Spam whitelisting for recent sites

US 8,095,602 B1
Filed: 05/30/2006
Issued: 01/10/2012
Est. Priority Date: 05/30/2006
Status: Active Grant

First Claim

Patent Images

1. A method for detecting unwanted messages, comprising:

(a) receiving, by a spam filter residing on one or more of an Internet Service Provider (“

ISP”

), a proxy server, a gateway, an e-mail server, and a client, an electronic message addressed to a first client, the electronic message comprising a header and body, the header comprising source and destination addresses;

(b) generating a browser log, wherein the browser log stores at least one Universal Resource Locator (“

URL”

) for a visited web site from at least one web browsing session;

(c) in response to receiving the electronic message, retrieving the browser log;

(d) comparing, by the spam filter, at least one of (i) a string of characters from the source address to a string of characters in a listing and (ii) a in the body of the electronic message with the at least one URL in the browser log; and

(e) when at least one of the string of characters from the source address and the URL matches at least part of a URL in the browser log, determining, by the spam filter, that the electronic message has a greater probability of being wanted than not being wanted by a first user of the first client, wherein determining comprises;

determining, by the spam filter, a first score based on a comparison of a first set of rules with the electronic message;

when the compared at least one of (i) a string of characters and (ii) URL matches at least part of the source address, adjusting, by the spam filter, the first score by a second determined amount to produce a second score, the second score indicating a lower probability of the electronic message being spam than the first score,when a match exists in step (e2), determining, by the spam filter, whether information other than an email address was provided by the first user during a session with a website corresponding to the matched URL; and

when information was provided by the first user during the session, adjusting, by the spam filter, one of the first and second scores by a third determined amount to produce a third score, the third score indicating a lower probability of the electronic message being spam than the first and second scores.

View all claims

23 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed to spam filters which consider browser-generated information, such as a browser log, in determining whether an electronic message, such as an e-mail, is or is not spam.

69 Citations

View as Search Results

17 Claims

1. A method for detecting unwanted messages, comprising:
- (a) receiving, by a spam filter residing on one or more of an Internet Service Provider (“
  
  ISP”
  
  ), a proxy server, a gateway, an e-mail server, and a client, an electronic message addressed to a first client, the electronic message comprising a header and body, the header comprising source and destination addresses;
  
  (b) generating a browser log, wherein the browser log stores at least one Universal Resource Locator (“
  
  URL”
  
  ) for a visited web site from at least one web browsing session;
  
  (c) in response to receiving the electronic message, retrieving the browser log;
  
  (d) comparing, by the spam filter, at least one of (i) a string of characters from the source address to a string of characters in a listing and (ii) a in the body of the electronic message with the at least one URL in the browser log; and
  
  (e) when at least one of the string of characters from the source address and the URL matches at least part of a URL in the browser log, determining, by the spam filter, that the electronic message has a greater probability of being wanted than not being wanted by a first user of the first client, wherein determining comprises;
  
  determining, by the spam filter, a first score based on a comparison of a first set of rules with the electronic message;
  
  when the compared at least one of (i) a string of characters and (ii) URL matches at least part of the source address, adjusting, by the spam filter, the first score by a second determined amount to produce a second score, the second score indicating a lower probability of the electronic message being spam than the first score,when a match exists in step (e2), determining, by the spam filter, whether information other than an email address was provided by the first user during a session with a website corresponding to the matched URL; and
  
  when information was provided by the first user during the session, adjusting, by the spam filter, one of the first and second scores by a third determined amount to produce a third score, the third score indicating a lower probability of the electronic message being spam than the first and second scores.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the electronic message is an e-mail and wherein the at least one of (i) a string of characters from the source address and (ii) a URL in the body is (i).
  - 3. The method of claim 1, wherein the electronic message is an e-mail and wherein the at least one of (i) a string of characters from the source address and (ii) a URL in the body is (ii).
  - 4. The method of claim 1, wherein the browser log comprises only URLs selected and saved by the first user.
  - 5. The method of claim 1, wherein the browser log is maintained in a cache of web content previously accessed by the first user.
  - 6. The method of claim 1, wherein step (e) further comprises:
    - (e5) when information other than an email address was provided by the user during the session, determining, by the spam filter, whether the information comprises at least a selected field; and
      
      (e6) when the information comprises at least the selected field, adjusting, by the spam filter, one of the first, second, and third scores by a fourth determined amount to produce a fourth score, the fourth score indicating a lower probability of the electronic message being spam than the first, second, and third scores.
  - 7. The method of claim 1, further comprising:
    - (f) determining, by the spam filter, whether the first user encountered at least one pop-up when visiting a URL associated with the electronic message; and
      
      (g) when the first user encountered at least one pop-up when visiting a URL associated with the electronic message, adjusting, by the spam filter, the first score by a fourth determined amount to produce a fourth score, the fourth score indicating a higher probability of the electronic message being spam than the first score.
  - 8. A non-transitory computer readable medium, stored on a tangible medium, comprising processor executable instructions stored thereon operable to perform, when executed, the steps of claim 1.

9. A system for detecting unwanted messages, comprising:
- an input operable to receive an electronic messages, including a first electronic message addressed to a first client, the first electronic message comprising a header and body, the header comprising source and destination addresses; and
  
  a spam filter operable to;
  
  retrieve a browsing history including at least one Universal Resource Locator (“
  
  URL”
  
  ) associated with a previous web browsing session;
  
  compare at least one of (i) a string of characters from the source address and (ii) a in the body with the at least one URL stored in the browsing history associated with the first client;
  
  when the compared at least one of (i) a string of characters and (ii) URL matches at least part of a URL in the browser history, determine that the first electronic message has a greater probability of being wanted than not being wanted by a first user of the first client, wherein the in determining the first electronic message has a greater probability of being wanted, the spam filter is further operable to;
  
  determining a first score based on a comparison of a first set of rules with the first electronic message;
  
  when the compared at least one of (i) a string of characters and (ii) URL matches at least part of the source address, adjusting the first score by a second determined amount to produce a second score, the second score indicating a lower probability of the first electronic message being spam than the first score;
  
  when a match exists, determining whether information other than an email address was provided by the first user during a session with a website corresponding to the matched URL; and
  
  when information was provided by the first user during the session, adjusting one of the first and second scores by a third determined amount to produce a third score, the third score indicating a lower probability of the first electronic message being spam than the first and second scores.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the first electronic message is an e-mail and wherein the at least one of (i) a string of characters from the source address and (ii) a URL in the body is (i).
  - 11. The system of claim 9, wherein the first electronic message is an e-mail and wherein the at least one of (i) a string of characters from the source address and (ii) a URL in the body is (ii).
  - 12. The system of claim 9 wherein the browsing history comprises only URLs selected and saved by the first user.
  - 13. The system of claim 9, wherein the browsing history is maintained in a cache of web content previously accessed by the first user.
  - 14. The system of claim 9, wherein the determining operation further comprises the sub-operations:
    - when information other than an email address was provided by the first user during the session, determining whether the information comprises at least a selected field; and
      
      when the information comprises at least the selected field, adjusting one of the first, second, and third scores by a fourth determined amount to produce a fourth score, the fourth score indicating a lower probability of the first electronic message being spam than the first, second, and third scores.
  - 15. The system of claim 9, wherein the spam filter is further operable to determine whether the first user encountered at least one pop-up when visiting a URL associated with the first electronic message and, when the first user encountered at least one pop-up when visiting a URL associated with the first electronic message, adjusting the first score by a fourth determined amount to produce a fourth score, the fourth score indicating a higher probability of the first electronic message being spam than the first score.
  - 16. The system of claim 14, wherein third amount depends on a time elapsed between a timestamp associated with the URL in the listing and a timestamp associated with receipt of the first electronic message and wherein the selected field comprises information respecting at least one of the first user'"'"'s name, the first user'"'"'s street address, the first user'"'"'s date of birth, the first user'"'"'s age, the first user'"'"'s marital status, the first user'"'"'s health, an electronic message address associated with the first user, and financial information of the first user.

17. A method for detecting unwanted messages, comprising:
- receiving, by a spam filter residing on one or more of an Internet Service Provider (“
  
  ISP”
  
  ), a proxy server, a gateway, an e-mail server, and a client, an electronic message addressed to a first client, the electronic message comprising a header and body, the header comprising source and destination addresses;
  
  comparing, by the spam filter, at least one of (i) a string of characters from the source address and (ii) a Universal Resource Locator (“
  
  URL”
  
  ) in the body with a listing of URLs derived from at least one browsing session conducted by the first client, wherein the URL listing is a browser log; and
  
  when the compared at least one of (i) a string of characters and (ii) URL matches at least part of a URL in the listing, determining, by the spam filter, that the electronic message has a greater probability of being wanted than not being wanted by a first user of the first client, wherein determining comprises;
  
  determining, by the spam filter, a first score based on a comparison of a first set of rules with the electronic message;
  
  when the compared at least one of (i) a string of characters and (ii) URL matches at least part of the source address, adjusting, by the spam filter, the first score by a second determined amount to produce a second score, the second score indicating a lower probability of the electronic message being spam than the first score;
  
  when a match exists, determining whether information other than an email address was provided by the first user during a session with a website corresponding to the matched URL; and
  
  when information was provided by the first user during the session, adjusting one of the first and second scores by a third determined amount to produce a third score, the third score indicating a lower probability of the electronic message being spam than the first and second scores.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
Avaya Incorporated
Inventors
Orbach, Julian J.
Primary Examiner(s)
Nguyen, Phuoc
Assistant Examiner(s)
NGUYEN, STEVEN C

Application Number

US11/445,039
Time in Patent Office

2,051 Days
Field of Search

709/206, 709/224, 707/1
US Class Current

709/206
CPC Class Codes

G06Q 10/107 Computer-aided management o...

Spam whitelisting for recent sites

First Claim

23 Assignments

0 Petitions

Accused Products

Abstract

69 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Spam whitelisting for recent sites

First Claim

23 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others