System for reclassification of electronic messages in a spam filtering system
First Claim
Patent Images
1. A computer implemented method for filtering emails on a server system having one or more processors and memory storing one or more programs for execution by the one or more processors, comprising:
- receiving an email to a recipient from a sender;
identifying a spam probability of the email based at least in part on historical communication activity data between the recipient and the sender, wherein the historical communication activity data includes information from an email application and one or more non-email applications, the one or more non-email applications including at least one of;
an instant messaging application, a file-sharing application, and a collaboration application;
wherein identifying the spam probability further comprises;
tracking network characteristics for the email, the tracked network characteristics including one or more of;
network traffic volume per unit of time and network traffic burstiness, and comparing tracked values of the tracked network characteristics for the email to known values for email from trusted or untrusted sources; and
classifying the email according the identified spam probability.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for indicating probability of spam for email comprises tracking network traffic characteristics for the email, and comparing the tracked characteristics for the email to characteristics for email from trusted or known spam sources.
162 Citations
18 Claims
-
1. A computer implemented method for filtering emails on a server system having one or more processors and memory storing one or more programs for execution by the one or more processors, comprising:
-
receiving an email to a recipient from a sender; identifying a spam probability of the email based at least in part on historical communication activity data between the recipient and the sender, wherein the historical communication activity data includes information from an email application and one or more non-email applications, the one or more non-email applications including at least one of;
an instant messaging application, a file-sharing application, and a collaboration application;
wherein identifying the spam probability further comprises;
tracking network characteristics for the email, the tracked network characteristics including one or more of;
network traffic volume per unit of time and network traffic burstiness, and comparing tracked values of the tracked network characteristics for the email to known values for email from trusted or untrusted sources; andclassifying the email according the identified spam probability. - View Dependent Claims (2)
-
-
3. A computer implemented method for filtering emails on a server system having one or more processors and memory storing one or more programs for execution by the one or more processors, comprising:
-
receiving an email to a recipient from a sender; identifying a spam probability of the email based at least in part on historical communication activity data between the recipient and the sender, wherein the historical communication activity data includes information from an email application and one or more non-email applications, the one or more non-email applications including at least one of;
an instant messaging application, a file-sharing application, and a collaboration application;wherein the identifying the spam probability further comprises; identifying a spam probability of the email based at least in part on statistical information relating to previous interactions between a respective recipient and the sender, and where the information relating to previous interactions includes two or more of the following;
types of interaction, media of interaction, and frequency of interaction; andclassifying the email according the identified spam probability. - View Dependent Claims (4, 5)
-
-
6. A computer implemented method for filtering emails on a server system having one or more processors and memory storing one or more programs for execution by the one or more processors, comprising:
-
receiving an email to a recipient from a sender; identifying a spam probability of the email based at least in part on historical communication activity data between the recipient and the sender, wherein the historical communication activity data includes information from an email application and one or more non-email applications, the one or more non-email applications including at least one of;
an instant messaging application, a file-sharing application, and a collaboration application;wherein the identifying the spam probability further comprises; tracking network characteristics for the email, the tracked network characteristics including one or more of;
network traffic burstiness, network traffic volume per unit of time, number of recipients, number of purported senders, and mail recipient connection type; andcombining tracked values associated with more than one tracked network characteristic to provide a single combined tracked rating value; and comparing the tracked values for the email to known values for email from trusted or untrusted sources; and classifying the email according the identified spam probability.
-
-
7. A system for filtering emails, comprising:
-
at least one processor; and memory storing at least one program for execution by the at least one processor; the at least one program including instructions for; receiving an email to a recipient from a sender; identifying a spam probability of the email based at least in part on historical communication activity data between the recipient and the sender, wherein the historical communication activity data includes information from an email application and one or more non-email applications, the one or more non-email applications including at least one of;
an instant messaging application, a file-sharing application, and a collaboration application;
wherein identifying the spam probability further comprises;
tracking network characteristics for the email, the tracked network characteristics include one or more of;
network traffic volume per unit of time and network traffic burstiness, and comparing tracked values of the tracked network characteristics for the email to known values for email from trusted or untrusted sources; andclassifying the email according the identified spam probability. - View Dependent Claims (8)
-
-
9. A system for filtering emails, comprising:
-
at least one processor; and memory storing at least one program for execution by the at least one processor; the at least one program including instructions for; receiving an email to a recipient from a sender; identifying a spam probability of the email based at least in part on historical communication activity data between the recipient and the sender, wherein the historical communication activity data includes information from an email application and one or more non-email applications, the one or more non-email applications including at least one of;
an instant messaging application, a file-sharing application, and a collaboration application;
wherein identifying the spam probability further comprises;
tracking network characteristics for the email, the tracked network characteristics include one or more of;
network traffic volume per unit of time and network traffic burstiness, and comparing tracked values of the tracked network characteristics for the email to known values for email from trusted or untrusted sources;wherein the identifying the spam probability further comprises; identifying a spam probability of the email based at least in part on statistical information relating to previous interactions between a respective recipient and the sender, and where the information relating to previous interactions includes two or more of the following;
types of interaction, media of interaction, and frequency of interaction; andclassifying the email according the identified spam probability. - View Dependent Claims (10, 11)
-
-
12. A system for filtering emails, comprising:
-
at least one processor; and memory storing at least one program for execution by the at least one processor; the at least one program including instructions for; receiving an email to a recipient from a sender; identifying a spam probability of the email based at least in part on historical communication activity data between the recipient and the sender, wherein the historical communication activity data includes information from an email application and one or more non-email applications, the one or more non-email applications including at least one of;
an instant messaging application, a file-sharing application, and a collaboration application;
wherein identifying the spam probability further comprises;
tracking network characteristics for the email, the tracked network characteristics include one or more of;
network traffic volume per unit of time and network traffic burstiness, and comparing tracked values of the tracked network characteristics for the email to known values for email from trusted or untrusted sources;wherein the identifying the spam probability further comprises; tracking network characteristics for the email, the tracked network characteristics including one or more of;
network traffic burstiness, network traffic volume per unit of time, number of recipients, number of purported senders, and mail recipient connection type; andcombining tracked values associated with more than one tracked network characteristic to provide a single combined tracked rating value; and comparing the tracked values for the email to known values for email from trusted or untrusted sources; and classifying the email according the identified spam probability.
-
-
13. A computer readable storage medium storing one or more programs for execution by a computer, the one or more programs including instructions for:
-
receiving an email to a recipient from a sender; identifying a spam probability of the email based at least in part on historical communication activity data between the recipient and the sender, wherein the historical communication activity data includes information from an email application and one or more non-email applications, the one or more non-email applications including at least one of;
an instant messaging application, a file-sharing application, and a collaboration application;
wherein identifying the spam probability further comprises;
tracking network characteristics for the email, the tracked network characteristics including one or more of;
network traffic volume per unit of time and network traffic burstiness, and comparing tracked values of the tracked network characteristics for the email to known values for email from trusted or untrusted sources;wherein the identifying the spam probability further comprises; tracking network characteristics for the email, the tracked network characteristics including one or more of;
network traffic burstiness, network traffic volume per unit of time, number of recipients, number of purported senders, and mail recipient connection type; andcombining tracked values associated with more than one tracked network characteristic to provide a single combined tracked rating value; and comparing the tracked values for the email to known values for email from trusted or untrusted sources; and classifying the email according the identified spam probability.
-
-
14. A computer readable storage medium storing one or more programs for execution by a computer, the one or more programs including instructions for:
-
receiving an email to a recipient from a sender; identifying a spam probability of the email based at least in part on historical communication activity data between the recipient and the sender, wherein the historical communication activity data includes information from an email application and one or more non-email applications, the one or more non-email applications including at least one of;
an instant messaging application, a file-sharing application, and a collaboration application;
wherein identifying the spam probability further comprises;
tracking network characteristics for the email, the tracked network characteristics including one or more of;
network traffic volume per unit of time and network traffic burstiness, and comparing tracked values of the tracked network characteristics for the email to known values for email from trusted or untrusted sources; andclassifying the email according the identified spam probability. - View Dependent Claims (15)
-
-
16. A computer readable storage medium storing one or more programs for execution by a computer, the one or more programs including instructions for:
-
receiving an email to a recipient from a sender; identifying a spam probability of the email based at least in part on historical communication activity data between the recipient and the sender, wherein the historical communication activity data includes information from an email application and one or more non-email applications, the one or more non-email applications including at least one of;
an instant messaging application, a file-sharing application, and a collaboration application;
wherein identifying the spam probability further comprises;
tracking network characteristics for the email, the tracked network characteristics including one or more of;
network traffic volume per unit of time and network traffic burstiness, and comparing tracked values of the tracked network characteristics for the email to known values for email from trusted or untrusted sources;wherein the identifying the spam probability further comprises; identifying a spam probability of the email based at least in part on statistical information relating to previous interactions between a respective recipient and the sender, and where the information relating to previous interactions includes two or more of the following;
types of interaction, media of interaction, and frequency of interaction; andclassifying the email according the identified spam probability. - View Dependent Claims (17, 18)
-
Specification