Identifying unwanted electronic messages

US 7,325,249 B2
Filed: 01/31/2002
Issued: 01/29/2008
Est. Priority Date: 04/30/2001
Status: Active Grant

First Claim

Patent Images

1. A method of identifying unwanted messages, the method comprising:

inspecting a payload portion of an electronic mail message being communicated and identifying characteristics of the payload portion, the electronic mail message including an address of a recipient;

comparing the characteristics of the inspeceted payload portion of the electronic mail message with stored data indicating characterisitics of at least one other electronic mail message that has been inspected;

based on comparison results, identifying a first security condition for the electronic mail message from among at least one of acceptable, unacceptable, and indeterminate states; and

processing the electronic mail message based on the first security condition, wherein processing, the electronic mail message includes;

rejecting the electronic mail message if the first security condition associated with the electronic mail message reflects the unacceptable state;

accepting the electronic mail message if the first security condition associated with the electronic mail message reflects the acceptable state; and

if the first security condition associated with the electronic mail message reflects the indeterminate state, monitoring the electronic mail message by;

transmitting the electronic mail message based on the address of the electronic mail message;

tracking a location of the transmitted electronic mail message;

inspecting at least one other electronic mail message subsequent to transmitting the electronic mail message;

updating the stored data to indicate characteristics of the at least one other electronic mail message that has been inspected;

recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message based on the updated stored data; and

reprocessing the transmitted electronic mail message based on the second security condition, wherein reprocessing the transmitted electronic mail message includes deleting the transmitted electronic mail message if the second security condition reflects the unacceptable state.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An unwanted message may be identified by inspecting the payload portion of a message being communicated, comparing the characteristics of the payload portion with stored data indicating characteristics of other messages, and identifying a security condition based on a comparison of the message inspected. The characteristics inspected may include the payload portion of a message or the whole message when the characteristics are being compared against messages being exchanged on more than one local exchanging system. Furthermore, the characteristics of messages may be tracked for comparison against the characteristics of future messages. A threshold number of those characteristics may subsequently implicate a hostile security condition, even if a current comparison of these characteristics does not reach the threshold necessary to implicate a hostile security condition.

169 Citations

27 Claims

1. A method of identifying unwanted messages, the method comprising:
- inspecting a payload portion of an electronic mail message being communicated and identifying characteristics of the payload portion, the electronic mail message including an address of a recipient;
  
  comparing the characteristics of the inspeceted payload portion of the electronic mail message with stored data indicating characterisitics of at least one other electronic mail message that has been inspected;
  
  based on comparison results, identifying a first security condition for the electronic mail message from among at least one of acceptable, unacceptable, and indeterminate states; and
  
  processing the electronic mail message based on the first security condition, wherein processing, the electronic mail message includes;
  
  rejecting the electronic mail message if the first security condition associated with the electronic mail message reflects the unacceptable state;
  
  accepting the electronic mail message if the first security condition associated with the electronic mail message reflects the acceptable state; and
  
  if the first security condition associated with the electronic mail message reflects the indeterminate state, monitoring the electronic mail message by;
  
  transmitting the electronic mail message based on the address of the electronic mail message;
  
  tracking a location of the transmitted electronic mail message;
  
  inspecting at least one other electronic mail message subsequent to transmitting the electronic mail message;
  
  updating the stored data to indicate characteristics of the at least one other electronic mail message that has been inspected;
  
  recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message based on the updated stored data; and
  
  reprocessing the transmitted electronic mail message based on the second security condition, wherein reprocessing the transmitted electronic mail message includes deleting the transmitted electronic mail message if the second security condition reflects the unacceptable state.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The method of claim 1 wherein the characteristics of the payload portion include information other than address information.
  - 3. The method of claim 2 wherein the characteristics of the payload portion do not include address information.
  - 4. The method of claim 1 wherein a security condition associated with an electronic mail message is identified as reflecting the unacceptable state when the comparison of the characteristics reveals a threshold number of messages having a shared characteristic.
  - 5. The method of claim 4 wherein reprocessing the transmitted electronic mail message based on the second security condition includes deleting the transmitted electronic mail message if the security condition associated with the at least one other electronic mail message inspected subsequent to the transmitting the electronic mail message is identified as reflecting the unacceptable state and the at least one other electronic mail message has characteristics in common with the transmitted electronic mail message.
  - 6. The method of claim 1 further comprising tracking the characteristics of the payload portion for comparison against characteristics of future electronic mail messages, wherein the characteristics of a new electronic mail message are compared with the characteristics of at least one electronic mail message that has been tracked.
  - 7. The method of claim 6 wherein comparing the characteristics of the payload portion includes comparing the characteristics of the payload portion of electronic mail messages inspected with stored characteristics of other communicated electronic mail messages.
  - 8. The method of claim 6 wherein the characteristics of the payload portion of the electronic mail message are tracked when the first security condition is indentified as reflecting the indeterminate state.
  - 9. The method of claim 8 wherein an indeterminate state is identified if the comparison of the characteristics does not itself reveal an unacceptable state, but the characteristics of the payload portion would reveal the unacceptable state in combination with similar characteristics of other electronic mail messages.
  - 10. The method of claim 8 further comprising accepting the transmitted electronic mail message if the second security condition associated with the transmitted electronic mail message reflects the acceptable state.
  - 11. The method of claim 1 wherein identifying the first security condition includes comparing the characteristics of more than one electronic mail message received by a single device.
  - 12. The method of claim 1 wherein identifying the first security condition includes comparing the characteristics of more than one electronic mail message sent by a single device.
  - 13. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message includes recategorizing the first security condition of the transmitted electronic mail message to second security condition that reflects the unacceptable state.
  - 14. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message includes recategorizing the first security condition of the transmitted electronic mail message to a second security condition that reflects the unacceptable state.
  - 15. The method of claim 1 wherein identifying the first security condition as reflecting the acceptable state includes identifying the first security condition as reflecting a neutral state.
  - 16. The method of claim 1 wherein identifying the first security condition as reflecting the unacceptable state includes identifying the first security condition as reflecting a hostile state.
  - 17. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message is performed when the stored data is updated such that the security condition associated with an electronic mail message with certain characteristics would be identified as reflecting a state other than the indeterminate state and the security condition associated with an electronic mail message with the same characteristics would have been identified as reflecting the indeterminate state prior to the update.
  - 18. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message is performed if at least one other electronic mail message inspected subsequent to transmitting the electronic mail message includes a characteristic that increases the number of electronic mail messages inspected with that characteristic above a threshold level.
  - 19. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message is performed when an administrator updates the stored data to indicate that at least one characteristic of an electronic mail message is acceptable.
  - 20. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message is performed when an administrator updates the stored data to indicate that at least one characteristic of an electronic mail message is unacceptable.
  - 21. The method of claim 1 wherein reprocessing the transmitted electronic mail message includes removing the transmitted electronic mail message from storage if the second security condition reflects the unacceptable state.
  - 22. The method of claim 1 wherein reprocessing the transmitted electronic mail message includes generating an alarm if the second security condition reflects the unacceptable state.
  - 23. The method of claim 1 wherein reprocessing the transmitted electronic mail message includes continuing to track the location of the transmitted electronic mail message if the second security condition still reflects the indeterminate state.
  - 24. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message includes:
    - accessing the location of the electronic mail message;
      
      retrieving the electronic mail message from the location;
      
      inspecting the payload portion of the transmitted electronic mail message and identifying characteristics of the payload portion;
      
      comparing the characteristics of the payload portion of the transmitted electronic mail message with the updated stored data; and
      
      in response to comparing, identifying the second security condition from among at least one of the acceptable, unacceptable, and indeterminate states.

25. At least one storage medium storing one or more computer programs, the one or more computer programs including instructions that, when executed, perform operations comprising:
- inspecting a payload portion of an electronic mail message being communicated and identifying characteristics of the payload portion, the electronic mail message including an address of a recipient;
  
  comparing the characteristics of the inspected payload portion of the electronic mail message with stored data indicating characteristics of at least one other electronic mail message that has been inspected;
  
  based on comparison results, identifying a first security condition for the electronic mail message from among at least one of acceptable, unacceptable and indeterminate states; and
  
  processing the electronic mail message based on the first security condition, wherein processing the electronic mail message includes;
  
  rejecting the electronic mail message if the first security condition associated with the electronic mail message reflects the unacceptable state;
  
  accepting the electronic mail message if the first security condition associated with the electronic mail message reflects the acceptable state; and
  
  if the first security condition associated with the electronic mail message reflects the indeterminate state, monitoring the electronic mail message by;
  
  transmitting the electronic mail message based on the address of the electronic mail message;
  
  tracking a location of the transmitted electronic mail message;
  
  inspecting at least one other electronic mail message subsequent to transmitting the electronic mail message;
  
  updating the stored data to indicate characteristics of the at least one other electronic mail message that has been inspected;
  
  recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message based on the updated stored data; and
  
  reprocessing the transmitted electronic mail message based on the second security condition, wherein reprocessing the transmitted electronic mail message includes deleting the transmitted electronic mail message if the second security condition reflects the unacceptable state.

26. An electronic system comprising:
- at least one storage element configured to store data indicating characteristics of electronic mail messages; and
  
  at least one processor configured to execute instructions, stored on the at least one storage element, to perform operations comprising;
  
  inspecting a payload portion of an electronic mail message being communicated and identifying characteristics of the payload portion, the electronic mail message including an address of a recipient;
  
  comparing the characteristics of the inspected payload portion of the electronic mail message with stored data indicating characteristics of at least one other electronic mail message that has been inspected;
  
  based on comparison results, identifying a first security condition for the electronic mail message from among at least one of acceptable, unacceptable, and indeterminate states; and
  
  processing the electronic mail message based on the first security condition, wherein processing the electronic mail message includes;
  
  rejecting the electronic mail message if the first security condition associated with the electronic mail message reflects the unacceptable state;
  
  accepting the electronic mail message if the first security condition associated with the electronic mail message reflects the acceptable state; and
  
  if the first security condition associated with the electronic mail message reflects the indeterminate state, monitoring the electronic mail message by;
  
  transmitting the electronic mail message based on the address of the electronic mail message;
  
  tracking a location of the transmitted electronic mail message;
  
  inspecting at least one other electronic, mail message subsequent to transmitting the electronic mail message;
  
  updating the stored data to indicate characteristics of the at least one other electronic mail message that has been inspected;
  
  recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message based on the updated stored data; and
  
  reprocessing the transmitted electronic mail message based on the second security condition, wherein reprocessing the transmitted electronic mail message includes deleting the transmitted electronic mail message if the second security condition reflects the unacceptable state.

27. Art electronic system comprising:
- means for inspecting a payload portion of an electronic mail message being communicated and identifying characteristics of the payload portion, the electronic mail message including an address of a recipient;
  
  means for comparing the characteristics of the inspected payload portion of the electronic mail message with stored data indicating characteristics of at least one other electronic mail message that has been inspected;
  
  means for, based on comparison results, identifying a first security condition for the electronic mail message from among at least one of acceptable, unacceptable, and indeterminate states; and
  
  means for processing the electronic mail message based on the first security condition, wherein the means for processing the electronic mail message includes;
  
  means for rejecting the electronic mail message if the first security condition associated with the electronic mail message reflects the unacceptable state;
  
  means for accepting the electronic mail message if the first security condition associated with the electronic mail message reflects the acceptable state; and
  
  means for, if the first security condition associated with the electronic mail message reflects the indeterminate state, monitoring the electronic mail message by;
  
  transmitting the electronic mail message based on the address of the electronic mail message;
  
  tracking a location of the transmitted electronic mail message;
  
  inspecting at least one other electronic mail message subsequent to transmitting the electronic mail message;
  
  updating the stored data to indicate characteristics of the at least one other electronic mail message that has been inspected;
  
  recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message based on the updated stored data; and
  
  reprocessing the transmitted electronic mail message based on the second security condition, wherein reprocessing the transmitted electronic mail message includes deleting the transmitted electronic mail message if the second security condition reflects the unacceptable state.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
AOL LLC (Apollo Global Management, Inc.)
Inventors
Adamski, Michael K., Despeaux, Craig E., Sutton, Jr., Lorin R.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
POLTORAK, PIOTR

Application Number

US10/059,147
Publication Number

US 20020162025A1
Time in Patent Office

2,189 Days
Field of Search

726206-207, 709/24
US Class Current

726/13
CPC Class Codes

G06F 21/50 Monitoring users, programs ...

H04L 63/145 the attack involving the pr...

Identifying unwanted electronic messages

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

169 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Identifying unwanted electronic messages

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

169 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links