Identifying unwanted electronic messages
First Claim
1. A method of identifying unwanted messages, the method comprising:
- inspecting a payload portion of an electronic mail message being communicated and identifying characteristics of the payload portion, the electronic mail message including an address of a recipient;
comparing the characteristics of the inspeceted payload portion of the electronic mail message with stored data indicating characterisitics of at least one other electronic mail message that has been inspected;
based on comparison results, identifying a first security condition for the electronic mail message from among at least one of acceptable, unacceptable, and indeterminate states; and
processing the electronic mail message based on the first security condition, wherein processing, the electronic mail message includes;
rejecting the electronic mail message if the first security condition associated with the electronic mail message reflects the unacceptable state;
accepting the electronic mail message if the first security condition associated with the electronic mail message reflects the acceptable state; and
if the first security condition associated with the electronic mail message reflects the indeterminate state, monitoring the electronic mail message by;
transmitting the electronic mail message based on the address of the electronic mail message;
tracking a location of the transmitted electronic mail message;
inspecting at least one other electronic mail message subsequent to transmitting the electronic mail message;
updating the stored data to indicate characteristics of the at least one other electronic mail message that has been inspected;
recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message based on the updated stored data; and
reprocessing the transmitted electronic mail message based on the second security condition, wherein reprocessing the transmitted electronic mail message includes deleting the transmitted electronic mail message if the second security condition reflects the unacceptable state.
10 Assignments
0 Petitions
Accused Products
Abstract
An unwanted message may be identified by inspecting the payload portion of a message being communicated, comparing the characteristics of the payload portion with stored data indicating characteristics of other messages, and identifying a security condition based on a comparison of the message inspected. The characteristics inspected may include the payload portion of a message or the whole message when the characteristics are being compared against messages being exchanged on more than one local exchanging system. Furthermore, the characteristics of messages may be tracked for comparison against the characteristics of future messages. A threshold number of those characteristics may subsequently implicate a hostile security condition, even if a current comparison of these characteristics does not reach the threshold necessary to implicate a hostile security condition.
169 Citations
27 Claims
-
1. A method of identifying unwanted messages, the method comprising:
-
inspecting a payload portion of an electronic mail message being communicated and identifying characteristics of the payload portion, the electronic mail message including an address of a recipient; comparing the characteristics of the inspeceted payload portion of the electronic mail message with stored data indicating characterisitics of at least one other electronic mail message that has been inspected; based on comparison results, identifying a first security condition for the electronic mail message from among at least one of acceptable, unacceptable, and indeterminate states; and processing the electronic mail message based on the first security condition, wherein processing, the electronic mail message includes; rejecting the electronic mail message if the first security condition associated with the electronic mail message reflects the unacceptable state; accepting the electronic mail message if the first security condition associated with the electronic mail message reflects the acceptable state; and if the first security condition associated with the electronic mail message reflects the indeterminate state, monitoring the electronic mail message by; transmitting the electronic mail message based on the address of the electronic mail message; tracking a location of the transmitted electronic mail message; inspecting at least one other electronic mail message subsequent to transmitting the electronic mail message; updating the stored data to indicate characteristics of the at least one other electronic mail message that has been inspected; recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message based on the updated stored data; and reprocessing the transmitted electronic mail message based on the second security condition, wherein reprocessing the transmitted electronic mail message includes deleting the transmitted electronic mail message if the second security condition reflects the unacceptable state. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. At least one storage medium storing one or more computer programs, the one or more computer programs including instructions that, when executed, perform operations comprising:
-
inspecting a payload portion of an electronic mail message being communicated and identifying characteristics of the payload portion, the electronic mail message including an address of a recipient; comparing the characteristics of the inspected payload portion of the electronic mail message with stored data indicating characteristics of at least one other electronic mail message that has been inspected; based on comparison results, identifying a first security condition for the electronic mail message from among at least one of acceptable, unacceptable and indeterminate states; and processing the electronic mail message based on the first security condition, wherein processing the electronic mail message includes; rejecting the electronic mail message if the first security condition associated with the electronic mail message reflects the unacceptable state; accepting the electronic mail message if the first security condition associated with the electronic mail message reflects the acceptable state; and if the first security condition associated with the electronic mail message reflects the indeterminate state, monitoring the electronic mail message by; transmitting the electronic mail message based on the address of the electronic mail message; tracking a location of the transmitted electronic mail message; inspecting at least one other electronic mail message subsequent to transmitting the electronic mail message; updating the stored data to indicate characteristics of the at least one other electronic mail message that has been inspected; recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message based on the updated stored data; and reprocessing the transmitted electronic mail message based on the second security condition, wherein reprocessing the transmitted electronic mail message includes deleting the transmitted electronic mail message if the second security condition reflects the unacceptable state.
-
-
26. An electronic system comprising:
-
at least one storage element configured to store data indicating characteristics of electronic mail messages; and at least one processor configured to execute instructions, stored on the at least one storage element, to perform operations comprising; inspecting a payload portion of an electronic mail message being communicated and identifying characteristics of the payload portion, the electronic mail message including an address of a recipient; comparing the characteristics of the inspected payload portion of the electronic mail message with stored data indicating characteristics of at least one other electronic mail message that has been inspected; based on comparison results, identifying a first security condition for the electronic mail message from among at least one of acceptable, unacceptable, and indeterminate states; and processing the electronic mail message based on the first security condition, wherein processing the electronic mail message includes; rejecting the electronic mail message if the first security condition associated with the electronic mail message reflects the unacceptable state; accepting the electronic mail message if the first security condition associated with the electronic mail message reflects the acceptable state; and if the first security condition associated with the electronic mail message reflects the indeterminate state, monitoring the electronic mail message by; transmitting the electronic mail message based on the address of the electronic mail message; tracking a location of the transmitted electronic mail message; inspecting at least one other electronic, mail message subsequent to transmitting the electronic mail message; updating the stored data to indicate characteristics of the at least one other electronic mail message that has been inspected; recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message based on the updated stored data; and reprocessing the transmitted electronic mail message based on the second security condition, wherein reprocessing the transmitted electronic mail message includes deleting the transmitted electronic mail message if the second security condition reflects the unacceptable state.
-
-
27. Art electronic system comprising:
-
means for inspecting a payload portion of an electronic mail message being communicated and identifying characteristics of the payload portion, the electronic mail message including an address of a recipient; means for comparing the characteristics of the inspected payload portion of the electronic mail message with stored data indicating characteristics of at least one other electronic mail message that has been inspected; means for, based on comparison results, identifying a first security condition for the electronic mail message from among at least one of acceptable, unacceptable, and indeterminate states; and means for processing the electronic mail message based on the first security condition, wherein the means for processing the electronic mail message includes; means for rejecting the electronic mail message if the first security condition associated with the electronic mail message reflects the unacceptable state; means for accepting the electronic mail message if the first security condition associated with the electronic mail message reflects the acceptable state; and means for, if the first security condition associated with the electronic mail message reflects the indeterminate state, monitoring the electronic mail message by; transmitting the electronic mail message based on the address of the electronic mail message; tracking a location of the transmitted electronic mail message; inspecting at least one other electronic mail message subsequent to transmitting the electronic mail message; updating the stored data to indicate characteristics of the at least one other electronic mail message that has been inspected; recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message based on the updated stored data; and reprocessing the transmitted electronic mail message based on the second security condition, wherein reprocessing the transmitted electronic mail message includes deleting the transmitted electronic mail message if the second security condition reflects the unacceptable state.
-
Specification