Method and Apparatus for Detecting Abusive Email Based on Number of Hops

US 20120016946A1
Filed: 09/23/2011
Published: 01/19/2012
Est. Priority Date: 04/12/2004
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

at a computer having one or more processors and memory for storing instructions and data;

determining the number of message transfer agents through which an email message has traveled; and

designating the email message as abusive if a predetermined set of conditions is satisfied, the predetermined set of conditions including that the number of message transfer agents through which the email message has traveled is less than a predetermined number of message transfer agents.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A classifier is implemented to determine the number of message transfer agents (MTAs) through which an email message has traveled. If the number of MTAs through which the email message has traveled is below a predetermined threshold and the email message is not otherwise authenticated, the classifier will designate the email message as abusive.

Citations

22 Claims

1. A computer-implemented method, comprising:
- at a computer having one or more processors and memory for storing instructions and data;
  
  determining the number of message transfer agents through which an email message has traveled; and
  
  designating the email message as abusive if a predetermined set of conditions is satisfied, the predetermined set of conditions including that the number of message transfer agents through which the email message has traveled is less than a predetermined number of message transfer agents.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method as recited in claim 1, wherein the predetermined set of conditions further includes that the email message has not otherwise been authenticated.
  - 3. The computer-implemented method as recited in claim 2, wherein said otherwise authenticated comprises authenticated by having a previous message authentication.
  - 4. The computer-implemented method as recited in claim 2, wherein said otherwise authenticated comprises authenticated by having a previous session authentication.
  - 5. The computer-implemented method as recited in claim 1, further comprising indicating in the email message the number of message transfer agents through which the email message has traveled.
  - 6. The computer-implemented method as recited in claim 1, wherein said determining comprises obtaining the number of predefined headers that the email message has, each said predefined header having been inserted by a message transfer agent as a result of the email message traveling through the message transfer agent.
  - 7. The computer-implemented method as recited in claim 6, wherein at least one of the predefined headers is inserted into the email message to record the event of the message transfer agent'"'"'s receiving of the email message.
  - 8. The computer-implemented method as recited in claim 1, further comprising:
    - using the number of message transfer agents through which the email has traveled and a plurality of other factors that each contribute a weighted score to calculate a final abuse score; and
      
      comparing the final abuse score with a predetermined threshold and designating said email message as abusive if the final abuse score has a specified relationship to the predetermined threshold.
  - 9. The computer-implemented method as recited in claim 1, further comprising:
    - marking the email message as possibly abusive for further consideration if the number of message transfer agents through which the email message has traveled is less than the predetermined number of message transfer agents.
  - 10. The computer-implemented method as recited in claim 9, wherein marking comprises adding a header to said email message indicating the number of message transfer agents through which the email message has traveled.

11. A computer-implemented method for detecting an abusive email message, the method comprising:
- at a computer having one or more processors and memory for storing instructions and data;
  
  examining an email message'"'"'s headers to determine if a predefined header is present, said predefined header having been inserted, if present, by a message transfer agent as a result of said email message traveling through the message transfer agent, wherein said message transfer agent is not a message transfer agent serving at the email message'"'"'s final destination; and
  
  if the predefined header is not present in the email message'"'"'s headers and the email message has no previous session or message authentication, designating the email message as abusive.
- View Dependent Claims (12)
- - 12. The computer-implemented method as recited in claim 11, wherein at least one of the predefined headers is inserted to record the event of the message transfer agent'"'"'s receiving of the email message.

13. A computer system for detecting abusive email messages, comprising:
- one or more processors; and
  
  memory for storing one or more computer programs therein, wherein the one or more computer programs, when executed by the one or more processors, cause the computer system to;
  
  determine the number of message transfer agents through which an email message has traveled; and
  
  designate the email message as abusive if a predetermined set of conditions is satisfied, the predetermined set of conditions including that the number of message transfer agents through which the email message has traveled is less than a predetermined number of message transfer agents.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. The computer system as recited in claim 13, wherein the predetermined set of conditions further includes that the email message has not otherwise been authenticated.
  - 15. The computer system as recited in claim 14, wherein said otherwise authenticated comprises authenticated by having a previous message authentication.
  - 16. The computer system as recited in claim 14, wherein said otherwise authenticated comprises authenticated by having a previous session authentication.
  - 17. The computer system as recited in claim 13, wherein the one or more computer programs further comprise instructions for indicating in the email message the number of message transfer agents through which the email message has traveled.
  - 18. The computer system as recited in claim 13, wherein said determining instruction further comprises instructions for obtaining the number of predefined headers that the email message has, each said predefined header having been inserted by a message transfer agent as a result of the email message traveling through the message transfer agent.
  - 19. The computer system as recited in claim 18, wherein at least one of the predefined headers is inserted into the email message to record the event of the message transfer agent'"'"'s receiving of the email message.
  - 20. The computer system as recited in claim 13, wherein the one or more computer programs further comprise instructions for:
    - using the number of message transfer agents through which the email has traveled and a plurality of other factors that each contribute a weighted score to calculate a final abuse score; and
      
      comparing the final abuse score with a predetermined threshold and designating said email message as abusive if the final abuse score has a specified relationship to the predetermined threshold.
  - 21. The computer system as recited in claim 13, wherein the one or more computer programs further comprise instructions for:
    - marking the email message as possibly abusive for further consideration if the number of message transfer agents through which the email message has traveled is less than the predetermined number of message transfer agents.
  - 22. The computer system as recited in claim 21, wherein said marking instruction further comprises instructions for adding a header to said email message indicating the number of message transfer agents through which the email message has traveled.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unwired Planet LLC (JP Morgan Chase & Co)
Original Assignee
Great Elm Capital Corp. (f/k/a Unwired Planet, Inc.) (JP Morgan Chase & Co)
Inventors
Granoff, Mark H., Brown, Bruce L. Jr., Silberman, Samuel G.

Granted Patent

US 8,239,474 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/206
CPC Class Codes

H04L 51/212 using filtering or selectiv...

Method and Apparatus for Detecting Abusive Email Based on Number of Hops

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and Apparatus for Detecting Abusive Email Based on Number of Hops

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links