Electronic message source reputation information system
First Claim
1. A network traffic filtering system for filtering a flow of electronic messages across a computer network, the system comprising:
- one or more computing devices;
a centralized server installed on the one or more computing devices and having an engine for executing instructions stored in a memory of the one or more computing devices, the execution of the instructions configured to generate a source reputation profile based on reputation data associated with a source IP address, wherein the reputation data is received from a centralized data source comprising an electronic message traffic monitoring system that monitors electronic messages after being sent from a sending server at the source IP address and before being received by a targeted receiving server or at any gateway to a local network including a targeted receiving server, and wherein the reputation data comprises metadata derived by the electronic message traffic monitoring system from the monitoring of messages sent from the source IP address;
a profile database connected to the centralized server for storing the reputation data, the centralized server and profile database external to targeted receiving servers or any gateway to a local network including a targeted receiving server; and
wherein the engine is further configured to provide the source reputation profile to an external local system having at least one targeted receiving mail server for filtering incoming electronic messages by the at least one targeted receiving mail server, or other device within a gateway to a local network having the external local system, based on the provided source reputation profile before the incoming electronic messages can reach an intended recipient.
3 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are filtering systems and methods that employ an electronic message source reputation system. The source reputation system maintains a pool of source Internet Protocol (IP) address information, in the form of a Real-Time Threat Identification Network (“RTIN”) database, which can provide the reputation of source IP addresses, which can be used by customers for filtering network traffic. The source reputation system provides for multiple avenues of access to the source reputation information. Examples of such avenues can include Domain Name Server (DNS)-type queries, servicing routers with router-table data, or other avenues.
117 Citations
36 Claims
-
1. A network traffic filtering system for filtering a flow of electronic messages across a computer network, the system comprising:
-
one or more computing devices; a centralized server installed on the one or more computing devices and having an engine for executing instructions stored in a memory of the one or more computing devices, the execution of the instructions configured to generate a source reputation profile based on reputation data associated with a source IP address, wherein the reputation data is received from a centralized data source comprising an electronic message traffic monitoring system that monitors electronic messages after being sent from a sending server at the source IP address and before being received by a targeted receiving server or at any gateway to a local network including a targeted receiving server, and wherein the reputation data comprises metadata derived by the electronic message traffic monitoring system from the monitoring of messages sent from the source IP address; a profile database connected to the centralized server for storing the reputation data, the centralized server and profile database external to targeted receiving servers or any gateway to a local network including a targeted receiving server; and wherein the engine is further configured to provide the source reputation profile to an external local system having at least one targeted receiving mail server for filtering incoming electronic messages by the at least one targeted receiving mail server, or other device within a gateway to a local network having the external local system, based on the provided source reputation profile before the incoming electronic messages can reach an intended recipient. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method of filtering a flow of electronic messages across a computer network, the method comprising:
-
receiving, at an engine installed on one or more computing devices for executing instructions stored in a memory of the one or more computing devices, reputation data associated with a source IP address from a centralized data source comprising an electronic message traffic monitoring system that monitors electronic messages after being sent from a sending server at the source IP address and before being received by a targeted receiving server or at any gateway to a local network including a targeted receiving server, wherein the reputation data comprises metadata derived by the electronic message traffic monitoring system from the monitoring of messages sent from the source IP address; storing the reputation data in a database associated with the engine, the database and engine external to targeted receiving servers or any gateway to a local network including a targeted receiving server; generating a source reputation profile with the engine based on the reputation data; and providing the source reputation profile from the engine to an external local system having at least one targeted receiving mail server for filtering incoming electronic messages by the at least one targeted receiving mail server, or other device within a gateway to a local network having the external local system, based on the provided source reputation profile before the incoming electronic messages can reach an intended recipient. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification