Real-time spam look-up system
First Claim
Patent Images
1. A method of managing unsolicited email sent to an email system over a public network, the system including a plurality of inbound mail servers, comprising:
- (a) receiving an email message at an inbound mail transfer agent and before issuing a message accepted message to a sender of the email message,initiating a plurality of concurrent queries to publicly accessible hosts on the public network for additional public information on a plurality of different characteristics of the message, each query returning public network infrastructure information on one or more of said plurality of characteristics based on public network infrastructure information available regarding the characteristics responsive to the queries; and
determining whether the message is unsolicited bulk email based on public network infrastructure information received in the response to said plurality of queries by determining, for each of the plurality of queries when a reply to said each of the plurality of queries is received, determining if another concurrent query has returned results prior to each said query and if so whether said returned results are dispositive of whether the message is unsolicited bulk email, and if not, waiting for results from said each of the plurality of queries;
(b) after said determining, if the message is not unsolicited bulk email, issuing the message accepted message to the sender and if not, withholding the message accepted message.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method of managing unsolicited email sent to an email system over a network. Email messages are received at an message at an inbound mail transfer agent. A determination is made as to whether the email message is suspected to be an unsolicited suspect message. One or more queries for additional information on one or more characteristics of the message is initiated. Determinations are made based on replies to the queries before issuing a message accepted for delivery indication to a sending server.
-
Citations
19 Claims
-
1. A method of managing unsolicited email sent to an email system over a public network, the system including a plurality of inbound mail servers, comprising:
-
(a) receiving an email message at an inbound mail transfer agent and before issuing a message accepted message to a sender of the email message, initiating a plurality of concurrent queries to publicly accessible hosts on the public network for additional public information on a plurality of different characteristics of the message, each query returning public network infrastructure information on one or more of said plurality of characteristics based on public network infrastructure information available regarding the characteristics responsive to the queries; and determining whether the message is unsolicited bulk email based on public network infrastructure information received in the response to said plurality of queries by determining, for each of the plurality of queries when a reply to said each of the plurality of queries is received, determining if another concurrent query has returned results prior to each said query and if so whether said returned results are dispositive of whether the message is unsolicited bulk email, and if not, waiting for results from said each of the plurality of queries; (b) after said determining, if the message is not unsolicited bulk email, issuing the message accepted message to the sender and if not, withholding the message accepted message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for determining whether to issue a mail accepted for delivery message for an email message received over a public network, comprising:
-
accepting the email message for delivery and prior to issuing a message accepted for delivery message to a sender, determining whether the email message has spam characteristic; for each message having a spam characteristic, issuing a plurality of parallel queries on one or more different characteristics of the message to public hosts on the public network to determine public network infrastructure information regarding the characteristic, and determining whether the message shares network infrastructure characteristics with messages previously determined to be spam using public infrastructure information returned in response to at least one of the plurality of parallel queries; receiving a reply including public infrastructure information to a subset of less than all of the plurality of parallel queries; determining if the reply received is sufficient to determine whether the message is or is not spam; determining whether the email message is or is not spam by evaluating the reply such that if the reply received is sufficient to determine whether the message is or is not spam, determining, based on said reply, whether the message is or is not spam, and ignoring other replies and if not waiting for one or more additional replies and determining whether or not the message is or is not spam based on the additional replies subsequent to said determining issuing a message accepted for delivery message to the sender if the message is not spam and disposing of the message without issuing a message accepted for delivery message if the message is spam. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A messaging system comprising a processing device coupled to a public network and receiving messages from the public network, the processing device including code providing instructions to the processing device to implement the steps of;
-
providing a message transfer agent managing connections to the messaging system, the message transfer agent receiving an email message; providing an inbound email parsing agent including a mail component extraction module; providing a suspect email determination module including which includes code performing the steps of; accepting the email message and prior to issuing a mail accepted message to a sender of the email message, determining whether an email message has spam characteristic, and for each email message having a spam characteristic, issuing a plurality of parallel queries on the email message to public hosts having public infrastructure information, each query seeking public infrastructure information on a different characteristic of the message to determine public network infrastructure information regarding each queried characteristic; receiving a reply to one or more of the plurality of queries, the reply including public infrastructure information; determining from the public infrastructure information received in reply to one or more queries whether the message shares characteristics with messages previously determined to be spam or not spam based on network infrastructure information shared by spam messages; determining if the reply received is sufficient to determine whether the message is or is not spam, and if the reply received is sufficient to determine whether the message is or is not spam, ignoring other replies and determining, based on said reply, whether the message is or is not spam, and if not waiting for one or more additional replies and determining whether or not the message is or is not spam based on the additional replies; and subsequent to said determining whether or not the message is or is not spam, issuing a message accepted for delivery message to the sender if the message is not spam and disposing of the message without issuing a message accepted for delivery message to said sender. - View Dependent Claims (19)
-
Specification