Client-side spam detection and prevention

US 9,264,418 B1
Filed: 02/20/2014
Issued: 02/16/2016
Est. Priority Date: 02/20/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

identifying, by a computing system, that an email client of a user device is attempting to send an electronic message from the computing system to a recipient;

calculating, by the computing system, a score for the identified electronic message based on a spam detection algorithm and an indication from the user device about the identified electronic message prior to sending the identified electronic message, the score representing a first probability that the identified electronic message contains spam content;

calculating, by the computing system, a history score for a plurality of electronic messages that the email client of the user device is attempting to send within a time window associated with the identified electronic message, the plurality of electronic messages associated with the identified electronic message, the history score representing a second probability that the plurality of electronic messages also contain the spam content;

determining, by the computing system, whether the email client of the user device has been compromised by a third party based on the score and the history score; and

in response to determining that the email client of the user device has been compromised by the third party;

requesting authentication information from the user device, the authentication information requested from the user device via a communication link other than the compromised email client; and

preventing, by the computing system, communication of the identified electronic message and the plurality of electronic messages until the user device has been authenticated using the authentication information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for detecting and preventing spam content attempted to be sent from a sender account may be provided. In an embodiment, a system can determine if a user'"'"'s electronic service has been compromised based on analyzing electronic messages attempted to be sent by the electronic service. For example, the system can calculate a score for the electronic messages utilizing a spam detection algorithm where the score represents the probability that the message contains spam content. The system can prevent the communication of electronic messages upon a determination that the electronic service has been compromised. The system can request authentication information from the user before further communication is allowed from the compromised electronic service.

52 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- identifying, by a computing system, that an email client of a user device is attempting to send an electronic message from the computing system to a recipient;
  
  calculating, by the computing system, a score for the identified electronic message based on a spam detection algorithm and an indication from the user device about the identified electronic message prior to sending the identified electronic message, the score representing a first probability that the identified electronic message contains spam content;
  
  calculating, by the computing system, a history score for a plurality of electronic messages that the email client of the user device is attempting to send within a time window associated with the identified electronic message, the plurality of electronic messages associated with the identified electronic message, the history score representing a second probability that the plurality of electronic messages also contain the spam content;
  
  determining, by the computing system, whether the email client of the user device has been compromised by a third party based on the score and the history score; and
  
  in response to determining that the email client of the user device has been compromised by the third party;
  
  requesting authentication information from the user device, the authentication information requested from the user device via a communication link other than the compromised email client; and
  
  preventing, by the computing system, communication of the identified electronic message and the plurality of electronic messages until the user device has been authenticated using the authentication information.
- View Dependent Claims (2, 3, 4)
- - 2. The computer-implemented method of claim 1, wherein determining whether the email client of the user device has been compromised comprises comparing the score and the history score to a user specified threshold.
  - 3. The computer-implemented method of claim 1, wherein the spam content includes at least one of content that is irrelevant to a user of the user device, content that contains inappropriate messages, content that contains computer viruses, content that contains links to spam network pages, or content that contains unsolicited advertisements.
  - 4. The computer-implemented method of claim 1, wherein the plurality of messages includes prior messages already sent from the computer system to the recipient on behalf of the email client of the user device and future messages configured to be sent from the computer system to the recipient on behalf of the email client of the user device.

5. A computer-implemented method comprising:
- receiving, by a computing system, an indication that an account of a user device is attempting to send an electronic message from the computing system to a recipient;
  
  calculating, by the computing system, a score for the electronic message, the score representing a first probability that the electronic message contains spam content;
  
  determining, by the computing system, whether the account of the user device has been compromised by a third party based on the score for the electronic message and a calculated history score for a plurality of electronic messages that the account is attempting to send within a time window associated with the electronic message, the calculated history score representing a second probability that the plurality of electronic messages also contain the spam content; and
  
  in response to a determination that the account of the user device has been compromised by the third party, requesting, by the computing system, authentication information from a user of the user device prior to communicating the electronic message to the recipient, the authentication information requested from the user via a communication link other than the compromised account.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The computer-implemented method of claim 5, wherein determining whether the account of the user device has been compromised by the third party comprises comparing the score to a threshold, wherein the account of the user device is determined to be compromised by the third party if the score exceeds the threshold.
  - 7. The computer-implemented method of claim 6, wherein the threshold is specified by an administrator of an email service that hosts the account of the user device or by the user.
  - 8. The computer-implemented method of claim 6, wherein the threshold is determined based at least in part on whether an email service that hosts the account of the user device has previously been compromised by the third party.
  - 9. The computer-implemented method of claim 5, wherein an electronic service that hosts the account of the user device includes at least one of an email service, a social networking service, an instant messaging service, or a digital communication service that utilizes electronic messages.

10. A system, comprising:
- a processor; and
  
  memory including computer-executable instructions that, when executed by the processor, cause the system to at least;
  
  in response to identifying that an account of a user is attempting to send an electronic message from a messaging service;
  
  determine whether the messaging service associated with the electronic message is attempting to send unauthorized messages on behalf of the user by;
  
  calculating a score for the electronic message by analyzing content of the electronic message, and calculating a history score for a plurality of electronic messages that the messaging service is attempting to send within a time window associated with the electronic message, the plurality of electronic messages being associated with the electronic message, the score representing a first probability that the electronic message contains spam content, and the history score representing a second probability that the plurality of electronic messages also contain the spam content; and
  
  in response to determining that the messaging service is attempting to send unauthorized messages on behalf of the user based on the calculated score and the calculated history score;
  
  request authentication information from the user via a communication link other than the messaging service; and
  
  prevent communication of the electronic message from the messaging service until the user has been authenticated using the authentication information.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system of claim 10, wherein the authentication information includes at least one of a username and password, a unique code, a personal identifier, personal information communicated via a telephone call, or an authenticator token.
  - 12. The system of claim 10, wherein requesting authentication information from the user includes utilizing at least one of a short message service (SMS) message, an email to an alternate email service, a media file, an instant message, or a telephone call.
  - 13. The system of claim 10, wherein the computer-executable instructions further cause the system to at least prevent reset authentication capability of a third party service associated with the messaging service if it is determined that the messaging service is attempting to send the unauthorized messages on behalf of the user.
  - 14. The system of claim 13, wherein preventing reset authentication capability of the third party service includes performing an application programming interface (API) method call provided by the third party service.
  - 15. The system of claim 13, wherein the third party service includes at least one of a banking service, an electronic marketplace service, a credit card service, a financial information service, or a personal information service.

16. A non-transitory computer-readable storage medium collectively storing computer-executable instructions that, when executed by a computer system, configure the computer system to perform operations comprising:
- identifying that a messaging service is attempting to send a plurality of electronic messages;
  
  determining that the messaging service associated with the plurality of electronic messages is attempting to send unauthorized messages on behalf of a user by;
  
  calculating a score for an electronic message by analyzing content of the electronic message, and calculating a history score for the plurality of electronic messages based on a determination that the messaging service is attempting to send at least a subset of electronic messages, of the plurality of electronic messages, to a unique recipient within a time threshold;
  
  in response to determining that the messaging service is attempting to send unauthorized messages on behalf of the user based on the calculated score and the calculated history score;
  
  request authentication information from the user via a communication link other than the messaging service; and
  
  prevent communication of the plurality of electronic messages from the messaging service until the user has been authenticated using the authentication information.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer-readable storage medium of claim 16, wherein analyzing the plurality of electronic messages further includes applying a spam detection algorithm to at least the subset of the plurality of electronic messages to determine if the subset of the plurality of electronic messages contains spam content.
  - 18. The non-transitory computer-readable storage medium of claim 16, wherein the operations further comprise:
    - receiving one or more notifications from the messaging service associated with the user, the one or more notifications indicating that spam content has been identified by the messaging service;
      
      determining whether to prevent communication of content from the messaging service based at least in part on the one or more notifications and the time threshold; and
      
      in response to determining to prevent communication of the content from the messaging service;
      
      requesting the authentication information from the user; and
      
      preventing communication of the content from the messaging service until the user has been authenticated using the authentication information.
  - 19. The non-transitory computer-readable storage medium of claim 18, wherein the one or more notifications are implemented by the messaging service utilizing at least one of a tag feature, a flagging feature, or a response submit feature.
  - 20. The non-transitory computer-readable storage medium of claim 16, wherein the operations further comprise:
    - in response to the user having been successfully authenticated using the authentication information;
      
      providing a user interface configured to receive user input, the user input utilized to indicate whether an electronic message has been properly classified as containing spam content; and
      
      sending electronic messages in response to the user input indicating that the electronic messages do not contain spam content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Crosley, Jay Austin
Primary Examiner(s)
Avery, Jeremiah

Application Number

US14/185,796
Time in Patent Office

726 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 63/08   for authentication of entit...

H04L 63/145   the attack involving the pr...

Client-side spam detection and prevention

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

52 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Client-side spam detection and prevention

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links