Identifying unwanted electronic messages
First Claim
1. A method of processing electronic messages in an electronic messaging system that includes multiple local exchanging systems, the method comprising:
- maintaining first stored data indicating characteristics of electronic messages inspected by a first local exchanging system included in an electronic messaging system, the first local exchanging system configured to exchange messages sent by users located in a first geographic region;
maintaining second stored data indicating characteristics of electronic messages inspected by a second local exchanging system included in the electronic messaging system, the second local exchanging system being different than the first local exchanging system, wherein the second local exchanging system is configured to exchange messages sent by users located in a second geographic region, the second geographic region being different than the first geographic region;
receiving, at the first local exchanging system, an electronic message;
inspecting, at the first local exchanging system, the electronic message to identify characteristics of the electronic message;
accessing the first stored data indicating characteristics of electronic messages inspected by the first local exchanging system;
accessing the second stored data indicating characteristics of electronic messages inspected by the second local exchanging system;
comparing the identified characteristics of the electronic message with the accessed first stored data indicating characteristics of electronic messages inspected by the first local exchanging system and the accessed second stored data indicating characteristics of electronic messages inspected by the second local exchanging system;
based on comparison results, identifying a security condition for the electronic message; and
processing the electronic message based on the security condition.
11 Assignments
0 Petitions
Accused Products
Abstract
An unwanted message may be identified by inspecting the payload portion of a message being communicated, comparing the characteristics of the payload portion with stored data indicating characteristics of other messages, and identifying a security condition based on a comparison of the message inspected. The characteristics inspected may include the payload portion of a message or the whole message when the characteristics are being compared against messages being exchanged on more than one local exchanging system. Furthermore, the characteristics of messages may be tracked for comparison against the characteristics of future messages. A threshold number of those characteristics may subsequently implicate a hostile security condition, even if a current comparison of these characteristics does not reach the threshold necessary to implicate a hostile security condition.
-
Citations
9 Claims
-
1. A method of processing electronic messages in an electronic messaging system that includes multiple local exchanging systems, the method comprising:
-
maintaining first stored data indicating characteristics of electronic messages inspected by a first local exchanging system included in an electronic messaging system, the first local exchanging system configured to exchange messages sent by users located in a first geographic region; maintaining second stored data indicating characteristics of electronic messages inspected by a second local exchanging system included in the electronic messaging system, the second local exchanging system being different than the first local exchanging system, wherein the second local exchanging system is configured to exchange messages sent by users located in a second geographic region, the second geographic region being different than the first geographic region; receiving, at the first local exchanging system, an electronic message; inspecting, at the first local exchanging system, the electronic message to identify characteristics of the electronic message; accessing the first stored data indicating characteristics of electronic messages inspected by the first local exchanging system; accessing the second stored data indicating characteristics of electronic messages inspected by the second local exchanging system; comparing the identified characteristics of the electronic message with the accessed first stored data indicating characteristics of electronic messages inspected by the first local exchanging system and the accessed second stored data indicating characteristics of electronic messages inspected by the second local exchanging system; based on comparison results, identifying a security condition for the electronic message; and processing the electronic message based on the security condition. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification