×

Public/private/invitation email address based secure anti-spam email protocol

  • US 7,617,284 B2
  • Filed: 07/22/2005
  • Issued: 11/10/2009
  • Est. Priority Date: 07/22/2005
  • Status: Active Grant
First Claim
Patent Images

1. A method named Public/Private/Invitation Email Address Based Secure Anti-Spam Email Protocol (SASEP), for solving Spam problem and ensuring secure communication in a way acceptable to existing users of email, wherein it is of a special importance to insure technical characteristics as follows, a possibility for existing email users to send and receive email as defined by SASEP using already existing desktop programs and Internet portals which they already use for sending and receiving email and wherein all required after registrations is that an email address named a private-email-address has to be in Bcc:

  • field of all outgoing email messages and that an email address named a public-email-address has to be used as user'"'"'s main or reply email address, wherein automation of listed in the previous point is all that is required by vendors if they want their products to natively support SASEP, wherein once they supported SASEP their users can use SASEP even if they do not have any knowledge about it without need for any training and without need to spend additional time for sending and receiving email after migration on SASEP, wherein users can continue to use email for whatever they were using it before migration on SASEP, wherein after users have migrated on SASEP it is not possible any more to use the email address of one of them to send Spam to another one, wherein after migration on SASEP a communication with other users that have not migrated on SASEP yet is still supported, wherein for the case from the previous point where no method can stop Spam completely SASEP can reduce the amount of Spam from such sources, wherein with increase of the number of users that migrated on SASEP an efficiency of methods for sending Spam decreases and consequently an amount of Spam in global decreases as well, and wherein the method SASEP is defined with the following steps of which it is assembled and wherein these steps insure all previously listed technical characteristics if and only if they are used altogether, wherein the method comprising the steps for;

    a) registering and central managing to ensure the registration on SASEP server to users with standard desktop or web email client, standard outgoing email (SMTP) server and standard incoming email (POP3, IMAP or HTTP) server, wherein for each user it is ensured as follows;

    one email address which a user can use as regular email address or alias, named the public-email-address;

    one email address which has to be in Bcc;

    field of all outgoing email messages, named the private-email-address, which user can replace at any time with another private-email-address; and

    an arbitrary number of email addresses for registration on web sites, named invitation-email-addresses, which allow the user to obtain at any time any number of the invitation-email-addresses;

    b) managing of lists which internally uses all following lists for each user;

    a messagelist containing an unique message identifiers of all email messages sent by the user, wherein the unique message identifier can be a unique natural number;

    a saseplist containing email addresses of senders authorized to send email to a user, wherein senders use SASEP;

    a smtplist containing email addresses of senders authorized to send email to the user, wherein senders do not use SASEP and use only SMTP;

    a compromisedlist containing email addresses of senders authorized to send email to a user, wherein senders that use only SMTP are compromised by at least one Spam email message, where a faked email address from From;

    field is their email address and not the email address of a spammer who sent such a message;

    a blacklist containing email addresses of senders whose email messages will be blocked; and

    a invitationlist containing all invitation-email-addresses assigned to this user;

    c) processing emails received on the invitation-email-addresses, which for each email message received on the invitation-email-addresses ensures acceptance of the received email message;

    d) processing emails received on the private-email-address, which for each email message received on the private-email-address ensures implementation of all the following steps;

    when the private-email-address is in Bcc;

    field, the unique message identifier generated by SMTP server is added to the messagelist, and the email addresses of all recipients that are not already on some list are added to the smtplist;

    when the private-email-address is in To;

    field and the word Spam in Subject;

    field, if a sender of a forwarded email is on the smtplist, its email address is moved to the compromisedlist, otherwise if a sender of a forwarded email is not on any list, its email address is added to the blacklist; and

    when the private-email-address is in To;

    field, other commands sent by the user in Subject;

    field are processed as well, wherein these commands can be used to extend SASEP;

    e) processing emails received on the public-email-address, which for each email message received on the public-email-address ensures implementation of all the following steps;

    when a sender is on the saseplist, the step for processing emails received from the senders that are on the saseplist, is called, to perform a check if that sender sent the received email, if it is so, the received email message is accepted, otherwise the received email message is deleted;

    when the sender is on the smtplist or the compromisedlist, the step for migration on the saseplist, is called, to perform a check if this sender can be moved to the saseplist, and if it can be moved, the sender'"'"'s email address is moved to the saseplist and the received email is processed in the same way as in the previous case, otherwise the received email is processed as follows;

    when the sender is on the smtplist, and the step for migration on the saseplist, concludes that the sender'"'"'s email address can not be moved to the saseplist, the received email message is accepted, with an option to add warning to the text from Subject;

    field or to perform some other action if required by the user;

    when the sender is on the compromisedlist, and the step for migration on the saseplist, concludes that the sender'"'"'s email address can not be moved to the saseplist, it calls the step for processing emails received from the senders that are on the compromisedlist, which sends automatic response to the sender requesting confirmation that the sender sent the received email which is required for its acceptance, and has option to perform some other action if required by the user;

    when the sender is on the blacklist, the received email is deleted; and

    when the sender is not on any list, the step for processing emails received from unknown senders, is called, which calls the step for generation of anti-spam challenge, and sends automatic response with anti-spam challenge to the sender requesting the results to accept the received email, and has the option to perform some other action if required by the user;

    f) processing emails received from senders that are on the saseplist, which ensures implementation of all the following steps;

    the user'"'"'s SASEP server tries to establish communication with the sender'"'"'s SASEP server, using as arguments a unique message identifier of the received email and unique authorization identifier generated by the user'"'"'s SASEP server;

    if a positive response is received within predefined time, the sender'"'"'s SASEP server is informed that the received email was accepted; and

    otherwise, the email is deleted while the sender'"'"'s SASEP server'"'"'s informs the sender to re-send email;

    g) migrating on the saseplist, which ensures implementation of all the following steps;

    the user'"'"'s SASEP server tries to establish communication with the sender'"'"'s SASEP server using as arguments a unique message identifier of received email and unique authorization identifier generated by the user'"'"'s SASEP server;

    if a positive response is received within the predefined time, the sender'"'"'s SASEP server is informed that the sender'"'"'s email address was moved to the saseplist;

    the sender'"'"'s SASEP server stores authorization identifier and name of the user'"'"'s SASEP server if later the sender requests undoing movement to the saseplist; and

    the user'"'"'s SASEP server also stores required information in order to be able to process such a request;

    h) processing emails received from senders that are on the compromisedlist, which ensures implementation of all the following steps;

    the user'"'"'s SASEP server sends email message to the sender'"'"'s email address requesting only reply to this email wherein Subject;

    field contains a unique message identifier of the received email and unique authorization identifier generated by the user'"'"'s SASEP server; and

    if a positive response is received within the predefined time, the received email is accepted, otherwise the received email is deleted;

    i) processing emails received from unknown senders, which ensures implementation of all the following steps;

    the user'"'"'s SASEP server tries to establish communication with the sender'"'"'s SASEP server using as arguments a unique message identifier of the received email, unique authorization identifier generated by the user'"'"'s SASEP server and anti-spam challenge request generated by the step for generation of anti-spam challenge which also used the step for assessment of probability that a received email message is Spam during generation of anti-spam challenge;

    if a positive response is received within the predefined time, the received email is accepted;

    if SASEP servers cannot establish communication, the user'"'"'s SASEP server sends email message to the sender'"'"'s email address using the same arguments, wherein Subject;

    field contains a unique message identifier of the received email and unique authorization identifier generated by the user'"'"'s SASEP server;

    if a positive response is now received within the predefined time, the received email is accepted;

    otherwise the received email is deleted;

    j) generation of anti-spam challenge, which as anti-spam challenge ensures at least one of the following;

    computational challenge, which can be a product of two prime numbers where those two prime numbers are a result;

    human challenge, which can be an image containing a word which needs to be entered in a requested field, or link to some web page where a person has to perform a certain task;

    micro-payment request; and

    any combination of the two or more previously listed challenges, wherein only a correct response on one of them is required;

    k) assessment of probability that a received email message is Spam, which ensures computation of probability that a received email message is Spam using already existing methods for this purpose, so that it can be called from the step for generation of anti-spam challenge with a purpose to assign more demanding anti-spam challenges to these received email messages wherein it is higher probability that received email message is Spam;

    l) conversion of email addresses into signatures, which ensures conversion of email addresses into signatures of email addresses or encrypted email addresses, with purpose to disable conversion from email addresses'"'"' signatures or encrypted email addresses into the original email address, so that it can be called from the step for management of the lists in order to have email addresses'"'"' signatures or encrypted email addresses on the lists, and not a original email addresses;

    m) automation of using SMTP for sending email messages according to SASEP, which in simpler implementation ensures that the private-email-address can be automatically added to Bcc;

    field of all outgoing email messages by an advanced client application or an advanced SMTP server, and in complicated but more advanced implementation ensures that for all outgoing email messages to the private-email-address only the signatures of recipients'"'"' email addresses and message identifier are sent;

    n) communicating with other SASEP servers, which ensures communication between SASEP servers using HTTP/SSL (HTTPS) protocol; and

    o) computation of anti-spam challenges, which ensures that email client or SASEP server can perform computational task of challenge in a background by using a predefined percentage of processor power, in order to automate the computation task and decrease the need for interaction by a user.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×