Stopping and remediating outbound messaging abuse
First Claim
1. A method comprising:
- extracting behavior data from outbound messages originated from a subscriber account, wherein the behavior data includes attributes that are indicative of misuse of the subscriber account;
building a profile for the subscriber account based on the behavior data, the profile Including long-term outbound message flow data associated with the subscriber account;
tracking said behavior data; and
detecting a behavior-based anomaly for the outbound messages by comparing recent outbound messages originated from the subscriber account to the long-term outbound message flow data of the profile of the subscriber account to detect changes in the recent outbound messages in comparison to the profile of the subscriber account.
11 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are provided for allowing subscriber message sending profiles to be maintained and used in conjunction with behavior-based anomaly detection techniques and traditional content-based spam signature filtering to enable application of appropriate message disposition policies to outbound subscriber message traffic. According to one embodiment, subscriber profiles are constructed for multiple subscriber accounts associated with a service provider based on outbound message flow originated from the subscriber accounts. Then, possible subscriber account misuse may be discovered by performing behavior-based anomaly detection, including a comparison of a subscriber profile associated with the subscriber account with recent subscriber account usage information, to identify one or more behavioral anomalies in outbound message flow originated from a subscriber account, the behavior-based anomaly detection.
158 Citations
24 Claims
-
1. A method comprising:
-
extracting behavior data from outbound messages originated from a subscriber account, wherein the behavior data includes attributes that are indicative of misuse of the subscriber account; building a profile for the subscriber account based on the behavior data, the profile Including long-term outbound message flow data associated with the subscriber account; tracking said behavior data; and detecting a behavior-based anomaly for the outbound messages by comparing recent outbound messages originated from the subscriber account to the long-term outbound message flow data of the profile of the subscriber account to detect changes in the recent outbound messages in comparison to the profile of the subscriber account. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A sender reputation gateway system, comprising:
-
a service and response system that services and responds to requests from at least one subscriber account; a behavior data extraction system that extracts behavior data of said at least one subscriber account from outbound messages originated from the subscriber account, the behavior data including attributes of the subscriber account that are indicative of misuse of the subscriber account; a profile builder system that builds a profile for the subscriber account based on the behavior data extracted from the outbound messages, the subscriber profile including long-term outbound messages flow data associated with subscriber account; a tracking system that tracks the behavior data; and an anomaly detection system that detects behavior-based anomalies for the outbound messages by comparing recent outbound messages originated from the subscriber account to the long-term outbound message flow data of the profile of the subscriber account to detect changes in the recent outbound messages in comparison to the profile of the subscriber account. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. Logic encoded in one or more tangible media that includes code for execution and when executed by one or more processors is operable to perform operations comprising:
-
extracting behavior data from outbound messages originated from a subscriber account, wherein the behavior data includes attributes that are indicative of misuse of the subscriber account; building a profile for the subscriber account based on the behavior data, the subscriber profile including long-term outbound message flow data associated with the subscriber account; tracking said behavior data; and detecting a behavior-based anomaly for the outbound messages by comparing recent outbound messages originated from the subscriber account to the long-term outbound message flow data of the profile of the subscriber account to detect changes in the recent outbound messages in comparison to the profile of the subscriber account. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification