E-mail authentication
First Claim
1. A method for determining whether an e-mail originates from a sender who is authorized by an address provider to send the e-mail to an intended recipient'"'"'s e-mail address, the method comprising:
- using at least one computer to perform the steps of;
receiving an e-mail directed to an intended recipient'"'"'s e-mail address;
determining a first identifier encoded in the e-mail identifying a sender of the e-mail;
determining a second identifier encoded in the e-mail that is distinct from the first identifier and from any e-mail address for the recipient, the second identifier identifying an address provider distinct from the sender and from the intended recipient as an entity from which the sender obtained the intended recipient'"'"'s e-mail address;
in response to determining the second identifier, querying an authentication server to determine whether the sender is authorized by the address provider to obtain the intended recipient'"'"'s e-mail address used for sending the e-mail to the intended recipient;
receiving a response from the authentication server;
delivering the e-mail to the intended recipient if the response indicates that the sender is authorized by the address provider to obtain the intended recipient'"'"'s e-mail address used for sending the e-mail to the intended recipient; and
preventing normal delivery of the e-mail to the intended recipient if the response indicates that the sender is not authorized by the address provider to obtain the intended recipient'"'"'s e-mail address used for sending the e-mail to the intended recipient.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for determining whether an e-mail originates from a sender authorized by an address provider to send the e-mail to an intended recipient'"'"'s e-mail address. The e-mail identifies an address provider from which the intended recipient'"'"'s e-mail address was obtained. The e-mail is delivered to the intended recipient only upon verification that the sender is authorized by the address provider to obtain the intended recipient'"'"'s e-mail address. The system and method may also provide for determining whether an e-mail originates from a forged source. A server receives data relating to an e-mail, including a purported sender and a verification host. The server queries the verification host with information pertaining to the e-mail and requests confirmation that the e-mail originates from the purported sender. The e-mail is determined to originate from a forged source unless the verification host responds that the e-mail originates from the purported sender.
58 Citations
27 Claims
-
1. A method for determining whether an e-mail originates from a sender who is authorized by an address provider to send the e-mail to an intended recipient'"'"'s e-mail address, the method comprising:
-
using at least one computer to perform the steps of; receiving an e-mail directed to an intended recipient'"'"'s e-mail address; determining a first identifier encoded in the e-mail identifying a sender of the e-mail; determining a second identifier encoded in the e-mail that is distinct from the first identifier and from any e-mail address for the recipient, the second identifier identifying an address provider distinct from the sender and from the intended recipient as an entity from which the sender obtained the intended recipient'"'"'s e-mail address; in response to determining the second identifier, querying an authentication server to determine whether the sender is authorized by the address provider to obtain the intended recipient'"'"'s e-mail address used for sending the e-mail to the intended recipient; receiving a response from the authentication server; delivering the e-mail to the intended recipient if the response indicates that the sender is authorized by the address provider to obtain the intended recipient'"'"'s e-mail address used for sending the e-mail to the intended recipient; and preventing normal delivery of the e-mail to the intended recipient if the response indicates that the sender is not authorized by the address provider to obtain the intended recipient'"'"'s e-mail address used for sending the e-mail to the intended recipient. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for authenticating the dispersal of an intended recipient'"'"'s e-mail address from an address provider to a sender, the system comprising:
-
a mail server, comprising at least one computer, configured for receiving an e-mail directed to an intended recipient'"'"'s e-mail address, determining a first identifier encoded in the e-mail identifying a sender of the e-mail, determining a second identifier encoded in the e-mail that is distinct from the first identifier and from any e-mail address for the recipient, and using the second identifier to identify an address provider distinct from the sender and from the intended recipient as an entity from which the sender obtained the intended recipient'"'"'s e-mail address; an authentication server, comprising at least one computer, accessible by the mail server, wherein the authentication server receives and responds to queries from the mail server; and a database accessible by the authentication server, wherein the database comprises information that permits the authentication server to determine whether the sender is authorized by the address provider to obtain the intended recipient'"'"'s e-mail address used for sending e-mail to the intended recipient'"'"'s e-mail address. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
-
Specification