Electronic message source reputation information system
First Claim
1. A network traffic filtering system for filtering a flow of electronic messages across a computer network, the system comprising:
- one or more computing devices;
an engine associated with a centralized server installed on the one or more computing devices, the engine executing instructions stored in a memory of the one or more computing devices, the execution of the instructions configured to;
generate reputation data and new reputation data for sources of messages by evaluating messages after being sent from a sending server and before being received by a targeted receiving server;
generate a source reputation profile for a source of a message by evaluating reputation data associated with that source of that message, wherein this evaluation comprises generating a reputation score for the source, the reputation score indicating a likelihood that electronic messages from the source are wanted or unwanted, andupdate the source reputation profile by evaluating new reputation data associated with the source, wherein this evaluation comprises generating an updated reputation score for the source, and wherein an updated reputation score different than the reputation score indicates a change in the likelihood that electronic messages from the source are unwanted;
a profile database associated with the engine for storing the reputation data, the reputation score, the updated reputation score, and the source reputation profile; and
the centralized server connected to the profile database and external to the receiving server and a terminal connected thereto for receiving incoming messages from the receiving server, and the centralized server configured to provide the source reputation profile to an external local system including the receiving mail server, the source reputation profile for filtering incoming electronic messages received by the receiving mail server.
3 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are filtering systems and methods that employ an electronic message source reputation system. The source reputation system maintains a pool of source Internet Protocol (IP) address information, in the form of a Real-Time Threat Identification Network (“RTIN”) database, which can provide the reputation of source IP addresses, which can be used by customers for filtering network traffic. The source reputation system provides for multiple avenues of access to the source reputation information. Examples of such avenues can include Domain Name Server (DNS)-type queries, servicing routers with router-table data, or other avenues.
136 Citations
38 Claims
-
1. A network traffic filtering system for filtering a flow of electronic messages across a computer network, the system comprising:
-
one or more computing devices; an engine associated with a centralized server installed on the one or more computing devices, the engine executing instructions stored in a memory of the one or more computing devices, the execution of the instructions configured to; generate reputation data and new reputation data for sources of messages by evaluating messages after being sent from a sending server and before being received by a targeted receiving server; generate a source reputation profile for a source of a message by evaluating reputation data associated with that source of that message, wherein this evaluation comprises generating a reputation score for the source, the reputation score indicating a likelihood that electronic messages from the source are wanted or unwanted, and update the source reputation profile by evaluating new reputation data associated with the source, wherein this evaluation comprises generating an updated reputation score for the source, and wherein an updated reputation score different than the reputation score indicates a change in the likelihood that electronic messages from the source are unwanted; a profile database associated with the engine for storing the reputation data, the reputation score, the updated reputation score, and the source reputation profile; and the centralized server connected to the profile database and external to the receiving server and a terminal connected thereto for receiving incoming messages from the receiving server, and the centralized server configured to provide the source reputation profile to an external local system including the receiving mail server, the source reputation profile for filtering incoming electronic messages received by the receiving mail server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method of filtering a flow of electronic messages across a computer network, the method comprising:
-
generating with an engine in a centralized server reputation data for sources of the electronic messages, the reputation data generated by evaluating messages after being sent from a sending server and before being received by a receiving server, the centralized server external to the receiving server and terminals connected thereto for receiving incoming messages from the receiving server; evaluating the generated reputation data; generating a reputation score for a source of a message based on the evaluation of reputation data for that source, the reputation score indicating a likelihood that electronic messages from the source are wanted or unwanted; providing a source reputation profile based on the reputation score from the centralized server to an external local system including the receiving mail server for filtering incoming electronic messages received by the receiving mail server; generating with the engine in the centralized server new reputation data for the source of the message, the new reputation data generated by further evaluation of messages being sent from a sending server at the source and before being received by the targeted receiving server; evaluating the generated new reputation data; generating an updated reputation score for the source, wherein an updated reputation score different than the reputation score indicates a change in the likelihood that electronic messages from the source are unwanted; updating the source reputation profile based on the updated reputation score; and providing the updated source reputation profile from the centralized server to the external local system. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A computer-readable medium comprising program code for filtering a flow of electronic messages across a computer network, program code executable by a computer to perform the steps of:
-
generating with an engine in a centralized server reputation data for sources of the electronic messages, the reputation data generated by evaluating messages after being sent from a sending server and before being received by a receiving server, the centralized server external to the receiving server and terminals connected thereto for receiving incoming messages from the receiving server; evaluating the generated reputation data; generating a reputation score for a source of a message based on the evaluation of reputation data for that source, the reputation score indicating a likelihood that electronic messages from the source are wanted or unwanted; providing a source reputation profile based on the reputation score from the centralized server to an external local system including the receiving mail server for filtering incoming electronic messages received by the receiving mail server; generating with the engine in the centralized server new reputation data for the source of the message, the new reputation data generated by further evaluation of messages being sent from a sending server at the source and before being received by the targeted receiving server; evaluating the generated new reputation data; generating an updated reputation score for the source, wherein an updated reputation score different than the reputation score indicates a change in the likelihood that electronic messages from the source are unwanted; updating the source reputation profile based on the updated reputation score; and providing the updated source reputation profile from the centralized server to the external local system. - View Dependent Claims (36, 37, 38)
-
Specification