Client-side spam detection and prevention
First Claim
1. A computer-implemented method comprising:
- identifying, by a computing system, that an email client of a user device is attempting to send an electronic message from the computing system to a recipient;
calculating, by the computing system, a score for the identified electronic message based on a spam detection algorithm and an indication from the user device about the identified electronic message prior to sending the identified electronic message, the score representing a first probability that the identified electronic message contains spam content;
calculating, by the computing system, a history score for a plurality of electronic messages that the email client of the user device is attempting to send within a time window associated with the identified electronic message, the plurality of electronic messages associated with the identified electronic message, the history score representing a second probability that the plurality of electronic messages also contain the spam content;
determining, by the computing system, whether the email client of the user device has been compromised by a third party based on the score and the history score; and
in response to determining that the email client of the user device has been compromised by the third party;
requesting authentication information from the user device, the authentication information requested from the user device via a communication link other than the compromised email client; and
preventing, by the computing system, communication of the identified electronic message and the plurality of electronic messages until the user device has been authenticated using the authentication information.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for detecting and preventing spam content attempted to be sent from a sender account may be provided. In an embodiment, a system can determine if a user'"'"'s electronic service has been compromised based on analyzing electronic messages attempted to be sent by the electronic service. For example, the system can calculate a score for the electronic messages utilizing a spam detection algorithm where the score represents the probability that the message contains spam content. The system can prevent the communication of electronic messages upon a determination that the electronic service has been compromised. The system can request authentication information from the user before further communication is allowed from the compromised electronic service.
52 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
identifying, by a computing system, that an email client of a user device is attempting to send an electronic message from the computing system to a recipient; calculating, by the computing system, a score for the identified electronic message based on a spam detection algorithm and an indication from the user device about the identified electronic message prior to sending the identified electronic message, the score representing a first probability that the identified electronic message contains spam content; calculating, by the computing system, a history score for a plurality of electronic messages that the email client of the user device is attempting to send within a time window associated with the identified electronic message, the plurality of electronic messages associated with the identified electronic message, the history score representing a second probability that the plurality of electronic messages also contain the spam content; determining, by the computing system, whether the email client of the user device has been compromised by a third party based on the score and the history score; and in response to determining that the email client of the user device has been compromised by the third party; requesting authentication information from the user device, the authentication information requested from the user device via a communication link other than the compromised email client; and preventing, by the computing system, communication of the identified electronic message and the plurality of electronic messages until the user device has been authenticated using the authentication information. - View Dependent Claims (2, 3, 4)
-
-
5. A computer-implemented method comprising:
-
receiving, by a computing system, an indication that an account of a user device is attempting to send an electronic message from the computing system to a recipient; calculating, by the computing system, a score for the electronic message, the score representing a first probability that the electronic message contains spam content; determining, by the computing system, whether the account of the user device has been compromised by a third party based on the score for the electronic message and a calculated history score for a plurality of electronic messages that the account is attempting to send within a time window associated with the electronic message, the calculated history score representing a second probability that the plurality of electronic messages also contain the spam content; and in response to a determination that the account of the user device has been compromised by the third party, requesting, by the computing system, authentication information from a user of the user device prior to communicating the electronic message to the recipient, the authentication information requested from the user via a communication link other than the compromised account. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A system, comprising:
-
a processor; and memory including computer-executable instructions that, when executed by the processor, cause the system to at least; in response to identifying that an account of a user is attempting to send an electronic message from a messaging service; determine whether the messaging service associated with the electronic message is attempting to send unauthorized messages on behalf of the user by; calculating a score for the electronic message by analyzing content of the electronic message, and calculating a history score for a plurality of electronic messages that the messaging service is attempting to send within a time window associated with the electronic message, the plurality of electronic messages being associated with the electronic message, the score representing a first probability that the electronic message contains spam content, and the history score representing a second probability that the plurality of electronic messages also contain the spam content; and in response to determining that the messaging service is attempting to send unauthorized messages on behalf of the user based on the calculated score and the calculated history score; request authentication information from the user via a communication link other than the messaging service; and prevent communication of the electronic message from the messaging service until the user has been authenticated using the authentication information. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium collectively storing computer-executable instructions that, when executed by a computer system, configure the computer system to perform operations comprising:
-
identifying that a messaging service is attempting to send a plurality of electronic messages; determining that the messaging service associated with the plurality of electronic messages is attempting to send unauthorized messages on behalf of a user by; calculating a score for an electronic message by analyzing content of the electronic message, and calculating a history score for the plurality of electronic messages based on a determination that the messaging service is attempting to send at least a subset of electronic messages, of the plurality of electronic messages, to a unique recipient within a time threshold; in response to determining that the messaging service is attempting to send unauthorized messages on behalf of the user based on the calculated score and the calculated history score; request authentication information from the user via a communication link other than the messaging service; and prevent communication of the plurality of electronic messages from the messaging service until the user has been authenticated using the authentication information. - View Dependent Claims (17, 18, 19, 20)
-
Specification