SPAM report generation system and method

US 7,647,376 B1
Filed: 02/05/2002
Issued: 01/12/2010
Est. Priority Date: 07/26/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for generating a report on an unsolicited electronic message, comprising:

receiving an electronic mail message;

determining whether the electronic message is an unsolicited message;

if the message is an unsolicited message, examining the message to identify a network address relating to the message, identifying an authority hosting the network address, generating a report containing the identified network address and hosting authority, and transmitting the report to a central managed service provider, where the central managed service provider collects threat information from one or more organizations and reports to the hosting authority once a predetermined amount of threat information has been collected;

wherein identifying the hosting authority comprises identifying an owner of a network domain;

wherein reporting to the hosting authority includes the central managed service provider transmitting a hosting authority message including the collected threat information to the hosting authority;

wherein the hosting authority message that the central managed service provider transmits to the hosting authority includes a hosting authority report that includes a content of the message, a date and time the message arrived on a recipient'"'"'s server, an IP address and name reported during an SMTP connection associated with the message, and a full WHOIS report used to track down the hosting authority.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of the present invention generally comprises receiving an electronic mail message and determining whether the electronic message is an unsolicited message. If the message is an unsolicited message, it is examined to identify a network address relating to the message and an authority hosting the network address. A report is then generated containing the identified network address and the hosting authority.

Citations

31 Claims

1. A method for generating a report on an unsolicited electronic message, comprising:
- receiving an electronic mail message;
  
  determining whether the electronic message is an unsolicited message;
  
  if the message is an unsolicited message, examining the message to identify a network address relating to the message, identifying an authority hosting the network address, generating a report containing the identified network address and hosting authority, and transmitting the report to a central managed service provider, where the central managed service provider collects threat information from one or more organizations and reports to the hosting authority once a predetermined amount of threat information has been collected;
  
  wherein identifying the hosting authority comprises identifying an owner of a network domain;
  
  wherein reporting to the hosting authority includes the central managed service provider transmitting a hosting authority message including the collected threat information to the hosting authority;
  
  wherein the hosting authority message that the central managed service provider transmits to the hosting authority includes a hosting authority report that includes a content of the message, a date and time the message arrived on a recipient'"'"'s server, an IP address and name reported during an SMTP connection associated with the message, and a full WHOIS report used to track down the hosting authority.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 26, 27, 28, 29, 30, 31)
- - 2. The method of claim 1 further comprising transmitting the generated report to the identified hosting authority.
  - 3. The method of claim 1 wherein examining the message to identify a network address comprises identifying a URL.
  - 4. The method of claim 3 wherein identifying a URL comprises comparing text within the electronic message to a database of words to identify the URL.
  - 5. The method of claim 3 further comprising comparing the identified URL to a database of legitimate URLs.
  - 6. The method of claim 5 further comprising updating the database based on electronic messages received.
  - 7. The method of claim 3 wherein identifying the hosting authority comprises utilizing an Internet tool to locate a web server hosting the URL.
  - 8. The method of claim 7 wherein utilizing an Internet tool comprises utilizing WHOIS.
  - 9. The method of claim 1 wherein identifying the hosting authority comprises identifying an Internet service provider.
  - 10. The method of claim 1 wherein the central managed service provider is configured to forward the report to the identified hosting authority.
  - 11. The method of claim 1 further comprising at least temporarily saving the report and transmitting the report to the identified hosting authority at the end of a specified period.
  - 26. The method of claim 1 wherein identifying the hosting authority further comprises identifying an address, an administrative contact name, an administrative contact telephone number, and a name of at least one server associated with the hosting authority.
  - 27. The method of claim 1 wherein identifying the hosting authority further comprises identifying an organization to which the network domain is registered.
  - 28. The method of claim 27 wherein the report is utilized to generate an electronic mail message to be sent to the identified organization.
  - 29. The method of claim 4, wherein identifying the URL further comprises examining text surrounding the URL to determine a likelihood that the URL is an address of a web site associated with unsolicited messages.
  - 30. The method of claim 1 wherein the report includes disclaimer information and user definable text.
  - 31. The method of claim 1, wherein the hosting authority message that the central managed service provider transmits to the hosting authority is signed to verify the central managed service provider as a source of the hosting authority message.

12. A system, the system comprising:
- a detector that detects a network address within an electronic message identified as an unsolicited message;
  
  a host identifier that identifies an authority hosting the network address;
  
  a report generator that generates a report containing the identified network address and hosting authority; and
  
  a tangible computer readable storage medium that at least temporarily stores the identified network address and hosting authority;
  
  wherein identifying the hosting authority comprises identifying an owner of a network domain;
  
  wherein the system is operable such that the report is transmitted to a central managed service provider, where the central managed service provider collects threat information from one or more organizations and reports to the hosting authority once a predetermined amount of threat information has been collected;
  
  wherein reporting to the hosting authority includes the central managed service provider transmitting a hosting authority message including the collected threat information to the hosting authority;
  
  wherein the system is operable such that the hosting authority message that the central managed service provider transmits to the hosting authority includes a hosting authority report that includes a content of the message, a date and time the message arrived on a recipient'"'"'s server, an IP address and name reported during an SMTP connection associated with the message, and a full WHOIS report used to track down the hosting authority.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The system of claim 12 further comprising a detector operable to detect unsolicited messages.
  - 14. The system of claim 12 wherein the network address is a URL.
  - 15. The system of claim 12 wherein the hosting authority is an Internet service provider.
  - 16. The system of claim 12 further comprising a processor operable to transmit the generated report.
  - 17. The system of claim 16 wherein the processor is configured to transmit the report to the identified hosting authority.
  - 18. The system of claim 16 wherein the processor is configured to transmit the report to the central managed service provider.
  - 19. The system of claim 12 further comprising a database containing search terms used to identify the network address within text of the electronic message.
  - 20. The system of claim 12 further comprising a database containing a list of trusted network addresses.

21. A computer product embodied on a tangible computer readable storage medium, comprising:
- code that receives an electronic mail message;
  
  code that determines whether the electronic message is an unsolicited message;
  
  code that examines the message to identify a network address relating to the message if the message is an unsolicited message;
  
  code that identifies an authority hosting the network address;
  
  code that generates a report containing the identified network address; and
  
  a computer readable medium that stores said computer codes;
  
  wherein identifying the hosting authority comprises identifying an owner of a network domain;
  
  wherein the computer product is operable such that the report is transmitted to a central managed service provider, where the central managed service provider collects threat information from one or more organizations and reports to the hosting authority once a predetermined amount of threat information has been collected;
  
  wherein reporting to the hosting authority includes the central managed service provider transmitting a hosting authority message including the collected threat information to the hosting authority;
  
  wherein the computer program product is operable such that the hosting authority message that the central managed service provider transmits to the hosting authority includes a hosting authority report that includes a content of the message, a date and time the message arrived on a recipient'"'"'s server, an IP address and name reported during an SMTP connection associated with the message, and a full WHOIS report used to track down the hosting authority.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The computer product of claim 21 wherein the computer readable medium includes at least one of CD-ROM, floppy disk, tape, flash memory, system memory, and hard drive.
  - 23. The computer product of claim 21 further comprising code that transmits the generated report to the identified hosting authority.
  - 24. The computer product of claim 21 further comprising code that compares text within the electronic message to a database of words to locate the network address within the text.
  - 25. The computer product of claim 21 further comprising code that compares the identified network address with trusted network addresses.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Jagger, Luke D., Rothwell, Anton C., Dennis, William R.
Primary Examiner(s)
Neurauter, Jr.; George C
Assistant Examiner(s)
BILGRAMI, ASGHAR H

Application Number

US10/072,708
Time in Patent Office

2,898 Days
Field of Search

709/206, 709/207
US Class Current

709/206
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 61/30   Managing network names, e.g...

H04L 61/302   Administrative registration...

SPAM report generation system and method

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

SPAM report generation system and method

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links