公开(公告)号：US08868663B2

公开(公告)日：2014-10-21

申请号：US12561940

申请日：2009-09-17

申请人： Bhasker Hariharan ,  Naveen Jamal ,  Anirban Kundu ,  Vishwanath Tumkur Ramarao ,  Mark E. Risher ,  Xiaopeng Xi ,  Lei Zheng

发明人： Bhasker Hariharan ,  Naveen Jamal ,  Anirban Kundu ,  Vishwanath Tumkur Ramarao ,  Mark E. Risher ,  Xiaopeng Xi ,  Lei Zheng

IPC分类号： G06F15/16 ,  H04L12/58 ,  H04L29/06

CPC分类号： H04L12/585 ,  H04L51/12 ,  H04L63/1425

摘要： The invention provides for at least three processes for detecting the probability of abusive use of a message account for sending large amounts of unsolicited messages, such as spam, to other message accounts. For example, information provided at registration for a new message account can be processed to determine the likelihood of abusive use of that message account. Also, inbound messages can be processed to determine if the message account that sent the inbound message is abusing the use of that message account. Additionally, outbound messages can be processed to determine if the message account that is attempting to send an outbound message is abusing the use of that message account. Each of these three processes can operate separately or in any combination with each other to further improve the probability that abusive use of a message account will be detected promptly and accurately.

摘要翻译： 本发明提供至少三个过程，用于检测滥用于消息帐户以将大量未经请求的消息（例如垃圾邮件）发送到其他消息帐户的可能性的过程。 例如，可以处理在注册新消息帐户时提供的信息，以确定滥用该消息帐户的可能性。 此外，可以处理入站邮件以确定发送入站邮件的邮件帐户是否滥用该邮件帐户的使用。 此外，可以处理出站邮件，以确定尝试发送出站邮件的邮件帐户是否滥用该邮件帐户的使用。 这三个进程中的每一个可以分开地或彼此以任何组合的方式进行操作，以进一步提高迅速且准确地检测到滥用消息账户的可能性。

公开(公告)号：US20100077040A1

公开(公告)日：2010-03-25

申请号：US12561940

申请日：2009-09-17

申请人： Bhasker Hariharan ,  Naveen Jamal ,  Anirban Kundu ,  Vishwanath Tumkur Ramarao ,  Mark E. Risher ,  Xiaopeng Xi ,  Lei Zheng

发明人： Bhasker Hariharan ,  Naveen Jamal ,  Anirban Kundu ,  Vishwanath Tumkur Ramarao ,  Mark E. Risher ,  Xiaopeng Xi ,  Lei Zheng

IPC分类号： G06F15/16

CPC分类号： H04L12/585 ,  H04L51/12 ,  H04L63/1425

摘要： The invention provides for at least three processes for detecting the probability of abusive use of a message account for sending large amounts of unsolicited messages, such as spam, to other message accounts. For example, information provided at registration for a new message account can be processed to determine the likelihood of abusive use of that message account. Also, inbound messages can be processed to determine if the message account that sent the inbound message is abusing the use of that message account. Additionally, outbound messages can be processed to determine if the message account that is attempting to send an outbound message is abusing the use of that message account. Each of these three processes can operate separately or in any combination with each other to further improve the probability that abusive use of a message account will be detected promptly and accurately.

摘要翻译： 本发明提供至少三个过程，用于检测滥用于消息帐户以将大量未经请求的消息（例如垃圾邮件）发送到其他消息帐户的可能性的过程。 例如，可以处理在注册新消息帐户时提供的信息，以确定滥用该消息帐户的可能性。 此外，可以处理入站邮件以确定发送入站邮件的邮件帐户是否滥用该邮件帐户的使用。 此外，可以处理出站邮件，以确定尝试发送出站邮件的邮件帐户是否滥用该邮件帐户的使用。 这三个进程中的每一个可以分开地或彼此以任何组合的方式进行操作，以进一步提高迅速且准确地检测到滥用消息账户的可能性。

公开(公告)号：US08826450B2

公开(公告)日：2014-09-02

申请号：US12561875

申请日：2009-09-17

申请人： Bhasker Hariharan ,  Naveen Jamal ,  Anirban Kundu ,  Vishwanath Tumkur Ramarao ,  Mark E. Risher ,  Xiaopeng Xi ,  Lei Zheng

发明人： Bhasker Hariharan ,  Naveen Jamal ,  Anirban Kundu ,  Vishwanath Tumkur Ramarao ,  Mark E. Risher ,  Xiaopeng Xi ,  Lei Zheng

IPC分类号： G06F7/04 ,  G06F15/16 ,  H04L12/58 ,  H04L29/06

CPC分类号： H04L12/585 ,  H04L51/12 ,  H04L63/1425

摘要： The invention provides for at least three processes for detecting the probability of abusive use of a message account for sending large amounts of unsolicited messages, such as spam, to other message accounts. For example, information provided at registration for a new message account can be processed to determine the likelihood of abusive use of that message account. Also, inbound messages can be processed to determine if the message account that sent the inbound message is abusing the use of that message account. Additionally, outbound messages can be processed to determine if the message account that is attempting to send an outbound message is abusing the use of that message account. Each of these three processes can operate separately or in any combination with each other to further improve the probability that abusive use of a message account will be detected promptly and accurately.

摘要翻译： 本发明提供至少三个过程，用于检测滥用于消息帐户以将大量未经请求的消息（例如垃圾邮件）发送到其他消息帐户的可能性的过程。 例如，可以处理在注册新消息帐户时提供的信息，以确定滥用该消息帐户的可能性。 此外，可以处理入站邮件以确定发送入站邮件的邮件帐户是否滥用该邮件帐户的使用。 此外，可以处理出站邮件，以确定尝试发送出站邮件的邮件帐户是否滥用该邮件帐户的使用。 这三个进程中的每一个可以分开地或彼此以任何组合的方式进行操作，以进一步提高迅速且准确地检测到滥用消息账户的可能性。

公开(公告)号：US20100076922A1

公开(公告)日：2010-03-25

申请号：US12561875

申请日：2009-09-17

申请人： Bhasker Hariharan ,  Naveen Jamal ,  Anirban Kundu ,  Vishwanath Tumkur Ramarao ,  Mark E. Risher ,  Xiaopeng Xi ,  Lei Zheng

发明人： Bhasker Hariharan ,  Naveen Jamal ,  Anirban Kundu ,  Vishwanath Tumkur Ramarao ,  Mark E. Risher ,  Xiaopeng Xi ,  Lei Zheng

IPC分类号： G06F21/00 ,  G06N7/02 ,  G06F15/16

CPC分类号： H04L12/585 ,  H04L51/12 ,  H04L63/1425

摘要： The invention provides for at least three processes for detecting the probability of abusive use of a message account for sending large amounts of unsolicited messages, such as spam, to other message accounts. For example, information provided at registration for a new message account can be processed to determine the likelihood of abusive use of that message account. Also, inbound messages can be processed to determine if the message account that sent the inbound message is abusing the use of that message account. Additionally, outbound messages can be processed to determine if the message account that is attempting to send an outbound message is abusing the use of that message account. Each of these three processes can operate separately or in any combination with each other to further improve the probability that abusive use of a message account will be detected promptly and accurately.

摘要翻译： 本发明提供至少三个过程，用于检测滥用于消息帐户以将大量未经请求的消息（例如垃圾邮件）发送到其他消息帐户的可能性的过程。 例如，可以处理在注册新消息帐户时提供的信息，以确定滥用该消息帐户的可能性。 此外，可以处理入站邮件以确定发送入站邮件的邮件帐户是否滥用该邮件帐户的使用。 此外，可以处理出站邮件，以确定尝试发送出站邮件的邮件帐户是否滥用该邮件帐户的使用。 这三个进程中的每一个可以分开地或彼此以任何组合的方式进行操作，以进一步提高迅速且准确地检测到滥用消息账户的可能性。

公开(公告)号：US08364766B2

公开(公告)日：2013-01-29

申请号：US12328723

申请日：2008-12-04

申请人： Lei Zheng ,  Sharat Narayan ,  Mark E. Risher ,  Stanley Ke Wei ,  Vishwanath Tumkur Ramarao ,  Anirban Kundu

发明人： Lei Zheng ,  Sharat Narayan ,  Mark E. Risher ,  Stanley Ke Wei ,  Vishwanath Tumkur Ramarao ,  Anirban Kundu

IPC分类号： G06F15/16

CPC分类号： H04L51/12 ,  G06N7/005

摘要： Embodiments are directed towards classifying messages as spam using a two phased approach. The first phase employs a statistical classifier to classify messages based on message content. The second phase targets specific message types to capture dynamic characteristics of the messages and identify spam messages using a token frequency based approach. A client component receives messages and sends them to the statistical classifier, which determines a probability that a message belongs to a particular type of class. The statistical classifier further provides other information about a message, including, a token list, and token thresholds. The message class, token list, and thresholds are provided to the second phase where a number of spam tokens in a given message for a given message class are determined. Based on the threshold, the client component then determines whether the message is spam or non-spam.

摘要翻译： 实施例针对使用两阶段方法将消息分类为垃圾邮件。 第一阶段采用统计分类器根据消息内容分类消息。 第二阶段针对特定的消息类型来捕获消息的动态特征，并使用基于令牌频率的方法识别垃圾邮件。 客户端组件接收消息并将其发送到统计分类器，该分类器确定消息属于特定类型的类的概率。 统计分类器还提供关于消息的其他信息，包括令牌列表和令牌阈值。 消息类别，令牌列表和阈值被提供给第二阶段，其中给定消息类别的给定消息中的多个垃圾邮件令牌被确定。 基于阈值，客户端组件然后确定消息是垃圾邮件还是非垃圾邮件。

公开(公告)号：US20100145900A1

公开(公告)日：2010-06-10

申请号：US12328723

申请日：2008-12-04

申请人： Lei Zheng ,  Sharat Narayan ,  Mark E. Risher ,  Stanley Ke Wei ,  Vishwanath Tumkur Ramarao ,  Anirban Kundu

发明人： Lei Zheng ,  Sharat Narayan ,  Mark E. Risher ,  Stanley Ke Wei ,  Vishwanath Tumkur Ramarao ,  Anirban Kundu

IPC分类号： G06N5/02 ,  G06F15/16

CPC分类号： H04L51/12 ,  G06N7/005

摘要： Embodiments are directed towards classifying messages as spam using a two phased approach. The first phase employs a statistical classifier to classify messages based on message content. The second phase targets specific message types to capture dynamic characteristics of the messages and identify spam messages using a token frequency based approach. A client component receives messages and sends them to the statistical classifier, which determines a probability that a message belongs to a particular type of class. The statistical classifier further provides other information about a message, including, a token list, and token thresholds. The message class, token list, and thresholds are provided to the second phase where a number of spam tokens in a given message for a given message class are determined. Based on the threshold, the client component then determines whether the message is spam or non-spam.

摘要翻译： 实施例针对使用两阶段方法将消息分类为垃圾邮件。 第一阶段采用统计分类器根据消息内容分类消息。 第二阶段针对特定的消息类型来捕获消息的动态特征，并使用基于令牌频率的方法识别垃圾邮件。 客户端组件接收消息并将其发送到统计分类器，该分类器确定消息属于特定类型的类的概率。 统计分类器还提供关于消息的其他信息，包括令牌列表和令牌阈值。 消息类别，令牌列表和阈值被提供给第二阶段，其中给定消息类别的给定消息中的多个垃圾邮件令牌被确定。 基于阈值，客户端组件然后确定消息是垃圾邮件还是非垃圾邮件。

公开(公告)号：US20090216842A1

公开(公告)日：2009-08-27

申请号：US12035941

申请日：2008-02-22

申请人： Mark E. Risher ,  Mark Delany ,  Anirban Kundu ,  Miles A. Libbey, IV ,  Masumi Taketomi

发明人： Mark E. Risher ,  Mark Delany ,  Anirban Kundu ,  Miles A. Libbey, IV ,  Masumi Taketomi

IPC分类号： G06F15/16

CPC分类号： G06Q10/107 ,  H04L51/12 ,  H04L51/28

摘要： Embodiments are directed towards detecting and reporting use by a domain of a message authentication mechanism, such as DomainKeys (DK), and/or DomainKeys Identified Mail (DKIM), and enabling subsequent blocking of messages based, in part, on its usage. When a message is received by an inbound message server, a message source is determined for the message. In one embodiment, the message source is a domain name associated with the sender of the message. Statistics are recorded about the message, including the message source, whether the message is suspect, includes a forged source identifier, employs DK/DKIM message authentication, and the like. The reports may ten be sent to various message sources to enable them to determine the extent of use of DK/DKIM message authentication, and to selectively block, re-direct, or forward the messages based, in part, on the use of DK/DKIM message authentication mechanism.

摘要翻译： 实施例旨在检测和报告诸如DomainKeys（DK）和/或DomainKeys Identified Mail（DKIM）之类的消息认证机制的域的使用，并且部分地基于其使用来启用消息的后续阻塞。 当入站消息服务器接收到消息时，确定消息的消息源。 在一个实施例中，消息源是与消息的发送者相关联的域名。 记录关于消息的统计信息，包括消息源，消息是否可疑，包括伪造的源标识符，使用DK / DKIM消息认证等。 然后可以将报告发送到各种消息源，以使它们能够确定DK / DKIM消息认证的使用程度，并且部分地基于DK / DKIM消息认证的使用来选择性地阻止，重新引导或转发消息， DKIM消息认证机制。

公开(公告)号：US08381262B2

公开(公告)日：2013-02-19

申请号：US12034602

申请日：2008-02-20

申请人： Mark E. Risher ,  Mark Delany ,  Anirban Kundu ,  Miles A. Libbey, IV ,  Masumi Taketomi

发明人： Mark E. Risher ,  Mark Delany ,  Anirban Kundu ,  Miles A. Libbey, IV ,  Masumi Taketomi

IPC分类号： H04L29/06

CPC分类号： H04L51/12 ,  H04L63/126

摘要： Embodiments are directed towards detecting and reporting use by a domain of a message authentication mechanism, such as DomainKeys (DK), and/or DomainKeys Identified Mail (DKIM), and enabling subsequent blocking of messages based, in part, on its usage. When a message is received by an inbound message server, a message source is determined for the message. In one embodiment, the message source is a domain name associated with the sender of the message. Statistics are recorded about the message, including the message source, whether the message is suspect, includes a forged source identifier, employs DK/DKIM message authentication, and the like. The reports may then be sent to various message sources to enable them to determine the extent of use of DK/DKIM message authentication, and to selectively block, re-direct, or forward the messages based, in part, on the use of DK/DKIM message authentication mechanism.

摘要翻译： 实施例旨在检测和报告诸如DomainKeys（DK）和/或DomainKeys Identified Mail（DKIM）之类的消息认证机制的域的使用，并且部分地基于其使用来启用消息的后续阻止。 当入站消息服务器接收到消息时，确定消息的消息源。 在一个实施例中，消息源是与消息的发送者相关联的域名。 记录关于消息的统计信息，包括消息源，消息是否可疑，包括伪造的源标识符，使用DK / DKIM消息认证等。 然后可以将报告发送到各种消息源，以使它们能够确定DK / DKIM消息认证的使用程度，并且部分地基于DK / DKIM消息认证的使用来选择性地阻止，重新引导或转发消息， DKIM消息认证机制。

公开(公告)号：US07950047B2

公开(公告)日：2011-05-24

申请号：US12035941

申请日：2008-02-22

申请人： Mark E. Risher ,  Mark Delany ,  Anirban Kundu ,  Miles A. Libbey, IV ,  Masumi Taketomi

发明人： Mark E. Risher ,  Mark Delany ,  Anirban Kundu ,  Miles A. Libbey, IV ,  Masumi Taketomi

IPC分类号： G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06

CPC分类号： G06Q10/107 ,  H04L51/12 ,  H04L51/28

摘要： Embodiments are directed towards detecting and reporting use by a domain of a message authentication mechanism, such as DomainKeys (DK), and/or DomainKeys Identified Mail (DKIM), and enabling subsequent blocking of messages based, in part, on its usage. When a message is received by an inbound message server, a message source is determined for the message. In one embodiment, the message source is a domain name associated with the sender of the message. Statistics are recorded about the message, including the message source, whether the message is suspect, includes a forged source identifier, employs DK/DKIM message authentication, and the like. The reports may ten be sent to various message sources to enable them to determine the extent of use of DK/DKIM message authentication, and to selectively block, re-direct, or forward the messages based, in part, on the use of DK/DKIM message authentication mechanism.

摘要翻译： 实施例旨在检测和报告诸如DomainKeys（DK）和/或DomainKeys Identified Mail（DKIM）之类的消息认证机制的域的使用，并且部分地基于其使用来启用消息的后续阻止。 当入站消息服务器接收到消息时，确定消息的消息源。 在一个实施例中，消息源是与消息的发送者相关联的域名。 记录关于消息的统计信息，包括消息源，消息是否可疑，包括伪造的源标识符，使用DK / DKIM消息认证等。 然后可以将报告发送到各种消息源，以使它们能够确定DK / DKIM消息认证的使用程度，并且部分地基于DK / DKIM消息认证的使用来选择性地阻止，重新引导或转发消息， DKIM消息认证机制。

公开(公告)号：US20090210501A1

公开(公告)日：2009-08-20

申请号：US12034602

申请日：2008-02-20

申请人： Mark E. Risher ,  Mark Delany ,  Anirban Kundu ,  Miles A. Libbey, IV ,  Masumi Taketomi

发明人： Mark E. Risher ,  Mark Delany ,  Anirban Kundu ,  Miles A. Libbey, IV ,  Masumi Taketomi

IPC分类号： G06F15/16

CPC分类号： H04L51/12 ,  H04L63/126

摘要： Embodiments are directed towards detecting and reporting use by a domain of a message authentication mechanism, such as DomainKeys (DK), and/or DomainKeys Identified Mail (DKIM), and enabling subsequent blocking of messages based, in part, on its usage. When a message is received by an inbound message server, a message source is determined for the message. In one embodiment, the message source is a domain name associated with the sender of the message. Statistics are recorded about the message, including the message source, whether the message is suspect, includes a forged source identifier, employs DK/DKIM message authentication, and the like. The reports may then be sent to various message sources to enable them to determine the extent of use of DK/DKIM message authentication, and to selectively block, re-direct, or forward the messages based, in part, on the use of DK/DKIM message authentication mechanism.

摘要翻译： 实施例旨在检测和报告诸如DomainKeys（DK）和/或DomainKeys Identified Mail（DKIM）之类的消息认证机制的域的使用，并且部分地基于其使用来启用消息的后续阻止。 当入站消息服务器接收到消息时，确定消息的消息源。 在一个实施例中，消息源是与消息的发送者相关联的域名。 记录关于消息的统计信息，包括消息源，消息是否可疑，包括伪造的源标识符，使用DK / DKIM消息认证等。 然后可以将报告发送到各种消息源，以使它们能够确定DK / DKIM消息认证的使用程度，并且部分地基于DK / DKIM消息认证的使用来选择性地阻止，重新引导或转发消息， DKIM消息认证机制。