E-mail authentication

US 8,364,773 B2
Filed: 02/27/2012
Issued: 01/29/2013
Est. Priority Date: 05/07/2007
Status: Active Grant

First Claim

Patent Images

1. A method for processing an incoming e-mail, the method comprising:

receiving, by at least one computer, an e-mail directed to an intended recipient'"'"'s e-mail address;

identifying, by the at least one computer, a sender of the e-mail based on a first identifier included in the e-mail;

identifying, by the at least one computer, an address provider from which the sender obtained the intended recipient'"'"'s e-mail address, based on a second identifier included in the e-mail, the address provider being distinct from the sender and from the intended recipient;

determining, by querying an authentication resource using the at least one computer, whether the sender is authorized by the address provider to use the intended recipient'"'"'s e-mail address for sending e-mail to the intended recipient;

selecting, by the at least one computer, one of permitting delivery of the e-mail to the intended recipient or preventing normal delivery of the e-mail to the intended recipient, based on the determining.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for determining whether an e-mail originates from a sender authorized by an address provider to send the e-mail to an intended recipient'"'"'s e-mail address. The e-mail identifies an address provider from which the intended recipient'"'"'s e-mail address was obtained. The e-mail is delivered to the intended recipient only upon verification that the sender is authorized by the address provider to obtain the intended recipient'"'"'s e-mail address. The system and method may also provide for determining whether an e-mail originates from a forged source. A server receives data relating to an e-mail, including a purported sender and a verification host. The server queries the verification host with information pertaining to the e-mail and requests confirmation that the e-mail originates from the purported sender. The e-mail is determined to originate from a forged source unless the verification host responds that the e-mail originates from the purported sender.

Citations

20 Claims

1. A method for processing an incoming e-mail, the method comprising:
- receiving, by at least one computer, an e-mail directed to an intended recipient'"'"'s e-mail address;
  
  identifying, by the at least one computer, a sender of the e-mail based on a first identifier included in the e-mail;
  
  identifying, by the at least one computer, an address provider from which the sender obtained the intended recipient'"'"'s e-mail address, based on a second identifier included in the e-mail, the address provider being distinct from the sender and from the intended recipient;
  
  determining, by querying an authentication resource using the at least one computer, whether the sender is authorized by the address provider to use the intended recipient'"'"'s e-mail address for sending e-mail to the intended recipient;
  
  selecting, by the at least one computer, one of permitting delivery of the e-mail to the intended recipient or preventing normal delivery of the e-mail to the intended recipient, based on the determining.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising identifying the authentication resource based on information included in the e-mail.
  - 3. The method of claim 1, further comprising selecting the authentication resource based on the second identifier.
  - 4. The method of claim 1, further comprising obtaining a network address for the authentication resource by querying the address provider.
  - 5. The method of claim 1, wherein querying the authentication resource further comprises accessing a database comprising a first list of client e-mail addresses associated with the address provider or a second list of approved senders associated with the address provider.
  - 6. The method of claim 1, wherein preventing normal delivery of the e-mail to the intended recipient further comprises an action selected from the group consisting of:
    - discarding the e-mail, marking the e-mail as spam, and segregating the e-mail with spam.
  - 7. The method of claim 1, further comprising requesting confirmation that the e-mail originates from the sender identified in the e-mail prior to delivering the e-mail to the intended recipient.
  - 8. The method of claim 7, wherein requesting confirmation that the e-mail originates from the sender identified in the e-mail further comprises providing a hash value for the e-mail and requesting that the sender confirm sending the e-mail based on the hash value.
  - 9. The method of claim 7, further comprising preventing normal delivery of the e-mail to the intended recipient in response to failing to confirm that the e-mail originates from the sender identified in the e-mail.
  - 10. The method of claim 7, further comprising permitting delivery of the e-mail to the intended recipient based on determining that the sender is authorized by the address provider to use the intended recipient'"'"'s e-mail address for sending e-mail to the intended recipient and on confirming that the e-mail originates from the sender identified in the e-mail.

11. An apparatus for processing an incoming e-mail, comprising a processor coupled to a memory, the memory holding program instructions, that when executed by the processor, cause the apparatus to perform the operations of:
- receiving an e-mail directed to an intended recipient'"'"'s e-mail address;
  
  identifying a sender of the e-mail based on a first identifier included in the e-mail;
  
  identifying an address provider from which the sender obtained the intended recipient'"'"'s e-mail address, based on a second identifier included in the e-mail, the address provider being distinct from the sender and from the intended recipient;
  
  determining, by querying an authentication resource, whether the sender is authorized by the address provider to use the intended recipient'"'"'s e-mail address for sending e-mail to the intended recipient;
  
  selecting one of delivering the e-mail to the intended recipient or preventing normal delivery of the e-mail to the intended recipient, based on the determining.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The apparatus of claim 11, wherein the memory holds further program instructions for identifying the authentication resource based on information included in the e-mail.
  - 13. The apparatus of claim 11, wherein the memory holds further program instructions for selecting the authentication resource based on the second identifier.
  - 14. The apparatus of claim 11, wherein the memory holds further program instructions for obtaining a network address for the authentication resource by querying the address provider.
  - 15. The apparatus of claim 11, wherein the memory holds further program instructions for querying the authentication resource by accessing a database comprising a first list of client e-mail addresses associated with the address provider or a second list of approved senders associated with the address provider.
  - 16. The apparatus of claim 11, wherein the memory holds further program instructions for preventing normal delivery of the e-mail to the intended recipient by an action selected from the group consisting of:
    - discarding the e-mail, marking the e-mail as spam, and segregating the e-mail with spam.
  - 17. The apparatus of claim 11, wherein the memory holds further program instructions for requesting confirmation that the e-mail originates from the sender identified in the e-mail prior to delivering the e-mail to the intended recipient.
  - 18. The apparatus of claim 17, wherein the memory holds further program instructions for confirmation that the e-mail originates from the sender identified in the e-mail by providing a hash value for the e-mail and requesting that the sender confirm sending the e-mail based on the hash value.
  - 19. The apparatus of claim 17, wherein the memory holds further program instructions for preventing normal delivery of the e-mail to the intended recipient in response to failing to confirm that the e-mail originates from the sender identified in the e-mail.
  - 20. The apparatus of claim 17, wherein the memory holds further program instructions for delivering the e-mail to the intended recipient based on determining that the sender is authorized by the address provider to use the intended recipient'"'"'s e-mail address for sending e-mail to the intended recipient and on confirming that the e-mail originates from the sender identified in the e-mail.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gary S. Shuster
Original Assignee
Gary S. Shuster
Inventors
Shuster, Gary Stephen
Primary Examiner(s)
Nguyen, Thu
Assistant Examiner(s)
UTREJA, NEERAJ K

Application Number

US13/405,696
Publication Number

US 20120158877A1
Time in Patent Office

337 Days
Field of Search

709/206
US Class Current

709/206
CPC Class Codes

H04L 51/212 using filtering or selectiv...

E-mail authentication

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

E-mail authentication

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links