Unsolicited message rejecting communications processor
First Claim
1. A method for determining if an e-mail message from a transmitting message transfer agent is unsolicited, the transmitting message transfer agent having an actual domain and the e-mail message comprising a from-address having a domain, the method comprising the steps of:
- determining whether the from-address domain is in a suspect domain database; and
if the from-address domain is determined to be in the suspect_domain database, then determining whether the from-address domain is not the same as the actual domain, wherein the step of determining whether the from-address domain is not the same as the actual domain comprisesidentifying an Internet Protocol (IP) address of the transmitting message transfer agent,determining the actual domain associated with the IP address of the transmitting message transfer agent, andcomparing the actual domain to the from-address domain, andwherein the e-mail message is determined to be unsolicited if the from-address domain is in the suspect domain database and the from-address domain is not the same as the actual domain.
1 Assignment
0 Petitions
Accused Products
Abstract
The spam blocker monitors the SMTP/TCP/IP conversation between a sending message transfer agent MTA—0 and a receiving message transfer agent MTA—1; catches MTA—0'"'"'s IP address IP—0, MTA—0'"'"'s declared domain D—0, from-address A—0; and to-address A—1; and uses this source and content based information to test for unsolicited messages. It interrupts the conversation when MTA—0 sends a command_specifying the recipient (an “RCPT” command) and uses the various test results to decide if the message is suspected of being unsolicited. If the message is suspected of being unsolicited then it logs the rejected message, sends an error reply to MTA—0 which forces MTA—0 to terminate the connection with MTA—1 before the body of the message is transmitted; else it logs the allowed message, releases the intercepted RCPT command which allows the conversation between MTA—0 and MTA—1 to proceed.
69 Citations
21 Claims
-
1. A method for determining if an e-mail message from a transmitting message transfer agent is unsolicited, the transmitting message transfer agent having an actual domain and the e-mail message comprising a from-address having a domain, the method comprising the steps of:
-
determining whether the from-address domain is in a suspect domain database; and if the from-address domain is determined to be in the suspect_domain database, then determining whether the from-address domain is not the same as the actual domain, wherein the step of determining whether the from-address domain is not the same as the actual domain comprises identifying an Internet Protocol (IP) address of the transmitting message transfer agent, determining the actual domain associated with the IP address of the transmitting message transfer agent, and comparing the actual domain to the from-address domain, and wherein the e-mail message is determined to be unsolicited if the from-address domain is in the suspect domain database and the from-address domain is not the same as the actual domain. - View Dependent Claims (2, 3, 4)
-
-
5. The method of 2, wherein the e-mail message is determined not to be unsolicited by checking if an Internet Protocol (IP) address of the transmitting message transfer agent is in an allow address database.
-
6. The method of 2, wherein the e-mail message is determined not to be unsolicited by checking if an Internet Protocol (IP) address of the transmitting message transfer agent is in a prevent address database.
-
7. The method of 2, wherein the e-mail message is determined not to be unsolicited by checking if an Internet Protocol (IP) address of the transmitting message transfer agent is in an open relay database.
-
8. The method of 2, wherein the e-mail message is determined not to be unsolicited by checking if an Internet Protocol address of the transmitting message transfer agent has a domain name entry in a domain name server (DNS) database.
-
9. The method of 2, wherein the e-mail message is determined not to be unsolicited by checking if the from-address of the e-mail message is in a bad from database.
-
10. The method of 2, wherein the e-mail message is determined not to be unsolicited by checking if the from-address of the e-mail message matches a to-address of the e-mail message.
-
11. The method of 2, wherein the e-mail message is determined not to be unsolicited by checking if a to-address of the e-mail message is in a no filter database.
-
12. The method of 2, wherein the e-mail message is determined not to be unsolicited by checking if a to-address of the e-mail message is in a yes filter database.
-
13. The method of 2, wherein the receiving message transfer agent has a domain (D_1), and wherein the e-mail message is determined not to be unsolicited by checking if a declared domain of the transmitting message transfer agent is the same as D_1.
-
14. The method of 2, wherein the e-mail message is determined not to be unsolicited by checking if a declared domain of the transmitting message transfer agent does not match the actual domain and the declared domain is in the suspect domain database.
-
15. The method of 2, further comprising:
logging the time, a from-address of the e-mail message, a to-address of the e-mail message, and a reason for sending the error reply in a rejected_connection database if the e-mail message is determined to be unsolicited.
-
16. The method of 2, further comprising:
logging the time and a to-address of the e-mail message in an allowed connection database if the e-mail message is determined not to be unsolicited.
-
17. The method of 2, wherein in the error reply is a 550 error reply in accordance with the Simple Message Transfer Protocol (SMTP).
-
18. An unsolicited message rejecting communications system for analyzing an electronic mail message purportedly sent from-address A_0 and to to-address A_1 to be communicated from a message transfer agent MTA_0 having an actual domain DD_0 to a message transfer agent MTA_1, said system comprising:
-
a database comprising a suspect domain database; and a means for determining if the electronic mail message is unsolicited wherein the from-address A_0 comprises a domain and the electronic mail message is determined to be unsolicited if the domain is in the suspect domain database and the domain is not the same as the actual domain DD_0, wherein the means for determining further comprises a means for identifying an IP address of the message transfer agent MTA_0 when the domain is determined to be in the suspect domain database, a means for determining the actual domain DD_0 associated with the IP address of the message transfer agent when the domain is determined to be in the suspect domain database, and a means for comparing the actual domain DD_0 to the domain of the from-address A_0 when the domain is determined to be in the suspect domain database. - View Dependent Claims (19, 20, 21)
means for intercepting a RCPT reply from MTA_0; means for releasing the RCPT reply if the e-mail message is determined not to be unsolicited, whereas, sending an error reply to MTA_0 if the e-mail message is determined to be unsolicited, wherein MTA_1 controls the interaction between MTA_0 and MTA_1 before the intercepting of the RCPT reply.
-
-
20. The system of claim 18, further comprising wherein the e-mail message is determined not to be unsolicited by checking if an Internet Protocol (IP) address of MTA_0 (IP_0) is in an allow address database.
-
21. The system of claim 18, further comprising wherein the e-mail message is determined not to be unsolicited by checking if an Internet Protocol (IP) address of MTA_0 (IP_0) is in a prevent_address database.
Specification