Trusted communication network
First Claim
1. An apparatus for limiting bounce attacks, comprising:
- a processing node provided on a computer system having a processor and a computer-readable memory that;
receives an outbound message;
filters said outbound message for threats to determine whether to send said outbound message to at least one message recipient of said outbound message;
in response to determining said outbound message is trusted;
applies a trusted message identifier to said outbound message that identifies said outbound message as a trusted message prescreened for a security threat and having been originated from an authenticated private network member;
inserts a message tracking identifier (ID), a bounce tracking message ID, and a sender authentication tracking message ID into the outbound message, wherein the message tracking ID is generated using a hash of portions of the outbound message;
stores at least the bounce tracking message ID among one or more bounce tracking message IDs at the processing node; and
sends the outbound message to the at least one message recipient of said outbound message;
distinguishes whether a bounce back message is authorized and corresponds to one of the outbound messages sent by the processing node by determining whether bounce tracking message ID in the bounce back message corresponds to one of the bounce tracking message IDs stored at the processing node, wherein the bounce back message is a non-delivery report; and
generates a reputation metric associated with each member network of a plurality of registered member networks, wherein said reputation metric is based at least in part on threats detected in messages sent from said plurality of member networks.
15 Assignments
0 Petitions
Accused Products
Abstract
A system includes a processing node configured to send authorized inbound messages to registered enterprise networks. An authorized message is a message that includes trusted source indicia. Trusted source indicia indicates that the message was sent by one or more of the processing node or an authenticated message transfer node associated with one of the registered enterprise networks. The system may further include an administration node configured to maintain registration of a plurality of message transfer nodes associated with the enterprise networks. A method includes receiving outbound messages from an authenticated message transfer node of an enterprise network, screening the messages for threats to determine whether to send the messages to associated recipients, applying a first message identifier to each message, wherein the first message identifier can be used to track the message and, for each message, sending the message to the associated recipient if no threats are detected in the message.
231 Citations
20 Claims
-
1. An apparatus for limiting bounce attacks, comprising:
-
a processing node provided on a computer system having a processor and a computer-readable memory that; receives an outbound message; filters said outbound message for threats to determine whether to send said outbound message to at least one message recipient of said outbound message; in response to determining said outbound message is trusted; applies a trusted message identifier to said outbound message that identifies said outbound message as a trusted message prescreened for a security threat and having been originated from an authenticated private network member; inserts a message tracking identifier (ID), a bounce tracking message ID, and a sender authentication tracking message ID into the outbound message, wherein the message tracking ID is generated using a hash of portions of the outbound message; stores at least the bounce tracking message ID among one or more bounce tracking message IDs at the processing node; and sends the outbound message to the at least one message recipient of said outbound message; distinguishes whether a bounce back message is authorized and corresponds to one of the outbound messages sent by the processing node by determining whether bounce tracking message ID in the bounce back message corresponds to one of the bounce tracking message IDs stored at the processing node, wherein the bounce back message is a non-delivery report; and generates a reputation metric associated with each member network of a plurality of registered member networks, wherein said reputation metric is based at least in part on threats detected in messages sent from said plurality of member networks. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory computer-readable storage medium having machine-executable instructions that when executed on a processor configure the processor to:
-
receive an outbound message; filter said outbound message for threats to determine whether to send said outbound message to at least one message recipient of said outbound message; in response to determining said outbound message is trusted; apply a trusted message identifier to said outbound message that identifies said outbound message as a trusted message prescreened for a security threat and having been originated from an authenticated private network member; inserts a message tracking ID, a bounce tracking message ID, and a sender authentication tracking message ID into the outbound message, wherein the message tracking ID is generated using a hash of portions of the outbound message; store at least the bounce tracking message ID among one or more bounce tracking message IDs at the processing node; and send the outbound message to the at least one message recipient of said outbound message; distinguish whether a bounce back message is authorized and corresponds to one of the outbound messages sent by the processing node by determining whether bounce tracking message ID in the bounce back message corresponds to one of the bounce tracking message IDs stored at the processing node, wherein the bounce back message is a non-delivery report; and generate a reputation metric associated with each member network of a plurality of registered member networks, wherein said reputation metric is based at least in part on threats detected in messages sent from said plurality of member networks. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A method for limiting bounce attacks, comprising:
-
receiving, by a processing node executing on a processor, of a an outbound message; filtering, by the processing node, said outbound message for threats to determine whether to send said outbound message to at least one message recipient of said outbound message; in response to determining said outbound message is trusted; applying, by the processing node, a trusted message identifier to said outbound message that identifies said outbound message as a trusted message prescreened for a security threat and having been originated from an authenticated private network member; inserting, by the processing node, a message tracking ID, a bounce tracking message ID, and a sender authentication tracking message ID into the outbound message, wherein the message tracking ID is generated using a hash of portions of the outbound message; storing, by the processing node, at least the bounce tracking message ID among one or more bounce tracking message IDs at the processing node; sending, by the processing node, the outbound message to the at least one message recipient of said outbound message; distinguishing, by the processing node, whether a bounce back message is authorized and corresponds to one of the outbound messages sent by the processing node by determining whether bounce tracking message ID in the bounce back message corresponds to one of the bounce tracking message IDs stored at the processing node, wherein the bounce back message is a non-delivery report; and generating a reputation metric associated with each member network of a plurality of registered member networks, wherein said reputation metric is based at least in part on threats detected in messages sent from said plurality of member networks. - View Dependent Claims (19, 20)
-
Specification