DETECTION OF SUSPICIOUS TRAFFIC PATTERNS IN ELECTRONIC COMMUNICATIONS
First Claim
1. A method comprisingreceiving an electronic mail (email) message by a mail filter (milter);
- evaluating, by the milter, a traffic pattern represented by the email message by scanning information associated with all or a portion of the email message and comparing all or a portion of the scanned information to information associated with one or more traffic analysis profiles;
if the milter identifies the email message as being inconsistent with normal email traffic patterns as represented by the one or more traffic analysis profiles, then the milter causing the email message to be handled in accordance with an email security policy associated with suspicious traffic patterns; and
wherein the milter is implemented in one or more processors and one or more computer-readable storage media of one or more computer systems, the one or more computer-readable storage media having instructions tangibly embodied therein representing the milter that are executable by the one or more processors.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for detecting suspicious traffic patterns in electronic communications are provided. According to one embodiment, an electronic mail (email) message is received by a mail filter (milter), which evaluates a traffic pattern represented by the email message by scanning information associated with the email message and comparing it to information associated with one or more traffic analysis profiles. If the email message is identified by the milter as being inconsistent with normal email traffic patterns as represented by the one or more traffic analysis profiles, then the milter causes the email message to be handled in accordance with an email security policy associated with suspicious traffic patterns. For example, in the context of an outbound message, the originator may be alerted to a factor contributing to the identification and the originator may be provided with an opportunity to address the factor.
150 Citations
17 Claims
-
1. A method comprising
receiving an electronic mail (email) message by a mail filter (milter); -
evaluating, by the milter, a traffic pattern represented by the email message by scanning information associated with all or a portion of the email message and comparing all or a portion of the scanned information to information associated with one or more traffic analysis profiles; if the milter identifies the email message as being inconsistent with normal email traffic patterns as represented by the one or more traffic analysis profiles, then the milter causing the email message to be handled in accordance with an email security policy associated with suspicious traffic patterns; and wherein the milter is implemented in one or more processors and one or more computer-readable storage media of one or more computer systems, the one or more computer-readable storage media having instructions tangibly embodied therein representing the milter that are executable by the one or more processors. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A program storage device readable by an electronic mail (email) processing computer system, tangibly embodying a program of instructions executable by the email processing computer system to perform method steps for evaluating email messages, said method steps comprising:
-
receiving an email message; evaluating a traffic pattern represented by the email message by scanning information associated with all or a portion of the email message and comparing all or a portion of the scanned information to information associated with one or more traffic analysis profiles; if the email message is identified as being inconsistent with normal email traffic patterns as represented by the one or more traffic analysis profiles, then causing the email message to be handled in accordance with an email security policy associated with suspicious traffic patterns. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification