Identifying unwanted electronic messages

US 7,954,155 B2
Filed: 01/28/2008
Issued: 05/31/2011
Est. Priority Date: 04/30/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method of processing electronic messages in an electronic messaging system that includes multiple local exchanging systems, the method comprising:

maintaining first stored data indicating characteristics of electronic messages inspected by a first local exchanging system included in an electronic messaging system, the first local exchanging system configured to exchange messages sent by users located in a first geographic region;

maintaining second stored data indicating characteristics of electronic messages inspected by a second local exchanging system included in the electronic messaging system, the second local exchanging system being different than the first local exchanging system, wherein the second local exchanging system is configured to exchange messages sent by users located in a second geographic region, the second geographic region being different than the first geographic region;

receiving, at the first local exchanging system, an electronic message;

inspecting, at the first local exchanging system, the electronic message to identify characteristics of the electronic message;

accessing the first stored data indicating characteristics of electronic messages inspected by the first local exchanging system;

accessing the second stored data indicating characteristics of electronic messages inspected by the second local exchanging system;

comparing the identified characteristics of the electronic message with the accessed first stored data indicating characteristics of electronic messages inspected by the first local exchanging system and the accessed second stored data indicating characteristics of electronic messages inspected by the second local exchanging system;

based on comparison results, identifying a security condition for the electronic message; and

processing the electronic message based on the security condition.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An unwanted message may be identified by inspecting the payload portion of a message being communicated, comparing the characteristics of the payload portion with stored data indicating characteristics of other messages, and identifying a security condition based on a comparison of the message inspected. The characteristics inspected may include the payload portion of a message or the whole message when the characteristics are being compared against messages being exchanged on more than one local exchanging system. Furthermore, the characteristics of messages may be tracked for comparison against the characteristics of future messages. A threshold number of those characteristics may subsequently implicate a hostile security condition, even if a current comparison of these characteristics does not reach the threshold necessary to implicate a hostile security condition.

67 Citations

9 Claims

1. A method of processing electronic messages in an electronic messaging system that includes multiple local exchanging systems, the method comprising:
- maintaining first stored data indicating characteristics of electronic messages inspected by a first local exchanging system included in an electronic messaging system, the first local exchanging system configured to exchange messages sent by users located in a first geographic region;
  
  maintaining second stored data indicating characteristics of electronic messages inspected by a second local exchanging system included in the electronic messaging system, the second local exchanging system being different than the first local exchanging system, wherein the second local exchanging system is configured to exchange messages sent by users located in a second geographic region, the second geographic region being different than the first geographic region;
  
  receiving, at the first local exchanging system, an electronic message;
  
  inspecting, at the first local exchanging system, the electronic message to identify characteristics of the electronic message;
  
  accessing the first stored data indicating characteristics of electronic messages inspected by the first local exchanging system;
  
  accessing the second stored data indicating characteristics of electronic messages inspected by the second local exchanging system;
  
  comparing the identified characteristics of the electronic message with the accessed first stored data indicating characteristics of electronic messages inspected by the first local exchanging system and the accessed second stored data indicating characteristics of electronic messages inspected by the second local exchanging system;
  
  based on comparison results, identifying a security condition for the electronic message; and
  
  processing the electronic message based on the security condition.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein identifying the security condition for the electronic message comprises identifying a hostile security condition for the electronic message received at the first local exchanging system based on the comparison of the identified characteristics of the electronic message with the accessed second stored data indicating characteristics of electronic messages inspected by the second local exchanging system.
  - 3. The method of claim 2 wherein the security condition of the electronic message would not be identified as hostile based solely on the comparison of the identified characteristics of the electronic message with the accessed first stored data indicating characteristics of electronic messages inspected by the first local exchanging system.
  - 4. The method of claim 1 wherein:
    - based on comparison results, identifying the security condition for the electronic message comprises identifying a security condition that reflects an indeterminate state; and
      
      processing the electronic message based on the security condition comprises;
      
      causing the electronic message to be stored in electronic storage such that a recipient is able to access the electronic message;
      
      tracking a location of the electronic message stored in the electronic storage;
      
      receiving, at either or both of the first local exchanging system and the second local exchanging system, at least one additional electronic message subsequent to receipt of the electronic message;
      
      inspecting the received at least one additional electronic message;
      
      updating either or both of the first stored data and the second stored data based on the inspection of the received at least one additional electronic message;
      
      reassessing whether the electronic message is acceptable based on the update to either or both of the first stored data and the second stored data;
      
      determining that the electronic message is now unacceptable based on the reassessment of the electronic message;
      
      based on the determination that the first electronic message is now unacceptable, removing the electronic message from the electronic storage using a tracked location of the electronic message.
  - 5. The method of claim 1, wherein processing the electronic message based on the security condition includes determining that the electronic message is unacceptable and removing the first electronic message from an electronic storage using the tracked location of the first electronic message.
  - 6. The method of claim 1, wherein processing the electronic message based on the security condition includes determining that the electronic message is presently acceptable when the security condition of the electronic message reflects an indeterminate state.
  - 7. The method of claim 1, wherein processing the electronic message based on the security condition includes determining that the electronic message is presently acceptable when the security condition of the electronic message does not reflect an unacceptable state.
  - 8. The method of claim 1, wherein processing the electronic message based on the security condition includes:
    - identifying that the electronic message has a particular characteristic; and
      
      determining that the electronic message is presently acceptable based on determining that a number of received messages that have the particular characteristic is less than a threshold.
  - 9. The method of claim 8, wherein processing the electronic message based on the security condition includes:
    - receiving a second electronic message subsequent to receipt of the first electronic message, the second electronic message having the particular characteristic;
      
      updating data indicating the number of received messages that have the particular characteristic;
      
      reassessing whether the electronic message is acceptable by comparing the data indicating the number of received messages that have the particular characteristic to a threshold; and
      
      determining that the electronic message is now unacceptable based on the reassessment of the electronic message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
AOL Inc. (Apollo Global Management, Inc.)
Inventors
Adamski, Michael K., Despeaux, Craig E., Sutton, Jr., Lorin R.
Primary Examiner(s)
POLTORAK, PIOTR

Application Number

US12/020,630
Publication Number

US 20080120704A1
Time in Patent Office

1,219 Days
Field of Search

None
US Class Current

726/22
CPC Class Codes

G06F 21/50 Monitoring users, programs ...

H04L 63/145 the attack involving the pr...

Identifying unwanted electronic messages

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

67 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Identifying unwanted electronic messages

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links