Detecting spam from a bulk registered e-mail account
First Claim
1. A network device, comprising:
- a transceiver to send and receive data over a network; and
a processor that receives data from and sends data to the transceiver, and performs actions, including;
in response to a request from a new user for a registration for a message account, determining a plurality of user probability values based on at least biographical information, a username and a password for the new user, a network address that is associated with the request, and a degree of similarity of at least a portion of the new user'"'"'s contact information to at least a portion of multiple other user registration information provided for registering at least another message account within a defined time period, each user probability value is a probability that the message account will be used for abusive purposes;
if the plurality of user probability values are classified as abusive in comparison to at least a determined threshold value, inhibiting the message account from at least sending a message to another message account; and
in response to receiving a message inbound to the message account;
parsing the inbound message to identify a plurality of message characteristics, including at least a message username and message account registration information associated with the inbound message;
analyzing the plurality of message characteristics to determine a plurality of probability values for the message;
assigning a probability score to the inbound message based in part on the determined plurality of probability values and previously determined data and probability scores for a plurality of other message accounts;
classifying the inbound message and related message account as abusive based on the assigned probability score being at or above a determined threshold value; and
if the inbound message is classified as abusive, inhibiting delivery of the inbound message;
otherwise, enabling the inbound message to be delivered to the message account.
6 Assignments
0 Petitions
Accused Products
Abstract
The invention provides for at least three processes for detecting the probability of abusive use of a message account for sending large amounts of unsolicited messages, such as spam, to other message accounts. For example, information provided at registration for a new message account can be processed to determine the likelihood of abusive use of that message account. Also, inbound messages can be processed to determine if the message account that sent the inbound message is abusing the use of that message account. Additionally, outbound messages can be processed to determine if the message account that is attempting to send an outbound message is abusing the use of that message account. Each of these three processes can operate separately or in any combination with each other to further improve the probability that abusive use of a message account will be detected promptly and accurately.
62 Citations
20 Claims
-
1. A network device, comprising:
-
a transceiver to send and receive data over a network; and a processor that receives data from and sends data to the transceiver, and performs actions, including; in response to a request from a new user for a registration for a message account, determining a plurality of user probability values based on at least biographical information, a username and a password for the new user, a network address that is associated with the request, and a degree of similarity of at least a portion of the new user'"'"'s contact information to at least a portion of multiple other user registration information provided for registering at least another message account within a defined time period, each user probability value is a probability that the message account will be used for abusive purposes; if the plurality of user probability values are classified as abusive in comparison to at least a determined threshold value, inhibiting the message account from at least sending a message to another message account; and in response to receiving a message inbound to the message account; parsing the inbound message to identify a plurality of message characteristics, including at least a message username and message account registration information associated with the inbound message; analyzing the plurality of message characteristics to determine a plurality of probability values for the message; assigning a probability score to the inbound message based in part on the determined plurality of probability values and previously determined data and probability scores for a plurality of other message accounts; classifying the inbound message and related message account as abusive based on the assigned probability score being at or above a determined threshold value; and if the inbound message is classified as abusive, inhibiting delivery of the inbound message;
otherwise, enabling the inbound message to be delivered to the message account. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A processor readable non-transitory storage medium that includes data and instructions, wherein the execution of the instructions on a computing device by enabling actions, comprising:
-
in response to a request from a new user for a registration for a message account, determining a plurality of user probability values based on at least biographical information, a username and a password for the new user, a network address that is associated with the request, and a degree of similarity of at least a portion of the new user'"'"'s contact information to at least a portion of multiple other user registration information provided for registering at least another message account within a defined time period, each user probability value is a probability that the message account will be used for abusive purposes; if the plurality of user probability values are classified as abusive in comparison to at least a determined threshold value, inhibiting the message account from at least sending a message to another message account; and in response receiving a message inbound to the message account; parsing the inbound message to identify a plurality of message characteristics, including at least a message username, and message account registration information associated with the inbound message; analyzing the plurality of message characteristics to determine a plurality of probability values for the message; assigning a probability score to the inbound message based in part on the determined plurality of probability values and previously determined data and probability scores for a plurality of other message accounts; adjusting the probability score for the inbound message based in part on contributing factors indicating whether the message account related to the inbound message was previously used for abusive or fraudulent purposes; classifying the inbound message and the related message account as abusive based on the assigned probability score being at or above a determined threshold value; and if the inbound message is classified as abusive, inhibiting delivery of the inbound message;
otherwise, enabling the inbound message to be delivered to the message account. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A system for enabling a communications over a network, comprising:
-
a data storage device having stored thereon, a plurality of abusive message account data from at least a plurality of message account registrations; and one or more processors configured to employ data from the data storage device to perform actions, including; in response to a request from a new user for a registration for a message account, determining a plurality of user probability values based on at least biographical information, a username and a password for the new user, a network address that is associated with the request, and a degree of similarity of at least a portion of the new user'"'"'s contact information to at least a portion of multiple other user registration information provided for registering at least another message account within a defined time period, each user probability value is a probability that the message account will be used for abusive purposes; if the plurality of user probability values are classified as abusive in comparison to at least a determined threshold value, inhibiting the message account from at least sending a message to another message account; and in response to receiving a message inbound to the message account; parsing the inbound message to identify a plurality of message characteristics, including at least a message account, message username, and message account registration information associated with the inbound message; analyzing the plurality of message characteristics to determine a plurality of probability values for the message; assigning a probability score to the inbound message based in part on the determined plurality of probability values and previously determined data and probability scores for a plurality of other message accounts; classifying the inbound message and related message account as abusive based on the assigned probability score being at or above a determined threshold value; and if the inbound message is classified as abusive, inhibiting delivery of the inbound message;
otherwise, enabling the inbound message to be delivered to the message account. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification