Prevention of outgoing spam

US 7,711,779 B2
Filed: 06/20/2003
Issued: 05/04/2010
Est. Priority Date: 06/20/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A system that facilitates mitigation of outgoing spam, comprising:

a processor;

a memory communicatively coupled to the processor, the memory having stored therein computer-executable instructions to implement the system, including;

a detection component employed by an outgoing message server that detects a potential spammer in connection with at least one outgoing message sent by an entity, the detection of a potential spammer being based in part on a total score per sender assigned to the entity of the at least one outgoing message exceeding a threshold score indicative of a spammer; and

an action component that upon receiving information from the detection component that the entity is a potential spammer initiates at least one action to mitigate spam from the entity, wherein the at least one action includes limiting sending of outgoing messages by the entity to a specified volume of outgoing messages until a subset of the at least one outgoing message are manually inspected by a human inspector and confirmed by the human inspector as not being spam.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The subject invention provides for a system and method that facilitates detecting and preventing spam in a variety of networked communication environments. In particular, the invention provides several techniques for monitoring outgoing communications to identify potential spammers. Identification of potential spammers can be accomplished at least in part by a detection component that monitors per sender at least one of volume of outgoing messages, volume of recipients, and/or rate of outgoing messages. In addition, outgoing messages can be scored based at least in part on their content. The scores can be added per message per sender and if the total score(s) per message or per sender exceeds some threshold, then further action can be taken to verify whether the potential spammer is a spammer. Such actions include human-inspecting a sample of the messages, sending challenges to the account, sending a legal notice to warn potential spammers and/or shutting down the account.

266 Citations

61 Claims

1. A system that facilitates mitigation of outgoing spam, comprising:
- a processor;
  
  a memory communicatively coupled to the processor, the memory having stored therein computer-executable instructions to implement the system, including;
  
  a detection component employed by an outgoing message server that detects a potential spammer in connection with at least one outgoing message sent by an entity, the detection of a potential spammer being based in part on a total score per sender assigned to the entity of the at least one outgoing message exceeding a threshold score indicative of a spammer; and
  
  an action component that upon receiving information from the detection component that the entity is a potential spammer initiates at least one action to mitigate spam from the entity, wherein the at least one action includes limiting sending of outgoing messages by the entity to a specified volume of outgoing messages until a subset of the at least one outgoing message are manually inspected by a human inspector and confirmed by the human inspector as not being spam.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 2. The system of claim 1, the outgoing message further comprising at least one of email message spam, instant message spam, whisper spam, or chat room spam.
  - 3. The system of claim 1 wherein the action initiated further comprises at least one of:
    - shutting down a user account of the entity used to send the at least one outgoing message;
      
      requiring at least one of a HIP challenge or a computational challenge to be solved by the potential spammer respectively; and
      
      sending the potential spammer a legal notice regarding at least one violation of messaging service terms.
  - 4. The system of claim 1, wherein the detection component increases the, threshold score for the entity upon confirmation that the subset of the at least one outgoing message is not spam.
  - 5. The system of claim 1, wherein the detection is further based upon an outgoing message recipient count that is computed with each recipient of a set of recipients associated with the at least one outgoing message, wherein each recipient is counted only once.
  - 6. The system of claim 5, comprising keeping track per recipient an outgoing message that is most likely to be spam, wherein each outgoing message of the at least one outgoing message is assigned a score indicating the likeliness of the outgoing message being spam.
  - 7. The system of claim 5, comprising using a random function on a unique identifier for each recipient to track a subset of the set of recipients to estimate the outgoing message recipient count.
  - 8. The system of claim 5, wherein the recipient count comprises one or more recipients listed in at least one of a to:
    - field, a cc;
      
      field, or a bcc;
      
      field.
  - 9. The system of claim 1, wherein the detection is further based upon message rate monitoring comprising computing the volume of outgoing messages over a duration of time.
  - 10. The system of claim 9, wherein the duration of time comprises at least one of minutes, hours, days, weeks, months, or years.
  - 11. The system of claim 1, wherein the detection is further based upon message volume monitoring comprising a total volume of messages since activation of the entity'"'"'s user account.
  - 12. The system of claim 1, wherein each recipient of an outgoing message constitutes one message.
  - 13. The system of claim 1, wherein the detection component processes and analyzes the outgoing messages to determine at least one of whether the message is likely to be spam or whether the sender is a potential spammer.
  - 14. The system of claim 1, wherein a number of apparently legitimate outgoing messages is used as a bonus in the total score per sender to offset one or more other scores applied in the total score per sender, wherein the one or more other scores are based upon one or more other indications of spam.
  - 15. The system of claim 14, wherein the number of apparently legitimate messages is estimated with a spam filter.
  - 16. The system of claim 14, wherein the bonus from the number of apparently legitimate messages is limited.
  - 17. The system of claim 1, wherein the total score per sender is based upon a number of non-deliverable messages of the at least one outgoing message.
  - 18. The system of claim 17, wherein the number of non-deliverable messages is estimated at least in part from Non Delivery Receipts.
  - 19. The system of claim 18, wherein validity of the Non Delivery Receipts is checked.
  - 20. The system of claim 19, wherein validity of the Non Delivery Receipts is checked against a list of recipients of messages from the sender.
  - 21. The system of claim 20, wherein the list of recipients is a sample and the penalty of a Non Delivery Receipt is correspondingly increased.
  - 22. The system of claim 1, wherein the detection component computes one or more scores assigned to each of the at least one outgoing message to determine the total score per sender.
  - 23. The system of claim 22, wherein the threshold score is adjustable per sender.
  - 24. The system of claim 1, wherein spam filtering comprises employing a filter trained to recognize at least one of non-spam like features or spam-like features in outgoing messages.
  - 25. The system of claim 1, wherein spam filtering is performed with a machine learning approach.
  - 26. The system of claim 1, wherein spam filtering comprises assigning a probability per outgoing message to indicate a likelihood that the message is any one of more spam-like or less spam-like.
  - 27. The system of claim 1, further comprising a scoring component that operates in connection with at least one of spam filtering, total recipient count, unique recipient count, message volume monitoring or message rate monitoring.
  - 28. The system of claim 27, wherein the scoring component assigns the total score per sender based at least in part upon at least one of volume of outgoing messages, rate of outgoing messages, recipient count, or message content.
  - 29. The system of claim 27, wherein the scoring component at least one of assigns or adds a constant value to one or more outgoing messages to mitigate spammers from manipulating spam filtering systems.
  - 30. The system of claim 27, wherein the scoring component assigns a selected value to outgoing messages identified as having at least one spam-like feature.
  - 31. The system of claim 30, wherein the at least one spam-like feature is a URL.
  - 32. The system of claim 30, wherein the at least one spam-like feature comprises contact information.
  - 33. The system of claim 32, wherein the contact information comprises a telephone number, the telephone number comprising at least one of an area code or a prefix to identify a geographic location associated with the message to thereby facilitate identifying the potential spammer.
  - 34. The system of claim 1, further comprising a user-based message generator component that generates outgoing messages addressed to one or more recipients based in part upon sender preferences.

35. A method that facilitates mitigation of outgoing spam comprising:
- employing a processor executing computer executable instructions to perform the following acts;
  
  detecting, via an outgoing message server comprising at least one hardware component, a potential spammer in connection with at least one outgoing message sent by an entity, the detection of a potential spammer being based in part on a total score per sender assigned to the entity of the at least one outgoing message exceeding a threshold score indicative of a spammer;
  
  receiving information from a detection component that the entity is a potential spammer; and
  
  initiating at least one action that facilitates mitigating spamming from the entity, wherein the at least one action includes limiting sending of outgoing messages by the entity to a specified volume of outgoing messages until a subset of the at least one outgoing message are manually inspected by a human inspector as not being spam.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59)
- - 36. The method of claim 35, wherein the at least one outgoing message further comprises at least one of mail message spam, instant message spam, whisper spam, and chat room spam.
  - 37. The method of claim 35, further comprising monitoring outgoing messages per sender with respect to at least one of a volume of outgoing messages, a volume of recipients, or a rate of outgoing messages.
  - 38. The method of claim 35, wherein detecting a potential spammer further comprises:
    - performing at least two of the following;
      
      assigning a score per outgoing message based at least in part upon content of the message,assigning a score per sender based at least in part upon outgoing message volume per sender,assigning a score per sender based at least in part upon outgoing message rate per sender,assigning a score per sender based at least in part upon a total recipient count per sender,or assigning a score per sender based at least in part upon a unique recipient count per sender;
      
      computing the total score per sender further based upon two or more of the score per outgoing message, the score, per sender based at least in part upon outgoing message volume per sender, the score per sender based at least in part upon outgoing message rate per sender, the score per sender based at least in part upon a total recipient count per sender, or the score per sender based at least in part upon a unique recipient count per sender; and
      
      determining whether the sender is a potential spammer based at least in part upon the total score associated with the sender.
  - 39. The method of claim 35, further comprising tracking one or more recipients and associated outgoing messages addressed to the recipients to facilitate identifying one or more most spam-like messages received per sender.
  - 40. The method of claim 39, further comprising assigning one or more scores to the one or more most spam-like messages and aggregating the scores per sender to compute the total score per sender.
  - 41. The method of claim 35, wherein the at least one action comprises terminating a sender account.
  - 42. The method of claim 41, wherein the sender account is terminated when there is substantial certainty that the outgoing messages sent by a sender are spam.
  - 43. The method of claim 42, wherein substantial certainty that the outgoing messages are spam is determined in part by at least one of the following:
    - at least a portion of the outgoing message comprises at least one of an exact match and a near match to known spam;
      
      orat least a portion of the outgoing message comprises a phrase that a human has determined to be spam-like.
  - 44. The method of claim 35, wherein the at least one action comprises temporarily suspending outgoing message delivery from a sender account.
  - 45. The method of claim 35, wherein the at least one action comprises requiring a sender account to resolve one or more challenges.
  - 46. The method of claim 45, wherein the sender account is limited to a specified number of recipients or outgoing messages per challenge until a specified maximum number of challenges are solved, and after the specified maximum number of challenges are solved then the sender account is limited to a specified sending rate of a number of outgoing messages per time period.
  - 47. The method of claim 46, wherein the specified spending rate limit may be increased by solving additional challenges.
  - 48. The method of claim 45, wherein the one or more challenges comprise a computational challenge or a human interactive proof.
  - 49. The method of claim 45, wherein the one or more challenges are delivered as a pop up message.
  - 50. The method of claim 45, wherein the one or more challenges are delivered to the sender account via a message format similar to the sender'"'"'s outgoing messages.
  - 51. The method of claim 45, wherein the one or more challenges are delivered to the sender account in response to feedback from a server that a shutdown of the account is approaching.
  - 52. The method of claim 35, wherein the at least one action comprises sending a legal notice to the sender that the sender is in violation of terms of service and suspending an account of the sender.
  - 53. The method of claim 52, further comprising requiring the sender to respond to the legal notice acknowledging that the sender has read the legal notice prior to removing the suspension of the account via at least one of providing an electronic signature or clicking on a link.
  - 54. The method of claim 52, wherein the legal notice is delivered via a pop-up message.
  - 55. The method of claim 35, wherein delivery of outgoing messages is temporarily suspended until a response to the action is received.
  - 56. The method of claim 35, wherein a minimum number of outgoing messages are permitted for delivery before a response to the action is received.
  - 57. The method of claim 35, further comprising estimating a total volume of recipients per sender to facilitate identifying a potential spammer.
  - 58. The method of claim 57, wherein estimating a total volume of distinct recipients per sender comprises:
    - computing a hash function per recipient to obtain a hash value per recipient;
      
      setting a hash modulo value; and
      
      adding the recipient to a list for message tracking when the recipient'"'"'s hash value equals the hash modulo value to facilitate estimating a total volume of distinct recipients per sender.
  - 59. The method of claim 58, further comprising:
    - tracking worst-scoring messages each listed recipient receives per sender;
      
      computing the total score per sender of substantially all listed recipients'"'"' scores per sender;
      
      and comparing the total score per sender with a threshold level associated with the sender to determine whether the sender is a potential spammer.

60. A computer-readable storage medium having stored thereon the following computer executable components:
- a detection component employed by an outgoing message server that detects a potential spammer in connection with at least one outgoing message sent from an entity, the detection of a potential spammer being based on a total score per sender assigned to the entity of the at least one outgoing message exceeding a threshold score indicative of a spammer; and
  
  an action component that upon receiving information from the detection component that the entity is a potential spammer initiates at least one action mitigating spamming by the entity, wherein the at least one action includes limiting sending of outgoing messages by the entity to a specified volume of outgoing messages until a subset of the at least one outgoing message are manually inspected by a human inspector and confirmed by the human inspector as not being spam.

61. A system that facilitates spam detection comprising:
- a processor;
  
  a memory communicatively coupled to the processor, the memory having-stored therein computer-executable instructions to implement the system, including;
  
  a means employed by an outgoing message server for detecting a potential spammer in connection with at least one outgoing message sent from an account of an entity, the detection of a potential spammer being based on a total score per sender assigned to the entity of the at least one outgoing message exceeding a threshold score indicative of a spammer,a means for receiving information from a detection component that the entity is a potential spammer; and
  
  a means for initiating at least one action that facilitates mitigating spamming by the entity, wherein the at least one action includes limiting sending of outgoing messages by the entity to a specified volume of outgoing messages until a subset of the at least one outgoing message are manually inspected by a human inspector and confirmed by the human inspector as not being spam.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Rounthwaite, Robert L., Goodman, Joshua T., Gillum, Eliot C.
Primary Examiner(s)
Coulter; Kenneth R

Application Number

US10/601,159
Publication Number

US 20050021649A1
Time in Patent Office

2,510 Days
Field of Search

709/206, 726/22
US Class Current

709/206
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/552   involving long-term monitor...

G06F 2221/2103   Challenge-response

H04L 51/212   using filtering or selectiv...

H04L 63/0227   Filtering policies mail mes...

H04L 63/1416   Event detection, e.g. attac...

Prevention of outgoing spam

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

266 Citations

61 Claims

Specification

Use Cases

Quick Links

Others

Prevention of outgoing spam

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

266 Citations

61 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others