading the reference domain name data via the Internet.
  - 10. The method of claim 6, wherein the reference domain data is integrated in a mail client application.
  - 11. The method of claim 6, which includes parsing a “
    - received”
      
      field included in the header by each server via which the electronic mail has been communicated.

12. A machine-readable medium embodying a sequence of instructions that, when executed by a machine, cause the machine execute a method of authenticating an electronic mail, the method including:
- parsing a “
  
  received”
  
  field of a header of the electronic mail to identify actual domain name data included in the header at a server receiving the electronic mail from a mail client;
  
  parsing the header to obtain purported sender data included in the header of the electronic mail;
  
  comparing the actual domain name data and purported sender data;
  
  generating an authenticity indicator in response to the investigation, the authenticity indicator providing an indication of the likelihood that the electronic mail was sent from a purported sender of the electronic mail; and
  
  presenting the authenticity indicator to the recipient of the electronic mail.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The machine-readable medium of claim 12, wherein parsing the header to obtain purported sender data includes:
    - parsing the header to obtain purported sender domain name data in a “
      
      FROM;
      
      ”
      
      field populated at the mail client, the purported sender domain name data being visible to a recipient of the electronic mail.
  - 14. The machine-readable medium of claim 12, wherein parsing the header to obtain purported sender data includes:
    - parsing the header to obtain a purported IP Address of an originator of the electronic mail;
      
      interrogating a Domain Name Server (DNS) with the actual domain name data to obtain an associated IP address of an actual domain name;
      
      comparing the associated IP address with the purported IP address; and
      
      generating the authenticity indicator in response to the comparison.
  - 15. The machine-readable medium of claim 12, wherein the instructions are executed in conjunction with virus protection software.
  - 16. The machine-readable medium of claim 12, wherein the header of the electronic mail includes a visible mail header which is visible to the recipient when opening the electronic mail, and a transmission data mail header including received data included by at least one server via which the electronic mail is communicated, the method including investigating data in both the visible and transmission data mail headers.
  - 17. The machine-readable medium of claim 12, wherein parsing in the header to obtain purported domain name data includes:
    - parsing the header to obtain domain name data of each server via which the electronic mail has been communicated;
      
      comparing the domain name data of each server with reference domain name data; and
      
      generating the authenticity indicator in response to the comparison.
  - 18. The machine-readable medium of claim 17, wherein the reference domain name data includes domain names associated with spoofed electronic mail, the method including updating the reference domain name data in an automated fashion.
  - 19. The machine-readable medium of claim 18, wherein the reference domain name data is stored on a client machine, the method including:
    - connecting the client machine to a remote database of reference domain name data;
      
      downloading updated reference domain name data; and
      
      storing the reference domain name data on the client machine.
  - 20. The machine-readable medium of claim 17, in which the method includes downloading the reference domain name data via the Internet.
  - 21. The machine-readable medium of claim 17, wherein the reference domain data is integrated in a mail client application.
  - 22. The machine-readable medium of claim 17, in which the method includes parsing a “
    - received”
      
      field included in the header by each server via which the electronic mail has been communicated.

23. A mail server for authenticating electronic mail communicated between the mail server and at least one client device, the mail server including:
- a communication interface for communicating with the at least one client device;
  
  a processor; and
  
  memory which includes a set of instructions which, when executed by the processor, cause the processor to;
  
  parse a “
  
  received”
  
  field of a header of the electronic mail to identify actual domain name data included in the header at a server receiving the electronic mail from a mail client;
  
  parse the header to obtain purported sender data included in the header of the electronic mail;
  
  compare the actual domain name data and purported sender data; and
  
  generate an authenticity indicator in response to the comparison, the authenticity indicator being presentable to a recipient of the electronic mail to provide an indication of the likelihood that the electronic mail was sent from a purported sender of the electronic mail.
- View Dependent Claims (24, 25, 26, 27, 28)
- - 24. The mail server of claim 23, in which the processor:
    - parses the header to obtain purported sender domain name data in a “
      
      FROM;
      
      ”
      
      field populated at a mail client, the purported sender domain name data being visible to a recipient of the electronic mail.
  - 25. The mail server of claim 23, in which the processor:
    - parses the header to obtain a purported IP Address of an originator of the electronic mail;
      
      interrogates a Domain Name Server (DNS) with the actual domain name data to obtain an associated IP address of the actual domain name;
      
      compares the associated IP address with the purported IP address; and
      
      generates the authenticity indicator in response to the comparison.
  - 26. The mail server of claim 23, in which the processor:
    - parses the header to obtain domain name data of each server via which the electronic mail has been communicated;
      
      compares the domain name data of each server with reference domain name data; and
      
      generates the authenticity indicator in response to the comparison.
  - 27. The mail server of claim 26, wherein the reference domain name data includes domain names associated with spoofed electronic mail and the reference domain name data is updated in an automated fashion.
  - 28. The mail server of claim 27, wherein the reference domain name data is stored on a client machine and the processor:
    - connects the client machine to a remote database of reference domain name data;
      
      downloads updated reference domain name data; and
      
      stores the reference domain name data on the client machine.

29. A mail server for authenticating electronic mail communicated between the mail server and at least one client device, the mail server including:
- means communication interface for communicating with the at least one client device;
  
  processor means; and
  
  means to store a set of instructions which, when executed by the processor, cause the processor means to;
  
  parse a “
  
  received”
  
  field of a header of the electronic mail to identify actual domain name data included in the header at a server receiving the electronic mail from a mail client;
  
  parse the header to obtain purported sender data included in the header of the electronic mail;
  
  compare the actual domain name data and purported sender data; and
  
  generate an authenticity indicator in response to the comparison, the authenticity indicator being presentable to a recipient of the electronic mail to provide an indication of the likelihood that the electronic mail was sent from a purported sender of the electronic mail.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
eBay Inc.
Original Assignee
eBay Inc.
Inventors
Abbott, Marty, Sanford, Kirk, Lalonde, Chris, Isaacs, Greg
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
WANG, LIANG CHE A

Application Number

US10/266,384
Publication Number

US 20040068542A1
Time in Patent Office

1,366 Days
Field of Search

707/9, 709201-206, 709/207, 713200-202, 713/156
US Class Current

709/206
CPC Class Codes

G06Q 10/107   Computer-aided management o...

H04L 51/212   using filtering or selectiv...

H04L 51/48   Message addressing, e.g. ad...

H04L 61/4555   Directories for electronic ...

H04L 63/126   the source of the received ...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1466   Active attacks involving in...

H04L 63/1483   service impersonation, e.g....

Method and apparatus for authenticating electronic mail

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for authenticating electronic mail

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links