Authenticating electronic communications

US 7,831,671 B2
Filed: 12/19/2007
Issued: 11/09/2010
Est. Priority Date: 10/07/2002
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating an electronic mail item, comprising:

parsing a header of the electronic mail item to obtain an IP address of a sender of the electronic mail item from a transmission data mail header of the header and to obtain a purported sender domain name from a visible mail header of the header;

interrogating a business entity database with the purported sender domain name to obtain an associated IP address of the sender associated with the purported sender domain name;

comparing the IP address and the associated IP address of the sender to determine whether the IP address and the associated IP address match or not;

generating an authenticity indicator in response to the comparison to indicate of likelihood that the electronic mail item is spoofed; and

presenting the authenticity indicator to a recipient of the electronic mail item.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes generating an authenticity indicator for an electronic communication based on a comparison of domain name data and purported sender data associated with the electronic communication, the authenticity indicator indicating a likelihood that the electronic communication was sent from a purported sender of the electronic communication. The authenticity indicator is presented to the recipient of the electronic communication.

31 Citations

View as Search Results

14 Claims

1. A method of authenticating an electronic mail item, comprising:
- parsing a header of the electronic mail item to obtain an IP address of a sender of the electronic mail item from a transmission data mail header of the header and to obtain a purported sender domain name from a visible mail header of the header;
  
  interrogating a business entity database with the purported sender domain name to obtain an associated IP address of the sender associated with the purported sender domain name;
  
  comparing the IP address and the associated IP address of the sender to determine whether the IP address and the associated IP address match or not;
  
  generating an authenticity indicator in response to the comparison to indicate of likelihood that the electronic mail item is spoofed; and
  
  presenting the authenticity indicator to a recipient of the electronic mail item.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein parsing the header to obtain the purported sender domain name of the electronic mail obtains purported sender domain name data from a “
    - FROM;
      
      . . . ”
      
      field of the visible mail header of the header.
  - 3. The method of claim 1, wherein the business entity database includes a “
    - WHOIS”
      
      database.
  - 4. The method of claim 1, wherein the header of the electronic mail item includes a visible mail header which is visible to the recipient when opening the electronic mail, and a transmission data mail header including data related to at least one server via which the electronic mail item is communicated.

5. A machine-readable medium embodying a sequence of instructions that, when executed by a machine, cause the machine execute a method of authenticating electronic mail, the method including:
- parsing a header of the electronic mail item to obtain an IP address of a sender of the electronic mail item from a transmission data mail header of the header and to obtain a purported domain name of the sender from a visible mail header of the header;
  
  interrogating a business entity database with the purported domain name to obtain an associated IP address of the sender associated with the purported domain name;
  
  comparing the IP address and the associated IP address of the sender to determine whether they match or not;
  
  generating an authenticity indicator in response to the comparison to indicate of likelihood that the electronic mail item is spoofed; and
  
  presenting the authenticity indicator to a recipient of the electronic mail item.
- View Dependent Claims (6, 7, 8)
- - 6. The machine-readable medium of claim 5, wherein the header of the electronic mail includes a visible mail header which is visible to the recipient when opening the electronic mail, and a transmission data mail header including received data included by at least one server via which the electronic mail is communicated, data in both the visible and transmission data mail headers are investigated.
  - 7. The machine-readable medium of claim 6, wherein the reference domain name data is stored on a client machine, and the executed method further including:
    - connecting the client machine to a remote database of reference domain name data;
      
      downloading updated reference domain name data; and
      
      storing the reference domain name data on the client machine.
  - 8. The machine-readable medium of claim 5, wherein the reference domain name data includes domain names associated with spoofed electronic mail, and is updated in an automated fashion.

9. A mail server for authenticating an electronic mail item communicated between the mail server and at least one client device, comprising:
- a communication interface for communicating with the at least one client device;
  
  a processor; and
  
  memory which includes a set of instructions which, when executed by the processor, cause the processor toparse a header of the electronic mail item to obtain an IP address of a sender of the electronic mail item from a transmission data mail header of the header and to obtain a purported sender domain name from a visible mail header of the header;
  
  interrogate a business entity database with the purported sender domain name to obtain an associated IP address of the sender associated with the purported domain name;
  
  compare the IP address and the associated IP address of the sender to determine whether they match or not;
  
  generate an authenticity indicator in response to the comparison to indicate of likelihood that the electronic mail item is spoofed; and
  
  presenting the authenticity indicator to a recipient of the electronic mail item.
- View Dependent Claims (10, 11, 12)
- - 10. The mail server of claim 9, in which the processor further:
    - parsing the header of the electronic mail item to obtain domain name data for a sender of the electronic mail item and for each server via which the electronic mail item has been communicated;
      
      comparing the domain name data with reference domain name data, which includes domain names associated with spoofed electronic mail items; and
      
      generating the authenticity indicator in response to the comparison of the domain name data and the reference domain name data.
  - 11. The mail server of claim 10, wherein the reference domain name data includes domain names associated with spoofed electronic mail and the reference domain name data is updated in an automated fashion.
  - 12. The mail server of claim 11, wherein the reference domain name data is stored on a client machine and the processor further:
    - connects the client machine to a remote database of reference domain name data;
      
      downloads updated reference domain name data; and
      
      stores the reference domain name data on the client machine.

13. A method of authenticating an electronic mail item, the method including:
- parsing a header of the electronic mail to obtain an IP address of a sender of the electronic mail item and to obtain a purported domain name of the sender of the electronic mail;
  
  interrogating a business entity database with the header IP address to obtain an associated domain name;
  
  comparing the associated domain name and the purported domain name of the sender to determine whether they match or not;
  
  generating the authenticity indicator in response to the comparison to indicate of likelihood that the electronic mail item is spoofed; and
  
  presenting the authenticity indicator to a recipient of the electronic mail item.
- View Dependent Claims (14)
- - 14. The method of claim 13, wherein the business entity database includes “
    - WHOIS”
      
      database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
eBay Inc.
Original Assignee
eBay Inc.
Inventors
Lalonde, Chris, Abbott, Marty, Sanford, Kirk, Isaacs, Greg
Primary Examiner(s)
WANG, LIANG CHE A

Application Number

US11/959,638
Publication Number

US 20080098077A1
Time in Patent Office

1,056 Days
Field of Search

709/206, 709/207, 709/229
US Class Current

709/206
CPC Class Codes

G06Q 10/107   Computer-aided management o...

H04L 51/212   using filtering or selectiv...

H04L 51/48   Message addressing, e.g. ad...

H04L 61/4555   Directories for electronic ...

H04L 63/126   the source of the received ...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1466   Active attacks involving in...

H04L 63/1483   service impersonation, e.g....

Authenticating electronic communications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating electronic communications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links