Reporting on spoofed e-mail
First Claim
1. A method for use in managing delivery of messages over a network, comprising:
- receiving a plurality of messages over the network;
for each message in the plurality of messages;
determining an outbound message server for the respective message by identifying a last hop network address as the outbound message server based on a last network hop of the message prior to being received by a message server associated with a message recipient;
if the respective message is digitally signed, authenticating the respective message, at least by verifying that the digitally signed message originated from a domain associated with a sender'"'"'s address of the message by using a public component of a public/private key pair that is accessible to a domain name server (DNS) associated with the domain; and
generating a report about the plurality of messages, wherein the report indicates for each outbound message server at least a number of messages that are digitally signed and authenticated, a number of messages that are unsigned, and a number of messages that are digitally signed but determined to be unauthentic based on the digital signature; and
employing the report to selectively block messages allegedly from the domain associated with digitally signed messages.
6 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed towards detecting and reporting use by a domain of a message authentication mechanism, such as DomainKeys (DK), and/or DomainKeys Identified Mail (DKIM), and enabling subsequent blocking of messages based, in part, on its usage. When a message is received by an inbound message server, a message source is determined for the message. In one embodiment, the message source is a domain name associated with the sender of the message. Statistics are recorded about the message, including the message source, whether the message is suspect, includes a forged source identifier, employs DK/DKIM message authentication, and the like. The reports may ten be sent to various message sources to enable them to determine the extent of use of DK/DKIM message authentication, and to selectively block, re-direct, or forward the messages based, in part, on the use of DK/DKIM message authentication mechanism.
-
Citations
17 Claims
-
1. A method for use in managing delivery of messages over a network, comprising:
-
receiving a plurality of messages over the network; for each message in the plurality of messages; determining an outbound message server for the respective message by identifying a last hop network address as the outbound message server based on a last network hop of the message prior to being received by a message server associated with a message recipient; if the respective message is digitally signed, authenticating the respective message, at least by verifying that the digitally signed message originated from a domain associated with a sender'"'"'s address of the message by using a public component of a public/private key pair that is accessible to a domain name server (DNS) associated with the domain; and generating a report about the plurality of messages, wherein the report indicates for each outbound message server at least a number of messages that are digitally signed and authenticated, a number of messages that are unsigned, and a number of messages that are digitally signed but determined to be unauthentic based on the digital signature; and employing the report to selectively block messages allegedly from the domain associated with digitally signed messages. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A network device for managing delivery of messages over a network, comprising:
-
a transceiver to send and receive data over the network; and a processor that is operative to perform actions, including; receiving a message over the network; determining an outbound message server for the message by identifying a last hop network address as the outbound message server based on a last network hop of the message prior to being received by a message server associated with a message recipient; if the message is digitally signed, authenticating the message, at least by verifying that the digitally signed message originated from a domain associated with a sender'"'"'s address of the message by using a public component of a public/private key pair that is accessible to a domain name server (DNS) associated with the domain; generating a report about the message, wherein the report indicates for each determined outbound message server whether the message is digitally signed and authenticated, whether the message is unsigned, or whether the message is digitally signed but determined to be unauthentic based on the digital signature; and enabling the report to be useable to selectively block other messages allegedly from the domain associated with digitally signed messages. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system for use in managing delivery of messages over a network, comprising:
-
a plurality of mail servers associated with a domain; and a network device that is configured to receive messages from each of the plurality of mail servers and to perform actions, including; receiving a plurality of messages, wherein each message indicates that it is from a sender'"'"'s address associated with the domain; for each message; determining if the message is associated with a mail server in the plurality of mail servers identifying a last hop network address as the mail server based on a last network hop of the message prior to being received by a message server associated with a message recipient; and if the message is digitally signed, authenticating the message, at least by verifying that the digitally signed message originated from the domain by using a public component of a public/private key pair that is accessible to a domain name server (DNS) associated with the domain; generating a report for each mail server in the plurality, wherein the report indicates a number of messages sent from the mail server which are digitally signed and authentic, a number of messages that are digitally signed and determined to be unauthentic, and a number of messages from the mail server which are unsigned; and enabling the report to be useable to selectively block delivery of at least one message. - View Dependent Claims (12, 13)
-
-
14. A non-transitory, computer-readable medium configured to store data and instructions thereon, wherein the execution of the instructions on a computing device enable the computing device to perform actions for managing received messages over a network, comprising:
-
receiving a plurality of messages, wherein each message indicates that it is associated with a same domain; for each message; determining if the message is associated with a mail server associated with the domain by identifying a last hop network address as the mail server based on a last network hop of the message prior to being received by a message server associated with a message recipient; and
if the message is digitally signed, authenticating the message, at least by verifying that the digitally signed message originated from the domain by using a public component of a public/private key pair that is accessible to a domain name server (DNS) associated with the domain; andgenerating a report that indicates for each mail server associated with the domain a number of messages received from a mail server for the domain which are digitally signed and authentic, a number of messages that are digitally signed and determined to be unauthentic, and a number of messages that are unsigned; and enabling the report to be useable to selectively block delivery of at least one message. - View Dependent Claims (15, 16, 17)
-
Specification