Evaluating electronic mail messages based on probabilistic analysis
First Claim
1. A data processing system, comprising:
- one or more processors;
logic encoded in one or more media for execution and when executed operable to cause the one or more processors to perform;
training a probabilistic filter using first properties of one or more first network resource identifiers obtained from a whitelist;
wherein at least one of the first properties is obtained from any of;
information obtained from DNS queries based, at least in part, on the one or more first work resource identifiers;
server software information;
orinformation obtained from “
whois”
queries based, at least in part, on information contained in the network resource identifier;
training the probabilistic filter using second properties of one or more second network resource identifiers obtained from a blocklist;
testing third properties of a third network resource identifier using the probabilistic filter, resulting in creating a probability output;
adding the third network resource identifier to the blocklist when the probability output is greater than a specified threshold.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer system can evaluate electronic messages based on probabilistic analysis, including Bayesian analysis. In one embodiment, a data processing system comprises logic configured for perform training a probabilistic filter using first properties of one or more first network resource identifiers obtained from a whitelist; training the probabilistic filter using second properties of one or more second network resource identifiers obtained from a blocklist; testing third properties of a third network resource identifier using the probabilistic filter, resulting in creating a probability output; and adding the third network resource identifier to the blocklist when the probability output is greater than a specified threshold. The blocklist can be communicated to messaging gateways in the field for local use in evaluating messages that contain spam or other threats.
52 Citations
32 Claims
-
1. A data processing system, comprising:
-
one or more processors; logic encoded in one or more media for execution and when executed operable to cause the one or more processors to perform; training a probabilistic filter using first properties of one or more first network resource identifiers obtained from a whitelist; wherein at least one of the first properties is obtained from any of; information obtained from DNS queries based, at least in part, on the one or more first work resource identifiers; server software information;
orinformation obtained from “
whois”
queries based, at least in part, on information contained in the network resource identifier;training the probabilistic filter using second properties of one or more second network resource identifiers obtained from a blocklist; testing third properties of a third network resource identifier using the probabilistic filter, resulting in creating a probability output; adding the third network resource identifier to the blocklist when the probability output is greater than a specified threshold. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 29)
-
-
11. A data processing system, comprising:
-
means for training a probabilistic filter using first properties of one or more first network resource identifiers obtained from a whitelist; wherein at least one of the first properties is obtained from any of; information obtained from DNS queries based, at least in part, on the one or more first work resource identifiers; server software information;
orinformation obtained from “
whois”
queries based, at least in part, on information contained in the network resource identifier;means for training the probabilistic filter using second properties of one or more second network resource identifiers obtained from a blocklist; means for testing third properties of a third network resource identifier using the probabilistic filter, resulting in creating a probability output; means for adding the third network resource identifier to the blocklist when the probability output is greater than a specified threshold. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 30)
-
-
19. A computer-implemented method of evaluating an electronic mail message based on probabilistic analysis, comprising:
-
training a probabilistic filter using first properties of one or more first network resource identifiers obtained from a whitelist; wherein at least one of the first properties is obtained from any of; information obtained from DNS queries based, at least in part, on the one or more first work resource identifiers; server software information;
orinformation obtained from “
whois”
queries based, at least in part, on information contained in the network resource identifier;training the probabilistic filter using second properties of one or more second network resource identifiers obtained from a blocklist; testing third properties of a third network resource identifier using the probabilistic filter, resulting in creating a probability output; adding the third network resource identifier to the blocklist when the probability output is greater than a specified threshold. - View Dependent Claims (20, 21, 22, 23, 24, 31)
-
-
25. A non-transitory computer-readable tangible storage medium storing one or more sequences of instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of:
-
training a probabilistic filter using first properties of one or more first network resource identifiers obtained from a whitelist; wherein at least one of the first properties is obtained from any of; information obtained from DNS queries based, at least in part, on the one or more first work resource identifiers; server software information;
orinformation obtained from “
whois”
queries based, at least in part, on information contained in the network resource identifier;training the probabilistic filter using second properties of one or more second network resource identifiers obtained from a blocklist; testing third properties of a third network resource identifier using the probabilistic filter, resulting in creating a probability output; adding the third network resource identifier to the blocklist when the probability output is greater than a specified threshold. - View Dependent Claims (26, 27, 28, 32)
-
Specification