Methods, systems, and computer program products for mitigating email address harvest attacks by positively acknowledging email to invalid email addresses
First Claim
Patent Images
1. A method of detecting and responding to an email address harvest attack at an Internet service provider email system, comprising:
- counting a number of failed email address look-ups during a single simple mail transfer protocol session associated with an originating Internet protocol address;
responding to the originating Internet protocol address with a positive acknowledgement that an otherwise invalid email address exists when the count of the number of failed email address look-ups exceeds a threshold;
creating a fake email inbox for each otherwise invalid email address responded to with the positive acknowledgement, each fake email inbox having a spam folder associated therewith; and
processing email addressed to each fake email inbox using a spam filter.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of detecting and responding to an email address harvest attack at an Internet Service Provider (ISP) email system includes counting a number of failed email address look-ups during a single Simple Mail Transfer Protocol (SMTP) session associated with an originating Internet Protocol (IP) address and responding to the originating IP address with a positive acknowledgement that an otherwise invalid email address exists when the count of the number of failed email address look-ups exceeds a threshold.
-
Citations
17 Claims
-
1. A method of detecting and responding to an email address harvest attack at an Internet service provider email system, comprising:
-
counting a number of failed email address look-ups during a single simple mail transfer protocol session associated with an originating Internet protocol address; responding to the originating Internet protocol address with a positive acknowledgement that an otherwise invalid email address exists when the count of the number of failed email address look-ups exceeds a threshold; creating a fake email inbox for each otherwise invalid email address responded to with the positive acknowledgement, each fake email inbox having a spam folder associated therewith; and processing email addressed to each fake email inbox using a spam filter. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An Internet service provider email system for detecting and responding to an email address harvest attack, comprising:
-
a processor; and a memory coupled to the processor and comprising computer readable program code that when executed by the processor causes the processor to perform operations comprising; counting a number of failed email address look-ups during a single simple mail transfer protocol session associated with an originating Internet protocol address; responding to the originating Internet protocol address with a positive acknowledgement that an otherwise invalid email address exists when the count of the number of failed email address look-ups exceeds a threshold; creating a fake email inbox for each otherwise invalid email address responded to with the positive acknowledgement, each fake email inbox having a spam folder associated therewith; and processing email addressed to each fake email inbox using a spam filter. - View Dependent Claims (11, 12, 13)
-
-
14. A computer program product for detecting and responding to an email address harvest attack, comprising:
-
a non-transitory computer readable storage medium having computer readable program code embodied in the computer readable storage medium that when executed by a processor causes a processor to perform operations comprising; counting a number of failed email address look-ups during a single simple mail transfer protocol session associated with an originating Internet protocol address; responding to the originating Internet protocol address with a positive acknowledgement that an otherwise invalid email address exists when the count of the number of failed email address look-ups exceeds a threshold; creating a fake email inbox for each otherwise invalid email address responded to with the positive acknowledgement, each fake email inbox having a spam folder associated therewith; and processing email addressed to each fake email inbox using a spam filter. - View Dependent Claims (15, 16, 17)
-
Specification