Processing a message based on a boundary IP address and decay variable
First Claim
Patent Images
1. A non-transitory computer-readable storage medium having embodied thereon a program, the program being executable by a computer to perform a method of processing an electronic mail message based on a determined boundary IP address and decaying classification variable, the method comprising:
- processing the header of an electronic-mail message to extract a plurality of candidate IP addresses and corresponding domains;
storing each extracted domain and IP address in an array;
locating a gateway IP address from the extracted candidate IP addresses stored in the array;
selecting the boundary IP address based on a pattern identified in a series of previously received electronic-mail messages;
looking up the boundary IP address and corresponding domain in a reputation table, wherein the corresponding domain is from a different hop along a path of the electronic-mail message than the boundary IP address and the presence of the boundary IP address and corresponding domain in the reputation table is included in a classification of the electronic mail-message, the reputation table including a decaying classification variable that reduces the effect of an older classification;
classifying the electronic-mail message andprocessing the electronic-mail message in accordance with the classification of the electronic-mail message.
23 Assignments
0 Petitions
Accused Products
Abstract
A technique for determining a boundary IP address is disclosed. The technique includes processing a header to extract candidate IP address, locating a gateway IP address, and selecting the boundary IP address based on the location of the gateway IP address.
39 Citations
19 Claims
-
1. A non-transitory computer-readable storage medium having embodied thereon a program, the program being executable by a computer to perform a method of processing an electronic mail message based on a determined boundary IP address and decaying classification variable, the method comprising:
-
processing the header of an electronic-mail message to extract a plurality of candidate IP addresses and corresponding domains; storing each extracted domain and IP address in an array; locating a gateway IP address from the extracted candidate IP addresses stored in the array; selecting the boundary IP address based on a pattern identified in a series of previously received electronic-mail messages; looking up the boundary IP address and corresponding domain in a reputation table, wherein the corresponding domain is from a different hop along a path of the electronic-mail message than the boundary IP address and the presence of the boundary IP address and corresponding domain in the reputation table is included in a classification of the electronic mail-message, the reputation table including a decaying classification variable that reduces the effect of an older classification; classifying the electronic-mail message and processing the electronic-mail message in accordance with the classification of the electronic-mail message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification