Reducing unwanted and unsolicited electronic messages by preventing connection hijacking and domain spoofing

US 7,398,315 B2
Filed: 10/10/2003
Issued: 07/08/2008
Est. Priority Date: 03/12/2003
Status: Active Grant

First Claim

Patent Images

1. In a sending computer system that is network connectable to one or more receiving computer systems, the sending computer system being configured to send electronic messages to the receiving computer systems, a method for verifying that responses to a connection initiation sent by the sending computer system originate from a designated receiving computer system, the method comprising:

an act of sending connection initiation data to a designated receiving computer system, the connection initiation data including a purported sending address of the sending computer system;

an act of receiving altered connection establishment data that includes address validation data and at least a portion of non-standard data that is not otherwise included in such a connection establishment, such that the inclusion of the portion of non-standard data substantially decreases the likelihood of providing an appropriate connection response without knowing that the portion of non-standard data is to be provided in the connection response;

an act of verifying that the connection response was received from the designated receiving computer system based on a determination that the connection response included the address validation data and the portion of non-standard data;

an act of generating an appropriate connection response based on the address validation data and the portion of non-standard data, the response including the portion of non-standard data in a form recognized by the verified receiving computer system as an appropriate form; and

an act of sending the appropriate connection response data to the receiving computer system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides for generating inputs that can be provided to a message classification module to facilitate more reliable classification of electronic messages, such as, for example, as unwanted and/or unsolicited. In one embodiment, a sending messaging server provides an appropriate response to address verification data thereby indicating a reduced likelihood of the sending messaging server using a forged network address. In another embodiment, it is determined if a messaging server is authorized to send electronic messages for a domain. In yet another embodiment, electronic message transmission policies adhered to by a domain are identified. In yet a further embodiment, a sending computer system expends computational resources to solve a computational puzzle and includes an answer document in an electronic message. A receiving computer system receives the electronic message and verifies the answer document.

33 Citations

View as Search Results

48 Claims

1. In a sending computer system that is network connectable to one or more receiving computer systems, the sending computer system being configured to send electronic messages to the receiving computer systems, a method for verifying that responses to a connection initiation sent by the sending computer system originate from a designated receiving computer system, the method comprising:
- an act of sending connection initiation data to a designated receiving computer system, the connection initiation data including a purported sending address of the sending computer system;
  
  an act of receiving altered connection establishment data that includes address validation data and at least a portion of non-standard data that is not otherwise included in such a connection establishment, such that the inclusion of the portion of non-standard data substantially decreases the likelihood of providing an appropriate connection response without knowing that the portion of non-standard data is to be provided in the connection response;
  
  an act of verifying that the connection response was received from the designated receiving computer system based on a determination that the connection response included the address validation data and the portion of non-standard data;
  
  an act of generating an appropriate connection response based on the address validation data and the portion of non-standard data, the response including the portion of non-standard data in a form recognized by the verified receiving computer system as an appropriate form; and
  
  an act of sending the appropriate connection response data to the receiving computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 45, 46, 47, 48)
- - 2. The method as recited in claim 1, wherein the act of sending connection initiation data to a receiving computer system comprises an act of sending Transmission Control Protocol connection initiation data.
  - 3. The method as recited in claim 1, wherein the act of sending connection initiation data to a receiving computer system comprises an act of sending an SMTP HELO command or SMTP EHLO command.
  - 4. The method as recited in claim 1, wherein the act of receiving altered connection establishment data that includes address validation data comprises an act of receiving altered connection establishment data wherein the altered connection establishment data is selected from among a request to resend connection initiation data and connection establishment data that has been separated into a plurality of network packets.
  - 5. The method as recited in claim 1, wherein the act of receiving altered connection establishment data that includes address validation data comprises an act of receiving an act of receiving a HELO response command or EHLO response command that includes a random sequence of characters.
  - 6. The method as recited in claim 1, wherein the act of generating an appropriate connection response based on the address validation data comprises an act of generating an appropriate connection response wherein the appropriate connection response is selected from among resending the connection initiation data and sending a network packet with an appropriate acknowledgment sequence number.
  - 7. The method as recited in claim 1, wherein the act of generating an appropriate connection response based on the address validation data comprises an act of including a random sequence of characters in an enhanced NOOP command, the random sequence of characters being received from the receiving computer system in response to the connection initiation data.
  - 8. The method as recited in claim 1, wherein the act of sending the appropriate connection response data to the receiving computer system comprises an act of sending an enhanced NOOP command that includes a random sequence of characters, the random sequence of characters being received from the receiving computer system in response to the connection initiation data.
  - 45. The method of claim 1, wherein the sending computer system includes records indicating support for exchange of non-standard connection establishment data in a DNS record set, the DNS record set indicating the electronic mail policy for a domain of the sending computer system.
  - 46. The method of claim 1, wherein the portion of non-standard data includes a random sequence of characters.
  - 47. The method of claim 1, wherein the portion of non-standard data includes regenerated connection initiation data.
  - 48. The method of claim 1, wherein the portion of non-standard data includes an appropriate acknowledgement sequence number.

9. In a receiving computer system that is network connectable to one or more sending computer systems, the receiving computer system being configured to receive electronic messages from the sending computer systems, a method for the receiving computer system detecting whether a sending computer system is receiving connection establishment responses, the method comprising:
- an act of receiving connection initiation data from a sending computer system, the connection initiation data including a purported sending address of the sending computer system;
  
  an act of altering standard connection establishment data to include address validation data and at least a portion of non-standard data that is not otherwise included in such a connection establishment, such that the inclusion of the portion of non-standard data substantially decreases the likelihood of providing an appropriate connection response without knowing that the portion of non-standard data is to be provided in the connection response; and
  
  an act of sending the altered connection establishment data to the purported sending address, the sending computer system with the purported sending address being configured to verify that the connection response was received from the receiving computer system based on a determination that the connection response included the address validation data and the portion of non-standard data.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 10. The method as recited claim 9, wherein the act of receiving connection initiation data from a sending computer system comprises an act of receiving Transmission Control Protocol connection initiation data.
  - 11. The method as recited claim 9, wherein the act of receiving connection initiation data from a sending computer system comprises an act of receiving an SMTP HELO command or receiving an SMTP EHLO command.
  - 12. The method as recited in claim 9, wherein the act of altering standard connection establishment data to include address validation data comprises an act of altering a standard response to Transmission Control Protocol connection initiation data to request retransmission of the Transmission Control Protocol connection initiation data.
  - 13. The method as recited in claim 9, wherein the act of altering standard connection establishment data to include address validation data comprises an act of separating Transmission Control Protocol connection establishment data into a plurality of network packets.
  - 14. The method as recited in claim 9, wherein the act of altering standard connection establishment data to include address validation data comprises an act of including a random sequence of characters in an SMTP HELO response command or SMTP EHLO response command.
  - 15. The method as recited in claim 9 wherein, the act of sending the altered connection establishment data to the purported sending address comprises an act of sending altered Transmission Control Protocol connection establishment data to a purported Internet Protocol address.
  - 16. The method as recited in claim 9 wherein, the act of sending the altered connection establishment data to the purported sending address comprises an act of sending an SMTP HELO response command or sending an SMTP EHLO response command that includes a random sequence of characters.
  - 17. The method as recited in claim 9, wherein the act of determining if a computer system that corresponds to the purported sending address appropriately responded to the address validation data comprises an act of determining if the purported sending address responded appropriately to altered Transmission Control Protocol connection establishment data.
  - 18. The method as recited in claim 9, wherein the act of determining if a computer system that corresponds to the purported sending address appropriately responded to the address validation data comprises an act of determining if the purported sending address responded appropriately to altered Transmission Control Protocol connection establishment data.
  - 19. The method as recited in claim 9, wherein the act of determining if a computer system that corresponds to the purported sending address appropriately responded to the address validation data comprises an act of determining if the purported sending address responded with an enhanced NOOP command including a random string of characters that was included in the address validation data.
  - 20. The method as recited in claim 9, further comprising:
    - an act of issuing a DNS query for a DNS record set corresponding to the purported sending address, when the purported sending address does not appropriately respond to the address validation data; and
      
      an act of receiving one or more TXT records that include XML instructions indicating whether or not the purported sending address supports the use of address validation data.

21. In a receiving domain that is network connectable to one or more sending domains, the receiving domain including one or more receiving messaging servers configured to receive electronic messages from sending domains, a method for determining if a sending messaging server is authorized to send electronic messages for a sending domain, the method comprising:
- an act of receiving an electronic message purportedly sent from the sending domain, the electronic message including at least a portion of non-standard data that is not otherwise included in such a connection establishment, such that the inclusion of the portion of non-standard data substantially decreases the likelihood of providing an appropriate connection response without knowing that the portion of non-standard data is to be provided in the connection response;
  
  an act of examining a plurality of parameter values of the electronic message including the portion of non-standard data to attempt to verify that the connection response was received from the designated receiving domain based on a determination that the connection response included the address validation data and the portion of non-standard data;
  
  an act of querying a name server for a list of network addresses authorized to send electronic messages for the sending domain;
  
  an act of determining if the actual sending side network address is authorized to send electronic messages for the sending domain based on the query and on the inclusion of the portion of non-standard data in a form recognized by the verified receiving domain as an appropriate form; and
  
  an act of providing results of the determination to an message classification module such that the message classification module can make a more reliable decision as to classifying the received electronic message.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 22. The method as recited in claim 21, wherein the act of receiving an electronic message purportedly sent from the sending side domain comprises an act of receiving an electronic mail message.
  - 23. The method as recited in claim 21, wherein an act of receiving an electronic message purportedly sent from the sending domain comprises an act of receiving an electronic message that does not include a Reverse-Path parameter value.
  - 24. The method as recited in claim 21, wherein an act of examining a plurality of parameter values of the electronic message to attempt to identify an actual sending side network address comprises an act of identifying an Internet Protocol address corresponding to the sending computer system.
  - 25. The method as recited in claim 21, wherein an act of examining a plurality of parameter values of the electronic message to attempt to identify an actual sending side network address comprises an act of examining a plurality of parameter values wherein at least one of the plurality of parameter values is selected from among a first Resent-Sender header value, a first mailbox value in the Resent-From header, a Sender header value, or a first mailbox value in the From header.
  - 26. The method as recited in claim 21, wherein the act of querying a name server for a list of network addresses authorized to send electronic messages for the sending domain comprises an act of querying a Domain Name Services server for a list of network addresses authorized to send electronic messages for the sending domain.
  - 27. The method as recited in claim 26, wherein the act of querying a Domain Name Services server for a list of network addresses authorized to send electronic messages for the sending domain comprises the act of querying a Domain Name Services for a list of Internet Protocol addresses authorized to send electronic mail message for the sending domain.
  - 28. The method as recited in claim 21, further comprising:
    - an act of receiving a list of network addresses that are authorized to send electronic messages for the sending domain.
  - 29. The method as recited in claim 28, wherein an act of receiving a list of network addresses that are authorized to send electronic messages comprises an act of receiving one or more DNS TXT records.
  - 30. The method as recited in claim 29, wherein an act of receiving a list of network addresses that are authorized to send electronic messages comprises an act of receiving one or more DNS TXT records that encode the list of network addresses in XML instructions.
  - 31. The method as recited in claim 30, wherein an act of receiving one or more DNS TXT records that encode the list of network addresses in XML instructions comprises an act of receiving electronic messaging configuration information that spans across a plurality DNS TXT records such that the electronic message configuration information can be concatenated into an XML instance.
  - 32. The method as recited in claim 31, wherein the act of receiving electronic messaging configuration information that spans across a plurality DNS TXT records such that the electronic message configuration information can be concatenated into an XML instance comprises an act of receiving a plurality of DNS TXT records that include ordering data indicating how the XML instructions contained in the DNS TXT records are to be ordered.
  - 33. The method as recited in claim 32, further comprising:
    - an act of concatenating the XML instructions according to the ordering data to generate an XML instance.
  - 34. The method as recited in claim 21, wherein the act of determining if the actual sending side network address is authorized to send electronic messages for the sending domain comprises an act of determining that the actual sending side network address is contained in a received list of authorized network addresses.
  - 35. The method as recited in claim 21, wherein the act of determining if the actual sending side network address is authorized to send electronic messages for the sending domain comprises an act of determining that the actual sending side network address is not contained in a received list of authorized network addresses.
  - 36. The method as recited in claim 21, wherein the act of an act of providing results of the determination to an message classification module comprises an act of indicating to the message classification module that the actual sending side network address is authorized to send electronic messages for the sending domain.
  - 37. The method as recited in claim 21, wherein the act of an act of providing results of the determination to an message classification module comprises an act of indicating to the message classification module that the actual sending side network address is not authorized to send electronic messages for the sending domain.

38. A computer program product for use in a sending computer system that is network connectable to one or more receiving computer systems, the sending computer system being configured to send electronic messages to the receiving computer systems, the computer program product for implementing a method for verifying that responses to a connection initiation sent by the sending computer system originate from a designated receiving computer system, the computer program product comprising one or more computer-readable media having stored thereon computer executable instructions that, when executed by a processor, cause the sending computer system to perform the following:
- send connection initiation data to a designated receiving computer system, the connection initiation data including a purported sending address of the sending computer system;
  
  receive altered connection establishment data that includes address validation data and at least a portion of non-standard data that is not otherwise included in such a connection establishment, such that the inclusion of the portion of non-standard data substantially decreases the likelihood of providing an appropriate connection response without knowing that the portion of non-standard data is to be provided in the connection response;
  
  verify that the connection response was received from the designated receiving computer system based on a determination that the connection response included the address validation data and the portion of non-standard data;
  
  generate an appropriate connection response based on the address validation data and the portion of non-standard data, the response including the portion of non-standard data in a form recognized by the verified receiving computer system as an appropriate form; and
  
  send the appropriate connection response data to the receiving computer system.
- View Dependent Claims (39, 40)
- - 39. The computer program product as recited in claim 38, wherein computer-executable instructions that, when executed by a processor, cause the sending computer system to receive altered connection establishment data that includes address validation data comprise computer-executable instructions that, when executed by a processor, cause the sending computer system to receive an SMTP HELO command or SMTP EHLO command that includes a random sequence of characters.
  - 40. The computer program product as recited in claim 38, wherein computer-executable instructions that, when executed by a processor, cause the sending computer system to send the appropriate connection response data to the receiving computer system comprise computer-executable instructions that, when executed by a processor, cause the sending computer system to send an enhanced SMTP NOOP command including a random sequence of characters that was included in the received address validation data.

41. A computer program product for use in a receiving computer system that is network connectable to one or more sending computer systems, the receiving computer system being configured to receive electronic messages from the sending computer systems, the computer program product for implementing a method for the receiving computer system detecting whether a sending computer system is receiving connection establishment responses, the computer program product comprising one or more computer-readable media having stored thereon computer executable instructions that, when executed by a processor, cause the receiving computer system to perform the following:
- receive connection initiation data from a sending computer system, the connection initiation data including a purported sending address of the sending computer system;
  
  alter standard connection establishment data to include address validation data and at least a portion of non-standard data that is not otherwise included in such a connection establishment, such that the inclusion of the portion of non-standard data substantially decreases the likelihood of providing an appropriate connection response without knowing that the portion of non-standard data is to be provided in the connection response; and
  
  send the altered connection establishment data to the purported sending address, the sending computer system with the purported sending address being configured to verify that the connection response was received from the receiving computer system based on a determination that the connection response included the address validation data and the portion of non-standard data.
- View Dependent Claims (42)
- - 42. The computer program product as recited in claim 41, wherein computer-executable instructions that, when executed by a processor, cause the receiving computer system to alter standard connection establishment data to include address validation data comprises computer-executable instructions that, when executed by a processor, cause the receiving computer system to include a random sequence of characters in an SMTP HELO response command or SMTP EHLO response command.

43. A computer program product for use in a receiving domain that is network connectable to one or more sending domains, the receiving domain including one or more receiving messaging servers configured to receive electronic messages from sending domains, the computer program product for implementing a method for determining if a sending messaging server is authorized to send electronic messages for a sending domain, the computer program product comprising one or more computer-readable media having stored thereon computer executable instructions that, when executed by a processor, cause the receiving domain to perform the following:
- receive an electronic message purportedly sent from the sending domain, the electronic message including at least a portion of non-standard data that is not otherwise included in such a connection establishment, such that the inclusion of the portion of non-standard data substantially decreases the likelihood of providing an appropriate connection response without knowing that the portion of non-standard data is to be provided in the connection response;
  
  examine a plurality of parameter values of the electronic message including the portion of non-standard data to attempt to verify that the connection response was received from the designated receiving domain based on a determination that the connection response included the address validation data and the portion of non-standard data;
  
  query a name server for a list of network addresses authorized to send electronic messages for the sending domain;
  
  determine if the actual sending side network address is authorized to send electronic messages for the sending domain based on the query and on the inclusion of the portion of non-standard data in a form recognized by the verified receiving domain as an appropriate form; and
  
  provide results of the determination to an message classification module such that the message classification module can make a more reliable decision as to classifying the received electronic message.
- View Dependent Claims (44)
- - 44. The computer program product as recited in claim 43, wherein computer executable instructions that, when executed by a processor, cause the receiving domain to examine a plurality of parameter values of the electronic message to attempt to identify an actual sending side network address comprise computer executable instructions that, when executed by a processor, cause the receiving domain to examine a plurality of parameter values wherein at least one of the plurality of parameter values is selected from among a first Resent-Sender header value, a first mailbox value in the Resent-From header, a Sender header value, or a first mailbox value in the From header.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Workman Nydegger PC
Inventors
Rounthwaite, Robert L., Goodman, Joshua T., Williams, Roy, Ahmed, Khaja E., Katz, Harry Simon, Atkinson, Robert George, Lyon, James M.
Primary Examiner(s)
VU, VIET DUY

Application Number

US10/684,020
Publication Number

US 20040181571A1
Time in Patent Office

1,733 Days
Field of Search

709/206, 709/217, 709/219, 709/223, 709/225, 709/227, 709/237, 709/204, 709/224, 709/229
US Class Current

709/227
CPC Class Codes

G06Q 10/107 Computer-aided management o...

H04L 51/212 using filtering or selectiv...

Reducing unwanted and unsolicited electronic messages by preventing connection hijacking and domain spoofing

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

Reducing unwanted and unsolicited electronic messages by preventing connection hijacking and domain spoofing

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links