Diminishing false positive classifications of unsolicited electronic-mail

US 8,271,603 B2
Filed: 06/16/2006
Issued: 09/18/2012
Est. Priority Date: 02/20/2003
Status: Active Grant

First Claim

Patent Images

1. A method for diminishing false positive classifications of unsolicited electronic-mail, the method comprising:

maintaining a database of signatures in memory, each of the signatures associated with unsolicited electronic-mail to be excluded from an end-user mail client and based on at least a set of message classifiers used to identify distinguishing properties, at least a portion of the signatures generated based on one of the distinguishing properties using a transformation method;

intercepting an electronic-mail message at a network appliance coupled to an electronic-mail server, the electronic-mail message intercepted prior to receipt of the electronic-mail message by the electronic-mail server; and

executing instructions stored in memory, wherein execution of the instructions by a processor;

applies a set of message classifiers to the electronic-mail message, the set of message classifiers comprising;

at least one rule-based heuristic;

at least one content filter used to identify non-essential and decoy information; and

user-generated feedback; and

generates one or more signatures using the transformation method, wherein one or more signatures are indicative of unsolicited electronic-mail based on at least the set of message classifiers applied to the electronic-mail message, and wherein-the one or more signatures are applied to subsequent incoming electronic-mail messages, wherein unsolicited electronic-mail may be identified and false positive identifications of normal electronic-mail messages are reduced.

View all claims

23 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for diminishing false positive classifications of unsolicited electronic-mail is disclosed. An electronic-mail message is received whereby a set of message classifiers are applied the message. One or more signatures indicative of unsolicited electronic-mail based on at least the application of the aforementioned classifiers is generated. The one or more signatures are applied to subsequently incoming electronic-mail messages whereby unsolicited electronic-mail may be more accurately identified and false positive identification of normal electronic-mail messages are reduced.

Citations

19 Claims

1. A method for diminishing false positive classifications of unsolicited electronic-mail, the method comprising:
- maintaining a database of signatures in memory, each of the signatures associated with unsolicited electronic-mail to be excluded from an end-user mail client and based on at least a set of message classifiers used to identify distinguishing properties, at least a portion of the signatures generated based on one of the distinguishing properties using a transformation method;
  
  intercepting an electronic-mail message at a network appliance coupled to an electronic-mail server, the electronic-mail message intercepted prior to receipt of the electronic-mail message by the electronic-mail server; and
  
  executing instructions stored in memory, wherein execution of the instructions by a processor;
  
  applies a set of message classifiers to the electronic-mail message, the set of message classifiers comprising;
  
  at least one rule-based heuristic;
  
  at least one content filter used to identify non-essential and decoy information; and
  
  user-generated feedback; and
  
  generates one or more signatures using the transformation method, wherein one or more signatures are indicative of unsolicited electronic-mail based on at least the set of message classifiers applied to the electronic-mail message, and wherein-the one or more signatures are applied to subsequent incoming electronic-mail messages, wherein unsolicited electronic-mail may be identified and false positive identifications of normal electronic-mail messages are reduced.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method for diminishing false positive classifications of unsolicited electronic-mail as recited in claim 1, wherein the rule-based heuristic includes identification of a uniform resource locator.
  - 3. The method for diminishing false positive classifications of unsolicited electronic-mail as recited in claim 1, wherein the rule-based heuristic includes identification of a domain name.
  - 4. The method for diminishing false positive classifications of unsolicited electronic-mail as recited in claim 1, wherein the rule-based heuristic includes identification of an electronic mail address.
  - 5. The method for diminishing false positive classifications of unsolicited electronic-mail as recited in claim 1, wherein the rule-based heuristic includes identification of an Internet protocol address.
  - 6. The method for diminishing false positive classifications of unsolicited electronic-mail as recited in claim 1, wherein the rule-based heuristic includes identification of a telephone number.
  - 7. The method for diminishing false positive classifications of unsolicited electronic-mail as recited in claim 1, wherein the rule-based heuristic includes identification of a physical address.
  - 8. The method for diminishing false positive classifications of unsolicited electronic-mail as recited in claim 1, wherein the rule-based heuristic includes identification of a name.
  - 9. The method for diminishing false positive classifications of unsolicited electronic-mail as recited in claim 1, wherein the rule-based heuristic includes identification of a stock tickersymbol.
  - 10. The method for diminishing false positive classifications of unsolicited electronic-mail as recited in claim 1, wherein the content filter preprocesses the electronic-mail message.
  - 11. The method for diminishing false positive classifications of unsolicited electronic-mail as recited in claim 10, wherein preprocessing the electronic-mail message comprises ignoring non-essential information.
  - 12. The method for diminishing false positive classifications of unsolicited electronic-mail as recited in claim 10, wherein preprocessing the electronic-mail message comprises removing non-essential information.
  - 13. The method for diminishing false positive classifications of unsolicited electronic-mail as recited in claim 10, wherein preprocessing comprises identifying decoy information.
  - 14. The method for diminishing false positive classifications of unsolicited electronic-mail as recited in claim 1, wherein the non-essential information comprises spaces, carriage returns, tabs, blank lines, punctuation, hyper-text markup language tags for color, or hyper-text markup language tags for font.
  - 15. The method for diminishing false positive classifications of unsolicited electronic-mail as recited in claim 1, wherein the decoy information comprises decoy electronic-mail addresses, decoy domain names, decoy uniform resource locators, or decoy Internet protocol addresses.
  - 16. The method for diminishing false positive classifications of unsolicited electronic-mail as recited in claim 1, further comprising updating a signature database based on at least false positive identification of the electronic-mail message as indicated by user-generated feedback.

17. A system for diminishing false positive classifications of unsolicited electronic-mail, the system comprising:
- a database of signatures, each of the signatures associated with unsolicited electronic-mail to be excluded from an end-user mail client and based on at least a set of message classifiers used to identify distinguishing properties, at least a portion of the signatures generated based on one of the distinguishing properties using a transformation method;
  
  an electronic-mail server coupled to a network appliance, the network appliance configured to intercept unsolicited electronic-mail as identified by a signature from the database of signatures prior to receipt of the electronic-mail by the mail server; and
  
  an end-user mail client coupled to the electronic-mail server, the electronic-mail server configured to receive electronic-mail not identified as unsolicited electronic-mail by one or more of the signatures from the database of signatures.
- View Dependent Claims (18)
- - 18. The system for diminishing false positive classifications of unsolicited electronic-mail as recited in claim 17, wherein the set of message classifiers comprises at least one rule-based heuristic, at least one content filter used to identify non-essential and decoy information, and user-generated feedback.

19. A non-transitory computer-readable storage medium having embodied thereon at least one program, the at least one program being executable by a computer to perform a method for diminishing false positive message classification of unsolicited electronic-mail, the method comprising:
- maintaining a database of signatures, each of the signatures associated with unsolicited electronic-mail to be excluded from an end-user mail client and based on at least a set of message classifiers used to identify distinguishing properties, at least a portion of the signatures generated based on one of the distinguishing properties using a transformation method;
  
  applying a set of message classifiers to an electronic-mail message intercepted prior to receipt of the electronic-mail message by an electronic-mail server, the set of message classifiers comprising;
  
  at least one rule-based heuristic,at least one content filter used to identify non-essential and decoy information, anduser-generated feedback;
  
  generating one or more signatures using the transformation method, wherein the one or more signatures are indicative of unsolicited electronic-mail based on at least the set of message classifiers applied to the electronic-mail message; and
  
  applying the one or more signatures to subsequent incoming electronic-mail messages, wherein unsolicited electronic-mail may be identified and false positive identifications of normal electronic-mail messages are reduced.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
SonicWALL, Inc. (SonicWall Holdings Ltd.)
Inventors
Wilson, Brian K., Koblas, David A., Penzias, Arno A.
Primary Examiner(s)
NGUYEN, THU HA T

Application Number

US11/455,037
Publication Number

US 20060235934A1
Time in Patent Office

2,286 Days
Field of Search

709/203, 709204-207, 713/151, 379/93.01, 715/760
US Class Current

709/207
CPC Class Codes

G06F 16/245   Query processing

G06F 16/285   Clustering or classification

G06F 16/9535   Search customisation based ...

H04L 51/00   User-to-user messaging in p...

H04L 51/212   using filtering or selectiv...

Diminishing false positive classifications of unsolicited electronic-mail

First Claim

23 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Diminishing false positive classifications of unsolicited electronic-mail

First Claim

23 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links