System utilizing updated spam signatures for performing secondary signature-based analysis of a held e-mail to improve spam email detection
First Claim
Patent Images
1. A computer-implemented method for detecting spam e-mail, the method comprising the steps of:
- a spam manager receiving at least one e-mail addressed to a domain;
the spam manager performing a signature-based analysis of received e-mail to determine whether received e-mail includes at least one signature indicative of spam;
responsive to the spam manager identifying e-mail that does not include at least one signature indicative of spam and to a timeout period not having transpired from a time of receipt of the e-mail by the spam manager, the spam manager performing at least one secondary analysis of the identified e-mail;
responsive to at least one secondary analysis indicating that the identified e-mail could comprise spam, the spam manager holding the identified e-mail for further processing;
the spam manager receiving updated spam signatures before the timeout period transpires from the time of receipt of the e-mail; and
the spam manager performing an additional signature-based analysis of the held e-mail to determine whether the held e-mail includes at least one signature indicative of spam, the additional signature-based analysis utilizing the updated spam signatures.
2 Assignments
0 Petitions
Accused Products
Abstract
A spam manager (101) receives (201) at least one e-mail (106) addressed to a domain (103). The spam manager (101) performs (203) a signature based analysis of received e-mail (106) to determine whether received e-mail (106) includes at least one signature indicative of spam. Responsive to the spam manager (101) identifying e-mail (106) that does not include at least one signature indicative of spam and to a timeout period not having transpired from a time of receipt of the e-mail (106) by the spam manager (101), the spam manager (101) performs (205) at least one secondary analysis of the identified e-mail (106).
233 Citations
19 Claims
-
1. A computer-implemented method for detecting spam e-mail, the method comprising the steps of:
-
a spam manager receiving at least one e-mail addressed to a domain; the spam manager performing a signature-based analysis of received e-mail to determine whether received e-mail includes at least one signature indicative of spam; responsive to the spam manager identifying e-mail that does not include at least one signature indicative of spam and to a timeout period not having transpired from a time of receipt of the e-mail by the spam manager, the spam manager performing at least one secondary analysis of the identified e-mail; responsive to at least one secondary analysis indicating that the identified e-mail could comprise spam, the spam manager holding the identified e-mail for further processing; the spam manager receiving updated spam signatures before the timeout period transpires from the time of receipt of the e-mail; and the spam manager performing an additional signature-based analysis of the held e-mail to determine whether the held e-mail includes at least one signature indicative of spam, the additional signature-based analysis utilizing the updated spam signatures. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer readable medium containing a computer program product for detecting spam e-mail, the computer program product comprising:
-
program code for enabling a spam manager to receive at least one e-mail addressed to a domain; program code for enabling the spam manager to perform a signature-based analysis of received e-mail to determine whether received e-mail includes at least one signature indicative of spam; program code for enabling the spam manager to perform at least one secondary analysis of e-mail, responsive to the spam manager identifying e-mail that does not include at least one signature indicative of spam and to a timeout period not having transpired from a time of receipt of the e-mail by the spam manager; program code for enabling the spam manager to hold the identified e-mail for further processing, responsive to at least one secondary analysis indicating that the identified e-mail could comprise spam; program code for enabling the spam manager to receive updated spam signatures before the timeout period transpires from the time of receipt of the e-mail; and program code for enabling the spam manager to perform an additional signature-based analysis of the held e-mail to determine whether the held e-mail includes at least one signature indicative of spam, the additional signature-based analysis utilizing the updated signatures. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A computer system for detecting spam e-mail, the computer system comprising:
-
an e-mail reception module, adapted to receive at least one e-mail addressed to a domain; a signature-based analysis module, adapted to perform a signature-based analysis of received e-mail to determine whether received e-mail includes at least one signature indicative of spam, the signature-based analysis module being coupled to the e-mail reception module; a secondary analysis module, adapted to perform at least one secondary analysis of e-mail responsive to the signature-based analysis module identifying e-mail that does not include at least one signature indicative of spam, and to a timeout period not having transpired from a time of receipt of the e-mail by the reception module, the secondary analysis module being coupled to the signature-based analysis module; an e-mail holding module, adapted to hold identified e-mail for further processing, responsive to the secondary analysis module indicating that the identified e-mail comprises spam, the e-mail holding module being coupled to the signature-based analysis module and to the secondary analysis module; wherein the signature-based analysis module receives updated spam signatures before the timeout period transpires from the time of receipt of the e-mail and performs an additional signature-based analysis of the held e-mail to determine whether the held e-mail includes at least one signature indicative of spam, the additional signature-based analysis utilizing the updated signatures.
-
Specification