Methods, systems, and computer program products for mitigating email address harvest attacks by positively acknowledging email to invalid email addresses
First Claim
Patent Images
1. A method of detecting and responding to an email address harvest attack at an Internet service provider email system, comprising:
- counting a number of failed email address look-ups during a single simple mail transfer protocol session associated with an originating Internet protocol address;
responding to the originating Internet protocol address with a positive acknowledgement that an otherwise invalid email address exists when the count of the number of failed email address look-ups exceeds a threshold;
creating a fake email inbox for each otherwise invalid email address responded to with the positive acknowledgement, each fake email inbox having a spam folder associated therewith; and
processing email addressed to each fake email inbox using a spam filter;
wherein responding to the originating Internet protocol address with the positive acknowledgement comprises;
responding to the originating Internet protocol address with the positive acknowledgement that the otherwise invalid email address exists at a response percentage rate for subsequent failed email address look-ups responsive to the number of failed email address lookups exceeding the threshold.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of detecting and responding to an email address harvest attack at an Internet Service Provider (ISP) email system includes counting a number of failed email address look-ups during a single Simple Mail Transfer Protocol (SMTP) session associated with an originating Internet Protocol (IP) address and responding to the originating IP address with a positive acknowledgement that an otherwise invalid email address exists when the count of the number of failed email address look-ups exceeds a threshold.
-
Citations
15 Claims
-
1. A method of detecting and responding to an email address harvest attack at an Internet service provider email system, comprising:
-
counting a number of failed email address look-ups during a single simple mail transfer protocol session associated with an originating Internet protocol address; responding to the originating Internet protocol address with a positive acknowledgement that an otherwise invalid email address exists when the count of the number of failed email address look-ups exceeds a threshold; creating a fake email inbox for each otherwise invalid email address responded to with the positive acknowledgement, each fake email inbox having a spam folder associated therewith; and processing email addressed to each fake email inbox using a spam filter; wherein responding to the originating Internet protocol address with the positive acknowledgement comprises; responding to the originating Internet protocol address with the positive acknowledgement that the otherwise invalid email address exists at a response percentage rate for subsequent failed email address look-ups responsive to the number of failed email address lookups exceeding the threshold. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An Internet service provider email system for detecting and responding to an email address harvest attack, comprising:
a data processing system to count a number of failed email address look-ups during a single simple mail transfer protocol session associated with an originating Internet protocol address, to respond to the originating Internet protocol address with a positive acknowledgement that an otherwise invalid email address exists when the count of the number of failed email address look-ups exceeds a threshold, to respond to the originating Internet protocol address with the positive acknowledgement that the otherwise invalid email address exists at a response percentage rate for subsequent failed email address look-ups responsive to the number of failed email address lookups exceeding the threshold, to create a fake email inbox for each otherwise invalid email address responded to with the positive acknowledgement, each fake email inbox having a spam folder associated therewith, to process email addressed to each fake email inbox using a spam filter, to store email addressed to each fake email inbox in the fake email inbox when the email is not determined to be spam by the spam filter, and to store email addressed to each fake email inbox in the respective spam folder associated therewith that is determined to be spam by the spam folder. - View Dependent Claims (10, 11)
-
12. A computer program product for detecting and responding to an email address harvest attack, comprising:
-
a non-transitory computer readable storage medium having computer readable program code embodied therein, the computer readable program code comprising; computer readable program code to count a number of failed email address look-ups during a single simple mail transfer protocol session associated with an originating Internet protocol address; computer readable program code to respond to the originating Internet protocol address with a positive acknowledgement that an otherwise invalid email address exists when the count of the number of failed email address look-ups exceeds a threshold; computer readable program code to create a fake email inbox for each otherwise invalid email address responded to with the positive acknowledgement, each fake email inbox having a spam folder associated therewith; computer readable program code to process email addressed to each fake email inbox using a spam filter; computer readable program code to store email addressed to each fake email inbox in the fake email inbox when the email is not determined to be spam by the spam filter; and computer readable program code to store email addressed to each fake email inbox in the respective spam folder associated therewith that is determined to be spam by the spam folder. - View Dependent Claims (13, 14, 15)
-
Specification