Unsolicited message rejecting communications processor

US 8,788,596 B1
Filed: 12/30/2008
Issued: 07/22/2014
Est. Priority Date: 09/09/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for determining if an e-mail message from a transmitting message transfer agent is unsolicited, the transmitting message transfer agent having an actual domain and the e-mail message comprising a from-address having a domain, the method comprising the steps of:

determining whether the from-address domain is in a suspect domain database; and

if the from-address domain is determined to be in the suspect_domain database, then determining whether the from-address domain is not the same as the actual domain, wherein the step of determining whether the from-address domain is not the same as the actual domain comprisesidentifying an Internet Protocol (IP) address of the transmitting message transfer agent,determining the actual domain associated with the IP address of the transmitting message transfer agent, andcomparing the actual domain to the from-address domain, andwherein the e-mail message is determined to be unsolicited if the from-address domain is in the suspect domain database and the from-address domain is not the same as the actual domain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The spam blocker monitors the SMTP/TCP/IP conversation between a sending message transfer agent MTA_—0 and a receiving message transfer agent MTA_—1; catches MTA_—0'"'"'s IP address IP_—0, MTA_—0'"'"'s declared domain D_—0, from-address A_—0; and to-address A_—1; and uses this source and content based information to test for unsolicited messages. It interrupts the conversation when MTA_—0 sends a command_specifying the recipient (an “RCPT” command) and uses the various test results to decide if the message is suspected of being unsolicited. If the message is suspected of being unsolicited then it logs the rejected message, sends an error reply to MTA_—0 which forces MTA_—0 to terminate the connection with MTA_—1 before the body of the message is transmitted; else it logs the allowed message, releases the intercepted RCPT command which allows the conversation between MTA_—0 and MTA_—1 to proceed.

69 Citations

21 Claims

1. A method for determining if an e-mail message from a transmitting message transfer agent is unsolicited, the transmitting message transfer agent having an actual domain and the e-mail message comprising a from-address having a domain, the method comprising the steps of:
- determining whether the from-address domain is in a suspect domain database; and
  
  if the from-address domain is determined to be in the suspect_domain database, then determining whether the from-address domain is not the same as the actual domain, wherein the step of determining whether the from-address domain is not the same as the actual domain comprisesidentifying an Internet Protocol (IP) address of the transmitting message transfer agent,determining the actual domain associated with the IP address of the transmitting message transfer agent, andcomparing the actual domain to the from-address domain, andwherein the e-mail message is determined to be unsolicited if the from-address domain is in the suspect domain database and the from-address domain is not the same as the actual domain.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprisingrelaying and monitoring SMTP messages exchanged between the transmitting message transfer agent and a receiving message transfer agent;
    - intercepting a RCPT reply from the transmitting message transfer agent; and
      
      releasing the RCPT reply if the e-mail message is determined not to be unsolicited, whereas,sending an error reply to the transmitting message transfer agent if the e-mail message is determined to be unsolicited.
  - 3. The method of claim 2, wherein the sending of the error reply occurs before a data portion of the unsolicited e-mail message is transmitted from the transmitting message transfer agent.
  - 4. The method of claim 2, wherein the SMTP messages are not intercepted before the RCPT reply from the transmitting message transfer agent.

5. The method of 2, wherein the e-mail message is determined not to be unsolicited by checking if an Internet Protocol (IP) address of the transmitting message transfer agent is in an allow address database.

6. The method of 2, wherein the e-mail message is determined not to be unsolicited by checking if an Internet Protocol (IP) address of the transmitting message transfer agent is in a prevent address database.

7. The method of 2, wherein the e-mail message is determined not to be unsolicited by checking if an Internet Protocol (IP) address of the transmitting message transfer agent is in an open relay database.

8. The method of 2, wherein the e-mail message is determined not to be unsolicited by checking if an Internet Protocol address of the transmitting message transfer agent has a domain name entry in a domain name server (DNS) database.

9. The method of 2, wherein the e-mail message is determined not to be unsolicited by checking if the from-address of the e-mail message is in a bad from database.

10. The method of 2, wherein the e-mail message is determined not to be unsolicited by checking if the from-address of the e-mail message matches a to-address of the e-mail message.

11. The method of 2, wherein the e-mail message is determined not to be unsolicited by checking if a to-address of the e-mail message is in a no filter database.

12. The method of 2, wherein the e-mail message is determined not to be unsolicited by checking if a to-address of the e-mail message is in a yes filter database.

13. The method of 2, wherein the receiving message transfer agent has a domain (D_1), and wherein the e-mail message is determined not to be unsolicited by checking if a declared domain of the transmitting message transfer agent is the same as D_1.

14. The method of 2, wherein the e-mail message is determined not to be unsolicited by checking if a declared domain of the transmitting message transfer agent does not match the actual domain and the declared domain is in the suspect domain database.

15. The method of 2, further comprising:
- logging the time, a from-address of the e-mail message, a to-address of the e-mail message, and a reason for sending the error reply in a rejected_connection database if the e-mail message is determined to be unsolicited.

16. The method of 2, further comprising:
- logging the time and a to-address of the e-mail message in an allowed connection database if the e-mail message is determined not to be unsolicited.

17. The method of 2, wherein in the error reply is a 550 error reply in accordance with the Simple Message Transfer Protocol (SMTP).

18. An unsolicited message rejecting communications system for analyzing an electronic mail message purportedly sent from-address A_0 and to to-address A_1 to be communicated from a message transfer agent MTA_0 having an actual domain DD_0 to a message transfer agent MTA_1, said system comprising:
- a database comprising a suspect domain database; and
  
  a means for determining if the electronic mail message is unsolicitedwherein the from-address A_0 comprises a domain and the electronic mail message is determined to be unsolicited if the domain is in the suspect domain database and the domain is not the same as the actual domain DD_0, wherein the means for determining further comprisesa means for identifying an IP address of the message transfer agent MTA_0 when the domain is determined to be in the suspect domain database,a means for determining the actual domain DD_0 associated with the IP address of the message transfer agent when the domain is determined to be in the suspect domain database, anda means for comparing the actual domain DD_0 to the domain of the from-address A_0 when the domain is determined to be in the suspect domain database.
- View Dependent Claims (19, 20, 21)
- - 19. The system of claim 18 further comprisinga relay and monitoring means for relaying and monitoring SMTP messages exchanged between the transmitting message transfer agent (MTA_0) and the receiving message transfer agent (MTA_1);
20. The system of claim 18, further comprising wherein the e-mail message is determined not to be unsolicited by checking if an Internet Protocol (IP) address of MTA_0 (IP_0) is in an allow address database.
21. The system of claim 18, further comprising wherein the e-mail message is determined not to be unsolicited by checking if an Internet Protocol (IP) address of MTA_0 (IP_0) is in a prevent_address database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Engage Technology
Original Assignee
Engage Technology
Inventors
White, Richard Paul, Huang, Alan, Lu, Haw-minn, Spivack, Ira Victor
Primary Examiner(s)
Mejia, Anthony

Application Number

US12/317,938
Time in Patent Office

2,030 Days
Field of Search

709/200, 709/206
US Class Current

709/206
CPC Class Codes

H04L 51/212 using filtering or selectiv...

Unsolicited message rejecting communications processor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

69 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Unsolicited message rejecting communications processor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links