System utilizing updated spam signatures for performing secondary signature-based analysis of a held e-mail to improve spam email detection

US 7,293,063 B1
Filed: 06/04/2003
Issued: 11/06/2007
Est. Priority Date: 06/04/2003
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for detecting spam e-mail, the method comprising the steps of:

a spam manager receiving at least one e-mail addressed to a domain;

the spam manager performing a signature-based analysis of received e-mail to determine whether received e-mail includes at least one signature indicative of spam;

responsive to the spam manager identifying e-mail that does not include at least one signature indicative of spam and to a timeout period not having transpired from a time of receipt of the e-mail by the spam manager, the spam manager performing at least one secondary analysis of the identified e-mail;

responsive to at least one secondary analysis indicating that the identified e-mail could comprise spam, the spam manager holding the identified e-mail for further processing;

the spam manager receiving updated spam signatures before the timeout period transpires from the time of receipt of the e-mail; and

the spam manager performing an additional signature-based analysis of the held e-mail to determine whether the held e-mail includes at least one signature indicative of spam, the additional signature-based analysis utilizing the updated spam signatures.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A spam manager (101) receives (201) at least one e-mail (106) addressed to a domain (103). The spam manager (101) performs (203) a signature based analysis of received e-mail (106) to determine whether received e-mail (106) includes at least one signature indicative of spam. Responsive to the spam manager (101) identifying e-mail (106) that does not include at least one signature indicative of spam and to a timeout period not having transpired from a time of receipt of the e-mail (106) by the spam manager (101), the spam manager (101) performs (205) at least one secondary analysis of the identified e-mail (106).

233 Citations

19 Claims

1. A computer-implemented method for detecting spam e-mail, the method comprising the steps of:
- a spam manager receiving at least one e-mail addressed to a domain;
  
  the spam manager performing a signature-based analysis of received e-mail to determine whether received e-mail includes at least one signature indicative of spam;
  
  responsive to the spam manager identifying e-mail that does not include at least one signature indicative of spam and to a timeout period not having transpired from a time of receipt of the e-mail by the spam manager, the spam manager performing at least one secondary analysis of the identified e-mail;
  
  responsive to at least one secondary analysis indicating that the identified e-mail could comprise spam, the spam manager holding the identified e-mail for further processing;
  
  the spam manager receiving updated spam signatures before the timeout period transpires from the time of receipt of the e-mail; and
  
  the spam manager performing an additional signature-based analysis of the held e-mail to determine whether the held e-mail includes at least one signature indicative of spam, the additional signature-based analysis utilizing the updated spam signatures.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 further comprising the step of:
    - the spam manager classifying the identified e-mail as legitimate, responsive to no secondary analysis indicating that the identified e-mail comprises spam.
  - 3. The method of claim 1 further comprising the step of:
    - the spam manager classifying e-mail as spam, responsive to at least one secondary analysis indicating that the identified e-mail comprises spam.
  - 4. The method of claim 1 wherein the spam manager holds the identified e-mail for further processing, responsive to at least one secondary analysis indicating that the identified e-mail comprises spam.
  - 5. The method of claim 1 further comprising the step of:
    - the spam manager classifying the held e-mail as spam, responsive to the additional signature-based analysis identifying at least one signature indicative of spam.
  - 6. The method of claim 1 further comprising the step of:
    - the spam manager classifying the held e-mail as legitimate, responsive to the additional signature-based analysis not identifying at least one signature indicative of spam, and to the timeout period having transpired from the time of receipt of the e-mail.
  - 7. The method of claim 1 further comprising the step of:
    - responsive to the additional signature-based analysis not identifying at least one signature indicative of spam and to the timeout period not having transpired from the time of receipt of the e-mail, the spam manager continuing to hold the e-mail for further processing.
  - 8. The method of claim 7 further comprising the steps of:
    - the spam manager receiving second updated spam signatures before the timeout period transpires from the time of receipt of the e-mail; and
      
      the spam manager performing an additional signature-based analysis of the held e-mail to determine whether the held e-mail includes at least one signature indicative of spam, the additional signature-based analysis utilizing the second updated signatures.
  - 9. The method of claim 1 further comprising the step of:
    - the spam manager classifying the held e-mail as legitimate, responsive to not receiving updated spam signatures before the timeout period transpires from the time of receipt of the e-mail.
  - 10. The method of claim 1 further comprising the step of:
    - the spam manager classifying e-mail as spam, responsive to identifying e-mail that includes at least one signature indicative of spam.
  - 11. The method of claim 1 wherein at least one secondary analysis comprises a secondary analysis from a group comprising:
    - a real-time black hole list analysis;
      
      a neural network analysis; and
      
      a Bayesian network analysis.
  - 12. The method of claim 1 wherein at least one step is performed by at least one computer from a group consisting of:
    - a server;
      
      a gateway; and
      
      a client.

13. A computer readable medium containing a computer program product for detecting spam e-mail, the computer program product comprising:
- program code for enabling a spam manager to receive at least one e-mail addressed to a domain;
  
  program code for enabling the spam manager to perform a signature-based analysis of received e-mail to determine whether received e-mail includes at least one signature indicative of spam;
  
  program code for enabling the spam manager to perform at least one secondary analysis of e-mail, responsive to the spam manager identifying e-mail that does not include at least one signature indicative of spam and to a timeout period not having transpired from a time of receipt of the e-mail by the spam manager;
  
  program code for enabling the spam manager to hold the identified e-mail for further processing, responsive to at least one secondary analysis indicating that the identified e-mail could comprise spam;
  
  program code for enabling the spam manager to receive updated spam signatures before the timeout period transpires from the time of receipt of the e-mail; and
  
  program code for enabling the spam manager to perform an additional signature-based analysis of the held e-mail to determine whether the held e-mail includes at least one signature indicative of spam, the additional signature-based analysis utilizing the updated signatures.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer program product of claim 13 wherein the program code for enabling the spam manager to hold the identified e-mail for further processing holds the identified e-mail responsive to the at least one secondary analysis indicating that the identified e-mail comprises spam.
  - 15. The computer program product of claim 13 further comprising:
    - program code for enabling the spam manager to classify the held e-mail as spam, responsive to the additional signature-based analysis identifying at least one signature indicative of spam.
  - 16. The computer program product of claim 13 further comprising:
    - program code for enabling the spam manager to classify the held e-mail as legitimate, responsive to the additional signature-based analysis not identifying at least one signature indicative of spam, and to the timeout period having transpired from the time of receipt of the e-mail.
  - 17. The computer program product of claim 13 further comprising:
    - program code for enabling the spam manager to continue to hold the e-mail for further processing, responsive to the additional signature-based analysis not identifying at least one signature indicative of spam and to the timeout period not having transpired from the time of receipt of the e-mail.
  - 18. The computer program product of claim 13 further comprising:
    - program code for enabling the spam manager to classify the held e-mail as legitimate, responsive to not receiving updated spam signatures before the timeout period transpires from the time of receipt of the e-mail.

19. A computer system for detecting spam e-mail, the computer system comprising:
- an e-mail reception module, adapted to receive at least one e-mail addressed to a domain;
  
  a signature-based analysis module, adapted to perform a signature-based analysis of received e-mail to determine whether received e-mail includes at least one signature indicative of spam, the signature-based analysis module being coupled to the e-mail reception module;
  
  a secondary analysis module, adapted to perform at least one secondary analysis of e-mail responsive to the signature-based analysis module identifying e-mail that does not include at least one signature indicative of spam, and to a timeout period not having transpired from a time of receipt of the e-mail by the reception module, the secondary analysis module being coupled to the signature-based analysis module;
  
  an e-mail holding module, adapted to hold identified e-mail for further processing, responsive to the secondary analysis module indicating that the identified e-mail comprises spam, the e-mail holding module being coupled to the signature-based analysis module and to the secondary analysis module;
  
  wherein the signature-based analysis module receives updated spam signatures before the timeout period transpires from the time of receipt of the e-mail and performs an additional signature-based analysis of the held e-mail to determine whether the held e-mail includes at least one signature indicative of spam, the additional signature-based analysis utilizing the updated signatures.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Sobel, William E
Primary Examiner(s)
Luu; Le Hien

Application Number

US10/455,014
Time in Patent Office

1,616 Days
Field of Search

709/206, 709/207, 713/200, 713/201, 726/23, 726/24
US Class Current

709/206
CPC Class Codes

G06Q 10/107 Computer-aided management o...

System utilizing updated spam signatures for performing secondary signature-based analysis of a held e-mail to improve spam email detection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

233 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System utilizing updated spam signatures for performing secondary signature-based analysis of a held e-mail to improve spam email detection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

233 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links