Bounce management in a trusted communication network

US 8,738,708 B2
Filed: 09/29/2006
Issued: 05/27/2014
Est. Priority Date: 12/21/2004
Status: Active Grant

First Claim

Patent Images

1. A private network processing hub that receives and processes messages submitted by a plurality of independent member networks and handles bounced messages intended for said plurality of independent member networks, said private network processing hub and said independent member networks combining to form a private network, said private network processing hub comprising:

a message transfer agent that receives an original message from a member network of said plurality of independent member networks, said original message being sent from an original sender to a recipient, said message transfer agent further creating a tracking identifier indicating that said original message was routed through said private network processing hub, and inserting said tracking identifier into said original message prior to sending said original message to said recipient; and

a bounce management module that receives a second message and determines that said second message is a bounced message, said bounce management module further determining that said bounced message was generated in response to said original message by examining said bounced message to ascertain if said bounced message includes said tracking identifier, if said bounced message includes said tracking identifier then said bounced message is an authenticated bounced message and is delivered to said member network, if said bounced message does not include said tracking identifier then said bounced message is considered a malicious message and is rejected by said private network processing hub and is not delivered to said member network, wherein the tracking identifier is inserted into the original message by rewriting a MAIL FROM field in the original message, wherein the MAIL FROM field is rewritten by replacing a domain name in the MAIL FROM field with a Variable Envelope Return Path (VERP) address that includes the tracking identifier, and wherein the VERP address is used to filter incoming messages, wherein the bounce management module is further configured to determine an action to take responsive to receiving the authenticated bounced message, wherein the action is specified in a policy associated with the member network of the original sender.

View all claims

15 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment of a method handles bounced messages in a private network processing hub that is configured to handle messages submitted by a plurality of member networks that are registered with the private network processing hub, and wherein the private network processing hub and the plurality of member networks form a private network. The method may include receiving a first message from a member network or from an unregistered network within the private network processing hub, and determining whether the first message is a bounced message generated in response to an original message sent by the private network processing hub by searching the first message for a tracking identifier that was generated by the private network processing hub and inserted into the original message. The determining operation may include searching for the tracking identifier among a plurality of stored tracking identifiers. A system is described that carries out the method.

174 Citations

18 Claims

1. A private network processing hub that receives and processes messages submitted by a plurality of independent member networks and handles bounced messages intended for said plurality of independent member networks, said private network processing hub and said independent member networks combining to form a private network, said private network processing hub comprising:
- a message transfer agent that receives an original message from a member network of said plurality of independent member networks, said original message being sent from an original sender to a recipient, said message transfer agent further creating a tracking identifier indicating that said original message was routed through said private network processing hub, and inserting said tracking identifier into said original message prior to sending said original message to said recipient; and
  
  a bounce management module that receives a second message and determines that said second message is a bounced message, said bounce management module further determining that said bounced message was generated in response to said original message by examining said bounced message to ascertain if said bounced message includes said tracking identifier, if said bounced message includes said tracking identifier then said bounced message is an authenticated bounced message and is delivered to said member network, if said bounced message does not include said tracking identifier then said bounced message is considered a malicious message and is rejected by said private network processing hub and is not delivered to said member network, wherein the tracking identifier is inserted into the original message by rewriting a MAIL FROM field in the original message, wherein the MAIL FROM field is rewritten by replacing a domain name in the MAIL FROM field with a Variable Envelope Return Path (VERP) address that includes the tracking identifier, and wherein the VERP address is used to filter incoming messages, wherein the bounce management module is further configured to determine an action to take responsive to receiving the authenticated bounced message, wherein the action is specified in a policy associated with the member network of the original sender.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 10, 11, 12)
- - 2. The private network processing hub as recited in claim 1, wherein said tracking identifier comprises a hash pointer based on one or more parts of said original message.
  - 3. The private network processing hub as recited in claim 1, wherein said bounce management module verifies that said second message is an authenticated bounced message generated in response to said original message by auditing a database of tracking identifiers.
  - 4. The private network processing hub as recited in claim 1, wherein said action to be taken is selected from a group consisting of:
    - send said bounced message back to said original sender;
      
      submit said bounced message to one or more specified administrative addresses in said member network;
      
      delete said bounced message; and
      
      store said bounced message for later retrieval.
  - 5. The private network processing hub as recited in claim 1, wherein said bounce management module further filters said authenticated bounced message to obtain data indicative of a reason for bouncing.
  - 6. The private network processing hub as recited in claim 5, wherein said bounce management module further generates a report indicating said reason for said bounced message.
  - 7. The private network processing hub as recited in claim 6, wherein said bounce management module further aggregates a plurality of reports related to all bounced messages received in a specified period.
  - 10. The method as recited in claim 7, further comprising said private network processing hub utilizing content of said bounced message to determine a reputation metric related to a source of said bounced message.
  - 11. The method as recited in claim 10, wherein said reputation metric is a measure of said source'"'"'s reputation for generating spam.
  - 12. The method as recited in claim 11, further comprising said private network processing hub using content of said bounced message to derive a spam signature.

8. A method for handling bounced messages using a private network processing hub, said private network processing hub receiving and processing messages submitted by a plurality of member network that are registered with said private network processing hub, said private network processing hub and said plurality of member networks combining to form a private network, said method comprising:
- receiving an original message from a member network of said plurality of member networks at said private network processing hub, said original message being sent from an original sender to a recipient;
  
  generating a tracking identifier by said private network processing hub that indicates that said original message was routed through said private network processing hub;
  
  inserting said tracking identifier into said original message by said private network processing hub prior to sending said original message to said recipient;
  
  receiving a second message at said private network processing hub from one of said member networks of said plurality of member networks or from an unregistered network;
  
  determining by said private network processing hub that said second message is a bounced message;
  
  examining said bounced message by said private network processing hub to ascertain if said bounced message includes said tracking identifier;
  
  determining by said private network processing hub whether said bounced message is an authenticated bounced message or a malicious message such that said bounced message is an authenticated bounced message that was generated in response to said original message if said bounced message includes said tracking identifier and said bounced message is considered a malicious message if said bounced message does not include said tracking identifier then said bounced message;
  
  delivering from said private network processing hub to said member network said authenticated bounced message if said bounced message is determined to be said authenticated bounced message;
  
  rejecting said malicious message by said private network processing hub and not delivering said malicious message from said private network hub to said member network if said bounced message is determined to be said malicious message, wherein the tracking identifier is inserted into the original message by rewriting a MAIL FROM field in the original message, wherein the MAIL FROM field is rewritten by replacing a domain name in the MAIL FROM field with a Variable Envelope Return Path (VERP) address that includes the tracking identifier, and wherein the VERP address is used to filter incoming messages; and
  
  determining an action to take responsive to the authenticated bounced message, wherein the action is specified in a policy associated with the member network of the original sender.
- View Dependent Claims (9, 13, 14, 15, 16)
- - 9. The method as recited in claim 8, wherein determining by said private network processing hub whether said bounced message is an authenticated bounced message or a malicious message further comprises searching by said private network processing hub for said tracking identifier in a memory containing a plurality of tracking identifiers.
  - 13. The method as recited in claim 8, further comprising determining by said private network processing hub a disposition for said bounced message if said tracking identifier is found.
  - 14. The method as recited in claim 8, wherein said action is selected from a group consisting of:
    - send said bounced message to said original sender;
      
      send said bounced message to a specified administrator address in said member network;
      
      delete said bounced message; and
      
      store said bounced message for later analysis.
  - 15. The method as recited in claim 13 further comprising said private network processing hub filtering said bounced message to obtain information indicative of a reason that said bounced message was generated.
  - 16. The method as recited in claim 13, further comprising said private network processing hub filtering said bounced message to obtain information indicative of a reason that said bounced message was generated.

17. A non-transitory machine-readable storage medium that stores instructions for a private network processing hub to perform processes to handle bounced messages, said private network processing hub receiving and processing messages submitted by a plurality of member networks that are registered with said private network processing hub, said private network processing hub and said plurality of member networks combining to form a private network, said processes comprising:
- receiving an original message from a member network of said plurality of member networks at said private network processing hub, said original message being sent from an original sender to a recipient;
  
  generating a tracking identifier that indicates that said original message was routed through said private network processing hub;
  
  inserting said tracking identifier into said original message prior to sending said original message to said recipient;
  
  receiving a second message at said private network processing hub from one of said member networks of said plurality of member networks or from an unregistered network;
  
  determining that said second message is a bounced message;
  
  examining said bounced message to ascertain if said bounced message includes said tracking identifier;
  
  determining whether said bounced message is an authenticated bounced message or a malicious message such that said bounced message is an authenticated bounced message that was generated in response to said original message if said bounced message includes said tracking identifier and said bounced message is considered a malicious message if said bounced message does not include said tracking identifier then said bounced message;
  
  delivering from said private network processing hub to said member network said authenticated bounced message if said bounced message is determined to be said authenticated bounced message;
  
  rejecting said malicious message and not delivering said malicious message from said private network hub to said member network if said bounced message is determined to be said malicious message, wherein the tracking identifier is inserted into the original message by rewriting a MAIL FROM field in the original message, wherein the MAIL FROM field is rewritten by replacing a domain name in the MAIL FROM field with a Variable Envelope Return Path (VERP) address that includes the tracking identifier, and wherein the VERP address is used to filter incoming messages; and
  
  determining an action to take responsive to the authenticated bounced message, wherein the action is specified in a policy associated with the member network of the original sender.
- View Dependent Claims (18)
- - 18. The non-transitory machine-readable storage medium as recited in claim 17, wherein said process of determining whether said bounced message is an authenticated bounced message or a malicious message further comprises searching for said tracking identifier in a memory containing a plurality of tracking identifiers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Chasin, C. Scott
Primary Examiner(s)
Chan, Wing F
Assistant Examiner(s)
YI, DAVID

Application Number

US11/537,432
Publication Number

US 20070244974A1
Time in Patent Office

2,797 Days
Field of Search

709/206
US Class Current

709/206
CPC Class Codes

G06Q 10/107   Computer-aided management o...

H04L 2463/146   Tracing the source of attacks

H04L 51/212   using filtering or selectiv...

H04L 51/234   for tracking messages

H04L 63/0236   Filtering by address, proto...

H04L 63/0245   Filtering by information in...

Bounce management in a trusted communication network

First Claim

15 Assignments

0 Petitions

Accused Products

Abstract

174 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Bounce management in a trusted communication network

First Claim

15 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

174 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links