Detection of outbound sending of spam
First Claim
1. A network device, comprising:
- a transceiver to send and receive data over a network; and
a processor that receives data from and sends data to the transceiver, and performs actions, including;
intercepting a message that is sent outbound from a message account to a message destination;
parsing the outbound message to identify a plurality of message characteristics;
analyzing the plurality of message characteristics to determine a plurality of probability values for the message;
assigning a probability score to the outbound message based in part on the determined plurality of probability values and previously determined data and probability scores for a plurality of other message accounts;
selectively classifying the outbound message as abusive based on the assigned probability score being at or above a determined threshold value;
if the outbound message is classified as abusive, inhibiting sending of the outbound message over the network;
otherwise, enabling the outbound message to be sent towards the message destination;
in response to a request from a new user for a registration for a new message account;
obtaining at least biographical information, a username and a password provided by the new user and a network address that is associated with the request;
determining a plurality of user probability values for the new user based at least on the biographical information, a username and a password and the network address that is associated with the request;
determining a degree of similarity of at least a portion of the new user'"'"'s contact information to at least a portion of multiple other user registration information provided for registering at least another message account within a defined time period; and
if the plurality of user probability values are classified as abusive in comparison to at least the determined threshold value, inhibiting the new message account from at least initially sending the outbound message.
6 Assignments
0 Petitions
Accused Products
Abstract
The invention provides for at least three processes for detecting the probability of abusive use of a message account for sending large amounts of unsolicited messages, such as spam, to other message accounts. For example, information provided at registration for a new message account can be processed to determine the likelihood of abusive use of that message account. Also, inbound messages can be processed to determine if the message account that sent the inbound message is abusing the use of that message account. Additionally, outbound messages can be processed to determine if the message account that is attempting to send an outbound message is abusing the use of that message account. Each of these three processes can operate separately or in any combination with each other to further improve the probability that abusive use of a message account will be detected promptly and accurately.
60 Citations
20 Claims
-
1. A network device, comprising:
-
a transceiver to send and receive data over a network; and a processor that receives data from and sends data to the transceiver, and performs actions, including; intercepting a message that is sent outbound from a message account to a message destination; parsing the outbound message to identify a plurality of message characteristics; analyzing the plurality of message characteristics to determine a plurality of probability values for the message; assigning a probability score to the outbound message based in part on the determined plurality of probability values and previously determined data and probability scores for a plurality of other message accounts; selectively classifying the outbound message as abusive based on the assigned probability score being at or above a determined threshold value; if the outbound message is classified as abusive, inhibiting sending of the outbound message over the network;
otherwise, enabling the outbound message to be sent towards the message destination;in response to a request from a new user for a registration for a new message account; obtaining at least biographical information, a username and a password provided by the new user and a network address that is associated with the request; determining a plurality of user probability values for the new user based at least on the biographical information, a username and a password and the network address that is associated with the request; determining a degree of similarity of at least a portion of the new user'"'"'s contact information to at least a portion of multiple other user registration information provided for registering at least another message account within a defined time period; and if the plurality of user probability values are classified as abusive in comparison to at least the determined threshold value, inhibiting the new message account from at least initially sending the outbound message. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A processor readable non-transitory storage medium that includes data and instructions, wherein the execution of the instructions on a computing device by enabling actions, comprising:
-
intercepting a message that is sent outbound from a message account for delivery to a message destination; parsing the outbound message to identify a plurality of message characteristics; analyzing the plurality of message characteristics to determine a plurality of probability values for the message; assigning a probability score to the outbound message based in part on the determined probability values and previously determined data and probability scores for a plurality of other message accounts; adjusting the probability score for the outbound message based in part on contributing factors indicating whether the message account related to the outbound message was previously used for abusive or fraudulent purposes; classifying the outbound message as abusive based on the assigned probability score being at or above a determined threshold value; if the outbound message is classified as abusive, inhibiting delivery of the outbound message;
otherwise, enabling the outbound message to be delivered to the message destination;in response to a request from a new user for a registration for a new message account; obtaining at least biographical information, a username and a password provided by the new user and a network address that is associated with the request; determining a plurality of user probability values for the new user based on the new user having provided at least biographical information, a username and a password, a network address that is associated with the request; determining a degree of similarity of at least a portion of the new user'"'"'s contact information to at least a portion of multiple other user registration information provided for registering at least another message account within a defined time period; and if the plurality of user probability values are classified as abusive in comparison to at least the determined threshold value, inhibiting the new message account from at least initially sending the outbound message. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A system for enabling a communications over a network, comprising:
-
a data storage device having stored thereon, a plurality of abusive message account data from a plurality of message account registrations; and one or more processors configured to employ data from the data storage device to perform actions, including; intercepting an outbound message sent from a message account towards a message destination; parsing the outbound message to identify a plurality of message characteristics; analyzing the plurality of message characteristics to determine a plurality of probability values for the message; assigning a probability score to the outbound message based in part on the determined probability values and previously determined data and probability scores for the plurality of other message account registrations; classifying the outbound message as abusive based on the assigned probability score being at or above a determined threshold value; if the outbound message is classified as abusive, inhibiting delivery of the outbound message;
otherwise, enabling the outbound message to be delivered to the message destination;in response to a request from a new user for a registration for a new message account; obtaining at least biographical information, a username and a password provided by the new user and a network address that is associated with the request; determining a plurality of user probability values for the new user based on the new user having provided at least biographical information, a username and a password, a network address that is associated with the request; determining a degree of similarity of at least a portion of the new user'"'"'s contact information to at least a portion of multiple other user registration information provided for registering at least another message account within a defined time period; and if the plurality of user probability values are classified as abusive in comparison to at least the determined threshold value, inhibiting the new message account from at least initially sending the outbound message. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification