CA2473285A1 - Spam processing system and methods including shared information among plural spam filters - Google Patents

Spam processing system and methods including shared information among plural spam filters Download PDF

Info

Publication number
CA2473285A1
CA2473285A1 CA002473285A CA2473285A CA2473285A1 CA 2473285 A1 CA2473285 A1 CA 2473285A1 CA 002473285 A CA002473285 A CA 002473285A CA 2473285 A CA2473285 A CA 2473285A CA 2473285 A1 CA2473285 A1 CA 2473285A1
Authority
CA
Canada
Prior art keywords
sender
message
spam
list
confirmed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
CA002473285A
Other languages
French (fr)
Inventor
Gary G. Liu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zix Corp
Original Assignee
Zix Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zix Corp filed Critical Zix Corp
Publication of CA2473285A1 publication Critical patent/CA2473285A1/en
Abandoned legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/107Computer-aided management of electronic mailing [e-mailing]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/212Monitoring or handling of messages using filtering or selective blocking

Abstract

Methods and apparatus for filtering seam. In one aspect, the method is for filtering spam in a messaging system and includes confirming that a message sender can receive, sharing information indicating that the message sender can receive among a plurality of seam filters in the messaging system and using she information at a given one of the plurality of spam filters to determine if a message should be allowed without separately determining whether the message sender can receive.

Description

SPAM Pr~cessing S~sten~ end Meth~ds Including Shared Inf~rrnati~n Any~n~ Plural SPA. Filters ~c~Cmc~~. FIE»
This invention relates to methods and apparatus for processing messages.
BACI~GIZ~~.T~TI3 With the advent of modern computer technology, individuals increasingly use electronic means to transfer information from one location to another. For example, E-mail is a popular and efficient means for transferring inforrr~ation from one user to another. The popularity of messal;ing systems such as E-mail has risen dramatically among individuals, and a similar rise has occurred in the business use of messaging systems. Conventional point to point transfers from one co~~puter to another represent the vast majority of these communications, however a myriad of handheld devices are now available that deliver messages to non-traditional computing platforms (pagers, PDA's, Blackberry devices, Internet set top boxes and the li.ke).
Unfortunately the use of such messaging systems comes with measures of difficulties. The messaging systems have become a equally convenient form of communication for marketers, promoters, advertisers and others wishing to provide often unsolicited content (spam) to users of such messaging systems. Studies have suggested that seam accounts for nearly 1/3 of all the message traffic coming into a corporate messaging system. Further, malicious use of seam can creavte system failures, such as seen when a denial of service attack is successful in overloading a target messaging system. In addition to individual inconveniences, spam adds to network congestion (e.g., Internet congestion) by consuming large amounts of storage space and bandwidth. While the cost of sending out millions of seam emails is very low (much cheaper than postal junk mail), the costs (direct and indirect) on the receive end. is not insubstantial.
IeTumerous conventional systems exist for identifying and processing spam.
Some conventional systems rely on identifying the source of the spam, e.g., the real email address of the spam sender. I-Iowever, "spammers" (i.e., sp~aoriginators) often mask their identity or source of origin to avoid these i:ype of detection systems.
In one type of conventional system employed at an Internet Service Provider (ISP), the identification of a source (i.e., real email addresses of a spammer) will cause the ISP to immediately terminate the spammer's account or limit their activity.
Since most spammers do not identify themselves (e.g., their real source email addresses) this information can be used to filter out a significant amount of spam. For example, a conventional spam filter can be used to send back a confirmation E-mail to a source E-mail address of a suspect message to check if the sender can receive.
If the confirmation fails, this information can then be used to decide whether a message should be treated as a spam. Such an idea has been used in several anti-seam systems, including the systems and methods disclosed in (1S patents 6,199,102 and 6,546,416, and the published patent application 20030009698.
In all these systems, a spam filter installed either at an E-mail client or at a mail server is used to filter out spam. When an E-mail message arrives at the spam filter, the spam filter will temporarily hold the message and send a confirmation E-mail to the original sender. The message held will be delivered only after the original sender answers the confirmation E-mail correctly. Optionally, the seam filter keeps a list of confirmed senders (a "white Iist"). When a sender answers the confirmation email correctly, he will be put into the white list so that the next time when a message from the same sender arrives, the message will be delivered without delay and without sending another confirmation E-mail.
One problem of these prior art systems, however, is that they generally require a conventional sender (i.e., non-spammer) to answer many confirmation emails, causing quite an inconvenience to the sender. For a system that does not use a white list, a conventional E-mail sender generally needs to answer as many confirmation E-mails as the number of spam filters installed among the recipients for each E-mail message the sender sends out. For example, if one sends an E-mail to three recipients (john@example.com, gary@anotherexample.corn, and cc's love@thirdexarnple.com), the sender would be required to answer three confirmation E-mails, if all the recipients have an anti-seam filter installed. In addition, the conventional .sender would have to answer three confirmation emails each time a message is sent to the three recipients.
For a system that uses a white List, a conventional E-mail sender generally needs to answer as many confirmation I;-mails as the number of seam filters installed among the recipients for at least a first message sent. Because each spam filter keeps a separate white list, a conventional sender still needs to answer one confirmation E-mail for each spam filter installed among the recipients he sends E-mails t:o. In the above example, the conventional sender still has to answer three confirmation E-mails when he sends out a first message, although he/she will not receive any confirmation E-mails when he sends additional messages to the same tree recipients.
One shortcoming of these prior art systems is that each conventional spam filter works in isolation and does not share information with other spam filters.
More specifically, conventional spam fitters do not share a white list of verified sender addresses. For this reason, a conventional spam filter always has to send a confirmation email to each sender to verify his E-mail address, even though other seam filters within a given network may have already verified his E-mail address. In addition, conventional spam filters do not share other information that could be useful in detecting spammers, such as information to detect a spammer's signature. For e:~:ample, because a spammer sends to a large number of unrelated E-mail addresses, events detected by a plurality of seam filters could be correlated and trends developed to detect a signature of a spammer (e.g., this address, though valid, sends too many messages to unrelated E-mail addresses), even if that spammer is using his/her real E-mail address. (conventional spam filters in these prior art systems work in isolation, and do not share information that could be correlated to detect the signature of spammers.
SUI9VIlVIE~RY
In one implementation, the invention provides a data center to send out confirmation messages (e.g., E-rr~ails), to process sender's responses, and to keep a "white list" of confirmed senders, a "black list" of known spammers, and an "unconfirmed list"
of the senders who have not answered a confirmation yet. In this implementation, the seam filters, on the other hand, do not handle confirmation. messages or keep any of the ~5 lists. A seam filter queries the data center to obtain the status of a sender in order to determine whether a received message from that sender should be delivered, disposed (e.g. deleted, sent to a junk mail boxes, etc.), or temporarily held while the data center is waiting for the answer to the confirmation message.
In another implementation, the invention provides a method for detecting spam in a messaging system and includes generating a white list of confirmed message senders, each of said confirmed message senders having been confi.xmed as being able to receive messages. The method includes sharing the white list among a plurality of spam filters in the messaging system and using tree white list at a given one of the plurality of spam filters to determine if a sender of a received message has been previously confirmed. If the sender has been confirmed, the method includes forwarding the received message to a recipient without separately confirming the sender.
Aspects of the invention can include one or more of the following features.
The messaging system can be an email system. The white list can be shared with at least two spam filters. If the sender has not been previously confirmed, the method can include sending a confirmation to the sender and verifying a response from the sender.
If the response is verified, the sender can be added to the white list at the given spam filter and the information can be shared with other spam filters in the messaging system.
Sharing can include publishing the white list at a central location. Using the white list can include checking the white list maintained at a central location. If t:he sender has not been previously confirmed, the methodl further includes sending a confirmation to the sender and verifying a response from the sender. If the response is verified, the method can 1 S include adding the sender to the white list at a central location that is shared among the plurality of seam filters.
In another aspect, the invention provides a method :Far identifying a seam message and includes receiving a message at a spam filter in a network that includes a plurality of seam filters, identifying the sender of the message and determining if the sender has been previously confirmed as a valid sender including determining if the sender is included in a list of confirmed senders for any spam filter in the network. If the sender has been confirmed, then the method can include forwarding the received message to a recipient without separately confirming the sender.
Aspects of the invention can include one or more of the following features.
The 2S method can include determining if the sender has not been previously confirmed and if not confirmed, sending a confirmation to the sender and verifying a response from the sender. If the response is acceptable, the sender can be added to the white list at the given spam filter and the information can be shared with other seam filters ira network. Sharing can include publishing the white list at a central location.
In another aspect, the invention can provide a method for detecting a spammer in a network that includes a plurality of sparn filters and includes collecting information relating to a sender from a plurality o.f the spam filters, determining a trend in the collected information and identify a spammer based on the; trend.

Aspects of the invention can include one or more of the following features.
Collecting information can include collecting information relating to a number of messages sent by a sender to unrelated email addresses. Determining trends can include correlating the messages received by an individual spam fillter relating to a same sender.
Identifying can include determining that a sender is a spammer if a number of messages sent to unrelated email addresses in the correlated data exceeds a predetermined threshold. The threshold can be time dependent:.
In another aspect the invention provides a method for detecting spam in a messaging system and includes generating a white Iist of confirmed message senders and maintaining the white list at a data center, receiving a message at a spam filter in a network that includes a plurality of seam filters, verifying with the data center that the sender of the message is a confirmed message sender, add if so, forwarding the received message to a recipient without separately confirming the sender.
In another aspect the invention provides a method fir identifying a seam message I S and includes receiving a message at a spam filter in a network that includes a plurality of spam filters, identifying the sender of the message and verifying with a data center coupled to a plurality of the spam filters if the sender has been previously confirmed as a valid sender including determining if the sender is includedL in a List of confirmed senders for any spam filter in the network, the list being maintained at the data center. If the sender has been previously confirmed, the received message is forwarded to a recipient without separately confirming the sender.
In another aspect, the invention provides a method for detecting a spammer in a network that includes a plurality of spam filters and includes collecting, using a data center, information relating to a sender from a plurality of l;he seam filters, determining a trend in the collected inforrr~ation; and identifying a spamn'er based on the trend, including adding the sender to a list of confirmed spammers maintained by the data center.
Aspects of the invention rnay include one or more of the following features.
Collecting information can include collecting information relating to a number of messages sent by a sender to unrelated email addresses. Determining trends can include correlating messages received by an individual spam filter relating to a same sender.
Identifying can include determining that a sender is a spammer if a number ofmessages sent to unrelated email addresses in the correlated data exceeds a predetermined threshold.
In another aspect, the invention provides a method for filtering spam in a messaging system and includes confirming that a message sender can receive, sharing information indicating that the message sender can receive among a plurality of spam filters in the messaging system and using said information at a given one of the plurality of seam filters to determine if a rn~essage should be allowed without separately determining whether the message sender can receive.
Aspects of the invention can include one or more of the following features. A
I O passcode can be associated with one or more of the confirmned senders in the list, and the method can include verifying a message received from a sender in the list includes the passcode if specified. 'The method can include triggering an addition of a passcode for a sender in the list upon an occuwence of a predefined event. Th.e event can include detection that an e;mail address associated with the sender has been compromised. A pass 1 S code can be included in the list for one or more confirmed senders. The passcode can be automatically added at a time for transmission of a message from the sender in the messaging system. A plug in module can be provided for automatically adding the passcode. The plug in module can be adapted to add the passcode prior to transmission to the messaging system. The method can include correlating sender-recipient data at a 20 seam filter in the messaging system, determining data related to how fast a list of recipients grows for a given :sender; determining a list of unacceptable senders using the sender-recipient data and the determined data and sharing the list of unacceptable senders with other spam filters in the messaging sysierr~. The method can maintain a list of recipients for each sender of messages processed by a given seam filter. The list can be 25 maintained at a data center.
In one aspect, the invention provides a method for processing messages at a spam filter in a messaging system where the messaging system includes a plurality of seam filters. The method includes receiving a message for processing, the message from an sender for delivery to an intended recipient, and determining if the sender is a confirmed 30 sender including querying a data center to determine if the sender is included in a list of confirmed senders based an infarmation received from any of the plurality of seam filters in the messaging system. Confirmed senders are senders having a verified capability to receive messages. If the sender is a confirmed sender, the method can enable transmission of the message to the intended recipient.
In another aspect, the invention provides a method f~r processing messages at a spam filter in a messaging system, the messaging system including a plurality of spam filters. The method includes receiving a message for processing, the message from a sender for delivery to an intended recipient, determining if the sender is a confirmed sender, including querying a data center to determine if the sender is included in a Iist of confirmed senders based on information received from any of the plurality of seam filters in the messaging system. Confirmed senders are senders having a verified capability to receive messages. If the sender is a not a confirmed sender., the sender is confirmed including sending the sender a r~otifcation. Upon receipt of a confirmation from the sender, the sender's confirmed status can be shared with the plurality of spam filters in the messaging system including publishing the sender's status t:o the data center.
In another aspect, the invention provides a method for minimizing spam in a messaging system, the messaging system including a plurality of spam filters.
The method includes receiving a request from one of the seam filters in the messaging system to verify if a sender of a message is a confirmed sender. A confirmed sender is a sender having a verified capability to receive messages. The method includes evaluating a list of confirmed senders and providing a notification to the one spam filter indicating whether the sender's status is confirmed.
In another aspect, the invention provides a method for minimizing spam in a messaging system and includes receiving a request from one of the seam filters in the messaging system to verify if a sender of a message is a confirmed sender, a confirmed sender being a sender having a verified capability to receive messages and evaluating a list of confirmed senders. If the sender is not included in the list of confirmed senders, the method includes confirming the sender including providing a notification to the sender and upon receipt of a confirmation of from the sender, sharing the sender's status with the other spam filters in the messaging system including adding the sender to the list and providing a notification to the one spam filter indicating whether the sender's status is confirmed.
The invention can be implemented to realize one or more of the following advantages. A system is provide that eliminates the inconvenience of having to answer many confirmation emails, and allows for information to be collected and shared by all the seam filters in a given network. A system and method are provided for sharing white lists among seam filters in a given network. In addition, a system and method is provided for collecting information from among plural spam filters and correlating information to detect the signature of a spammer, even if the spammer ma;y be using his/her real email address. Using the proposed system, a conventional E-mail sender only needs to answer one confirmation email, regardless of the number of seam filters that are installed by the intended recipients of his messages. Using the proposed system, information can be collected by the data center from the spam filters and analyzed to detect spammers, even if these spammers use their real email address and are able to answer confirmation emails.
In the proposed system, the seam filters are much simplified because they do not have to handle confirmation emails and manage the lists (white list, the black list, and the unconfirmed list) The details of one or more embodiments of the invention are set forth in the accompanying drawings and the description below. Other features, objects, and advantages of the invention will be apparent from the description and drawings, and from the claims.
DESCRIPTION OF DRAWINGS
FIG 1 is a simplified blocl~ diagram of an anti-SPAIvI system including a Data Center and three different SPAM Filter configurations.
FIG 2 is the logical flow of SPAM Filter Logic.
FIG 3 is the logical flow of the Held Message I-Iand.ler FIG 4 is the data format of the requests sent from the SPAM filter and the responses from the Data Center.
FIG 5 is the logical flow of Check Sender Status Service for the Data Center.
FIG 6 is the logical flow of Update Status Service for the Data Center FIG 7 is an example of confirmation email sent to tlhe Sender.
FIG 8 is the logical flow of Sender Response Processor for the Data Center.
FIG 9 contains examples of email notices sent to a Sender when the pass code requirement is turned on or off.
Like reference symbols in the various drawings indicate like elements.

~'~AILED DESCIPTI~1~
The present invention provides a unique method for identifying and processing unwanted message content in a messaging system. It is understood that the following disclosure provides many different implementations, or examples, for implementing different features. Techniques and requirements that are-only specific to certain implementations should not be imported into other implementations. Also, specific examples of networks, components, and formats are described below to simplify the present disclosure. These are, of course, merely examples ;end are not intended to limit the invention from that described in the claims. while an email. messaging system will be described, the teachings of the present invention may have applicability to other messaging systems.
In the implementation described below, a Data Center is used to send out confirmation emails to email senders to confirm that they can receive. Normal email senders have no problem receiving the confirmation email and responding to it.
1 S Spammers, however, afraid of being tracked down quickly, rarely use real email addresses when sending out spam, and therefore cannot receive the confirmation email and respond to it. Once a sender has successfully responded to the confirmation email, the sender will be put into a list of confirmed senders (a "white; list") maintained in the Data Center. In one implementation, a "black list" of known spammers can also be kept by the Data Center. A plurality of SFAI~I Filters can be installed dither at mail servers or at email clients throughout a given network. The SfAlVI Filters can query the Data Center to obtain the sender's status inf~a°mation to decide whether an email message from that sender should be delivered, disposed, or temporarily held. In one implementation, if the sender is in the "black list", the message will be disposed; and if the sender is in the "white list", the message will be delivered (with exceptions which will be discussed below). If the sender is neither in the "white Iist" nor in the '''black list", the Data Center will send a confirmation email to the sender, and then retun:~ certain information such as how many confirmation emails have been sent to that email. sender and how long the Data Center has been waiting for the answer. Such information can then be used by the SPAM
Filter to decide whether to deliver the message, dispose the message, or temporarily hold the message according to a local policy that is specific to the individual SPAM Filter. For the messages temporarily held, the SPAM Filter can check with the Data Center periodically to see if the sender's status has changed and then decide whether the message should be delivered, disposed, or continue to be held according to the local policy.
I O It is possible that a spammer may send out seams pretending to be from a legitimate user already in the while list. In order to block spammer's messages while allowing the legitimate user's messages to go through, a "p,~;ss code" may be required for certain email addresses in the white list. The pass code can be maintained in the Data Center. If the pass code requirement is turned on for an email address in the white list, I 5 the returned sender status from the Data Center will indicate that ti to sender is in the white list, but a specific pass code is required. The SPAM filter c<~r~ be configured to block the message unless it contains the correct pass code (on the first line or in the header, f~r example). The pass code can be sent by the Data Center to the email address owner in an email. The spammer that does not actually own that email address will not be able to 20 receive/know the pass codex The burden f~r the legitimate vuser to add the pass c~de to every message can be eliminated by an email client plug-in that automatically inserts the pass code into sent messages. The pass cede requirement can be enabled or disabled as required if the system of the user determines that seam is bf;ing "sent" from a given users account.

When a large number of SPAM Filters ai-e installed at many sites over the Internet, the Data Center will be able to collect rich information from the queries sent by the SPAM Filters. Such information can be used to distinguish spammers from certain legitimate bulk email senders, such as a subscription-based mailing list. One such example of information collected as sender-recipient correlation data. By keeping a list of recipients that a sender has ever sent a message to, the Data Center can detect seam events by watching how fast the recipient list grows. For a spammer, the list of recipients will grow very fast while each batch of spams is usually sent to a different set of recipients. For a mailing list sender, the list of recipients will grow slowly and different messages will be sent to roughly the same set of recipients periodically.
These different signatures can be used to distinguish spammers from mailing lists.
As shown in FIG. 1, a Data Center (102) is connected to the Internet (101).
Also connected to the Internet (101) are a plurality of SPAM filters in various configurations (103). SPAM Filters and their configurations 103 are discussed in greater detail below.
The Data Center (102) is one or more generalized or specialized computers that includes CPU and Memory (32) and operating system (31). In addition, the Data Center (102) includes the following components: a White List (21), Black List (22), Unconfirmed List (23), Confirmation Message Records (21J), Sender - Recipient Associations Database (24), Ma~.ual List Editing UI (25), Check Sender Status Service (27), Update Status Service (2~), Sender Response Proces s (29), Crypto Engine (26) and List of SPAM Filter Public Keys (30) White List (21) is a List of confirmed message (e.g., email) senders, those who have successfully responded to a confirmation message (e.g., email) sent by the Data Center (102) or are otherwise confirmed (e.g., confirmed by other Data Centers or Spam Filters). By wa,y of example, the Data Center will be described in terms of an email II

system. Those of ordinary skill in the art will recognize that the principles disclosed have applicability to other systems (non-email), including hybrid systems that only use email to receive or otherwise communicate with a sender or recipient but not both.
White list (21) can include individual email addresses as well as domain names to indicate that all email addresses in a given domain have been confirmed.
Individual email addresses can be entered automatically when the sender successfully responds to the confirmation email or manually by the Data Center Operator using the Manual List Editing UI (25). Domain names can be entered into the white list manually.
Thereafter, emails from confirmed senders identified in the White list (21) will generally be accepted by any one of the plurality of SP.~M filters in the network and delivered to the recipients.
One exception is when an email address in the white list is marked as "pass code required". In this case, a message will be blocked unless it contains the correct pass code.
When an email address is marked as "pass code required", the associated pass code can also be stored along with the email address in White list (21). The Data Center Operator can enable or disable the pass code requirement manually using the Manual List Editing UI (2S). The pass code requirement is enabled when the Data Center Operator discovers that a spammer is sending seams pretending to be a legitimate user in White list (21).
The pass code can be disabled when the spammer has been tracked down and terminated.
In one implementation, when the pass code requirement is enabled or disabled, an appropriate notice (e.g., email) will be sent to the affected sender (e.g., the email address that has been compromised). Thereafter, the sender can include the pass code in each transmission as appropriate. Examples of such email notices are shown in FIG
9.
Descriptions of pass codes and methods for verifying pass codes using the Data Center (102) and Spam Filters are discussed in greater detail below.

Black List (22) is a list of known Spammers or other type of malicious senders (e.g., email senders). Messages (e.g., emails) from these senders will generally be disposed by a receiving SPAM f lter and will not be delivered to the recipients. Black list (22) can also include domain names to indicate that all email addresses in a given domain are in the Black list (22). Domain names and individual ernail addresses can be entered by the Data Center ~perator using the ll~anual List Editing 1JI (25).
Unconfirmed List (23) contains the senders who have not responded to the confirmation messages (e.g., emails) yet. For each of the a~.nconfirmed senders, additional data can be kept, including the time the first confirmation message (e.g., email) was sent (which can be used to calculate the maximum time the Data Center (102) has been waiting for the response to the confirmation message (time T)), and the number of confirn~ation messages sent to that sender (number N). In one implementation, both the number N and time T will be returned to a requesting SPA.M Filter when the SPAM Filter queries the status of an unconfirmed sender.
Confirmation Message Records (20) stores relevant information for the confirmation messages (e.g., emails) sent to the Sender. In one implementation, each record contains the Sender email address, the Subject and Time of the original message (the original message from the Sender that caused the confirmation email to be sent), and the Authorization Code sent in the confrmation email. In one implementation, the record is identified by a unique "Confirmation Email ID", which will also be sent in the confirmation email.
Sender- Recipient Associations Database (24) is used to store information of sender-recipient correlations. In one implementation, Sender - Recipient Associations Database (24) keeps a Iist of recipients a sender has ever sent a message to, the time the recipient was added to the list, and the number of repeated sends to a same recipient.

From such information, the Data Center (102) can determine how many recipients a sender has been sending messages to, how fast his recipient list is growing, and whether he is sending to the same set of recipients repeatedly or sending to a large number of recipients without repeating. These characteristics can be used to distinguish sparnmers S from legitimate bulk mail senders such as mailing Lists. For a conventional mailing list sender, the recipient list will grow slowly while the number of repeated sends is relatively high. For a conventional sparnmer, the recipient list will grow very fast and repeated sends seldom occur, or at Least, not until the recipient list h.as become very large.
Manual List Editing UI (25) is a program that has a user interface that allows a Data Center Gperator to manually edit the White List (21), the Black List (22), the Unconfirmed List (23), and the Sender - Recipient Association Database (24).
Check Sender Status Service (27) is a server program running on the Data Center (102) to process a Check Sender Request (401 in FIG.4) from the SPAM Filter and return a Sender Status Response (402 in FIG.4). This Request/Response pair allows a given SPAM Filter to retrieve the sender's status from the Data Center (102) (whether the sender is in White List (21), Black List (22), or Unconfirmed List (23)). In one implementation, the Check Sender Request contains both the sender's email address and associated recipients' email addresses, and therefore, can also be used to update the Sender - Recipient Association Database (24). FICA. 5 describes the logical flow of the Check Sender Status Service (27) in greater detail.
Update Status Se~wice (28) is a server program running on the Data Center (102) to process an Update Status Request (403 in FIG.4) from ~ given SPAM Falter and return an Update Status Respanse (404 in FIG.4). q'his Request/Response pair allows the SPAM Filter to periodically check if the sender's status has changed in the Data Center (102) in order to decide whether a message held in temporary storage (e.g., Temporary Storage (36)) should be delivered, disposed, or continued to be held. FIG. 6 describes the logical flow of the Update Status Service (28) in greater detail.
Sender Response Process (29) is a server program running on the Data Center to process the sender's response to the confirmation message (e.g., email). If the sender has responded to the confirmation message (e.g., email) correctly, his/her identifying information (e.g., email address) will be added to White List (21). FIG. 8 describes the logical flow of Sender Response Process (29) in greater detail.
Crypto Engine (26) is a set of cryptographic routines and related public/private keys. To add to the security of the system, Crypto Engine (26) can be used to secure the I O communication between the Data Center (102} and the SP AM Filters. In one implementation, the Check Sender Request (401 in FIG 4), the Sender Status Response (402 fn FIG 4), the Update Status Request (40~ in FIG 4), and the Update Status Response (404 in FIG 4) are alI signed and encrypted messages. Crypto Engine (26) can be used by the Data Center (102) to decrypt a request frorrF the SPAM Filter, verify the 15 SPAM Filter's digital signature on the request, digitally sign the response, and encrypt the response. As would be apparent to one of ordinary skill in the art, encryption and digital signature are not absolutely necessary for the proposed seam system to work.
However, they can be used for the following reasons. First, spammers like to sniff on the Internet to discover ernail addresses. A well-designed anti-SPAM system should not give spaxnmers 20 an advantage by sending email addresses over the Internet in the clear. For this reason, the communications between the SPAM Filter and the Data Center (102) can be encrypted. Second, the Data Center contains rich information about a large number of email addresses. Ideally not dust anyone (i.e., a spammer} can send a request to the Data Center (102) to obtain such information (e.g., to harvest good email addresses). For this reason, the request sent to the Data Center (I02) can be signed and only the digital signatures of legitimate SPAM Filters are honored by the Data Center (102).
List of SPAM Filter Public Keys (30) keeps a list of public keys of authorized SPAM Filters. As described above, only digital signatures that can be verified by a public key in the list are considered legitimate in one implementation.
FIG 1 also shows three different configurations 103 in which the SPAM Filter is used.
A SPAM Filter for Mail Server configuration provides a SPAM Filter (103a) between the Firewall (7) and the Mail Server (9) of a typical corporate network. In such a I O configuration, the SPAM filtering is carried out before emails reach the Mail Server (9).
In this configuration, the SPAM Filter (103a) can be a software layer running on the same computer of the Mail Server (9), or on a dedicated computer between the Firewall (7) and the Mail Server (9).
A SPAM Filter for E~nail Client configuration provides a SPAM filter (103b) that ~ 5 is typically a software layer running on the same computer of the Email Client (10), for example, a "plug-in" of the Microsoft Outlook. In such a configuration, SPAM
filtering is carried out before the email message is put into the Inbox of the email client. Such a client-based configuration can be used by individual email users connected to the Internet through an ISP or by email users of a corporation that would rather conduct SPAM
20 filtering at the email client level, instead of at the gateway. In such a system, the SPAM
Filtering is conducted when the email messages are retrieved from the ISP or Mail Server (11).
In a third configuration, a SPAM Filter (103c) is used as one of the services in a third party hosted secure email solution (106). Third party hosted secure email solutions 25 redirect all email messages of a corporation to a third party system via a Virtual Private Network (VPh1) or other type of secure connection, where the email messages can be virus scanned, SPAM-filtered, encrypted, decrypted, digitally signed, and verified, according to configurable policies. As shown in FIG 1, an Email Message Redirector (8), sitting between the Firewall (7) and the Mail Server (9), redirects all incoming and outgoing email messages to the third party system (106) via a VPhT. The third party system can provide all the services to secure the email messages, including the service provided by SPAM Filter (103c) and other services (12). If the third party system (106) is located in the same secure environment of the Data Center (I02) (Operated by the same entity), SPAM Filter (103c) can directly access the Data Center (102) without using the Internet (101), as shown in FIG 1. In such a case, encryption and digital signature for the communication between the SPAM Filter and the Data Center will be optional.
SPAM Filters (103x-c) can be identically configured and include the following components: SPAM Filter Logic (33), Temporary Message Storage (36), Held Message Handler (35) and Crypto Engine (34).
SPAM Filter Logic (33) is a process that conducts SPAM filtering. When a message (e.g., email message) i s received at the SPAM Filter, the SPAM Filter Logic (33) will query the Data Center (I02) for the status of the sender, and then decide whether the message should be delivered, disposed, or temporarily held in the Temporary Message Storage (36). The logical flow of the process is described in more detail in FIG 2.
Temporary Message Storage (36) is used to temporarily hold the messages from the senders in the Unconfirmed List (23) - those senders that the Data Center (102) is still waiting for their responses to the confirmation messages (e.g., email confirmation messages).
Held Message Handler (35) is a process for handling the messages temporarily held in the Temporary Message Storage (36). In one implementation, Held Message 1~

Handler (3S) process will automatically start at fixed intervals, check the sender status at the Data Center (102), and then decide whether the messages held in the Temporary Message Storage (36) should be delivered, disposed, or continue to be held.
The logical flow of the Held Message hIandler (3S) process is described in more detail in FIG 3.
Crypto Engine (34) is a set of cryptographic routines and related publiclprivate keys that can be used to secure the communications between the Data Center (102) and the SPAM Filters. Crypto Engine (34) can be used by the c~PAM I~ilter to sign and encrypt the requests sent to the Data Center (102) and decrypt and verify the responses from the Data Center (102). In one implementation where the SPAM Filter (103c) for I O third party hosted solution is located in the same secure environment of the Data Center (102), the SPAM Filer (103c) can directly access the Data Center {102) and the Crypto Engine (34) is not necessary.
Refernng now to FIG 2, the detailed logical flow of SPAM Filter Logic (33) is shown. The process starts at Step (200) when a message (e.g., email message) is received.
15 By way of example, the process will be described in terms of an email system.
At Step (201), SPAM Filter Logic (33) checks if the email message contains properly formatted information. For example, the SPAM Filter Logic (33) can at this step check the sender email address in the "From:" field. In one implementation, if the message contains a "Reply-to:" field, the format of the "Reply-to:" address will also be 20 checked. The general format of all Internet headers and the consistency between them can also be checked. A domain name lookup can be conducted at this step to check if the domain of sender's email address actually exists and the IP address is consistent with the IP address making the SMTP connection, if such information is available. If any of the proscribed checks fails, the process will jump to Step (20g) to dispose the message and 25 the process ends. If all the checks succeed, the process continues to Step (202).
1~

At Step (202), SPAM Filter Logic (33) creates a "Check Sender Request" to be sent to the Data Center {102). In one implementation, the data items included in the Check Sender Request is shown in FICr 4 as item (401). Check Sender Request (401) can include a SPAM Filter Type (which indicates whether the SPAM Filter is mail server based (103a), client based (103b), or third party hosted (103c)), Sender Email Address, Subject, Time, a list of Recipients, and a Random Number. The Sender Email Address can be either the "Reply-to:" addxess, if the message has one, or the "From:"
address, if the message does not have a "Reply-to:" header. The subject can be t'rie subject of the email message. The Time can be the time of the message converted to a universal time I O that does not depend on time zone. The list of Recipients can include the number of recipients, and then for each recipient, the recipient's small address and the recipient type (such as To, Cc, or ~cc). Subject and Time can be used in the confirmation small to give the sender a reference to the original message. Subject and Tirne can also be used to uniquely identify the message, so that the Data Center (102) will not send out duplicated I 5 confirmation messages (e.g., smalls) when a message sent to multiple recipients reaches different SPAM Filters. The Recipient list is used to send the Sender -Recipient correlation information to the Data Center (I02). Sender-Recipient Correlation information can be used to distinguish spammers from other legitimate bulk mailers, such as a subscription-based mailing list. The Random Number in the Request can be returned 20 in the Response from the Data Center (102). The Random Number can be used to ensure that the Response received from the Data Center (102) is i:raly generated by the Data Center in real time, not a "playback" event.
At Step (2U3), SPAM Filter Logic (33) signs and encrypts the Check Sender Request (401) using the Crypto Engine {34). As was described above, this step is 25 optional. In one implementation, a 1024-bit RSA algorithm is used for both the public m key encryption and digital sigmature, a I60-bit SHA1 is used for the secure hash, and a 128-bit AES algorithm is used for symmetric key encryption. More specifically, the SPAM Filter uses its 1024-bit RSA private key to sign the SHAI hash computed from the Check Sender Request (401) to create the signature. The signature is then attached to the Request to create the signed Request. Finally, the signed Request is encrypted by a randomly generated 128b-bit AES symmetric key, which in turn, is encrypted by the 1024-bit RSA public key of the Data Center (102).
At Step (204), SPAM Filter Logic (33) sends the (optionally signed and encrypted) Check Sender Request (401) to the Data Center (102). In one implementation, Z 0 an HTTP POST is used to send the signed and encrypted Request to the Data Center (102). The HTTP protocol typically has little or no problems penetrating conventional corporate firewalls. For a third party hosted SPAM Filter {103c) that accesses the Data Center (102) directly, Step (204) may send a plaintext Check Sender Request (401) without digital signature and encryption.
15 At Step (205), SPAM Filter Logic (33) receives the {optionally signed and encrypted) Response from the Data Center {102). If an error response is received from the Data Center (as a result of a communication error) or the Request is otherwise corrupted or tampered with (e.g., the signature can not be verified), the process may continue at Step (202) to try again.
20 At Step (206), SPAM Filter Logic (33) (decrypts as necessary and) verifies the Response received from the Data Center (102) (again, using the Crypto Engine (34) as required). In one implementation, a 1024-bit RSA algorithm is used for both the public key encryption and digital signature, a 160-bit SHAT is used for the secure hash, and a 128-bit AES algorithm is used for symmetric key encryption. More specifically, the 25 SPAM Filter uses its 1024-bit R.SA private key to recover a 128-bit AES key encrypted by the SPAM Filter's public key. Then, the AES key is used to decrypt the Response.
The SPAM Filter then verifies the digital signature on decrypted Response.
Specifically, the signature is verified using the public key of the Data Center (102) to recover a SHAI
hash. Then, the recovered hash is compared with the hash computed from the Response to see if they are equal. In addition, the process also compares the Sender Email Address and the Random Number in the Response to see if they are the same as those sent in the request (this ensures that the Response is truly generated by the Data Center in response to the Request, and is not a "playback" event). If any of the decryption and signature verification steps fails, indicating that the Response may be corrupted or tampered with, the process returns to Step (202) to try again. If all the decryption and verification succeed, the process will continue; to Step (207). Again, Step (20~) may not be necessary for a third party hosted SPAM Filter (105) situated in the same secure environment of the Data Center (102).
At Step (207), SPAM Filter Logic (33) interprets the Response received from the Data Center (102). The Response can be of the form of a "fender Status Response"
shown as item (402) of FIG 4. In the implementation shown, the Sender Status Response (402) contains Sender Email Address and Sender Status indicating whether the Sender is in the White List (21), in the Black List (22), or in the Unconfirmed List (23). If the Sender is in the Unconfirmed List (23), two additional data items, the Number N and the Time T, can also included in the Sender Status Response (602). Number N refers to the number of unanswered confirmation messages (e.g., emails) that have been sent to that Sender. Time T, refers to the maximum time the Data Center (102) has been waiting for the response to the confirmation messages (e.g., emails) from the Sender. A
Pass Code may be included in the Sender Status Response (402) when the Sender is in the White list (21). The receipt of a Pass Code indicates that the SPAM Filter should block the message, unless it contains the correct Pass Code. If the Sender is in the Mack List (22) (Case a), the process continues at Step (208). If the Sender is in the V~Thite List (21) (Case b), the process continues at Step (209). If the Sender is in the Unconfirmed List (23) (Case c), the process continues at Step (210).
At Step (212), SPAM Filter Logic (33) checks if a Pass Code is in the Sender Status Response (402). If so, it indicates that the correct Pass Code is required for the message to be delivered and the process continues at Step (213) to check the Pass Code in the message. otherwise, the process continues at Step (209) to deliver the message.
At Step (213), SPAM Filter Logic (33) checks if the message contains the correct Pass Code. If so, the process continues at Step (209) to deliver the message.
~therwise, the process continues at Step (208) to dispose the message,.
At Step (210), SPAM Filter Logic (33) uses the Number N and 'time T to determine whether to dispose the message, deliver the message, or hold the message in the Temporary Message Storage (36) according to a local policy. ~ne example policy is:
If N<3 and T<24 hours, deliver the message; if N>10 or T>120 hours, dispose the message; otherwise, hold the message in the Temporary Message Storage (36).
This example policy will allow 1 or 2 messages to go through immediately before an unconfirmed Sender has a chance to respond t~o the confin~nation email within 24 hours.
However, if the Sender has not responded to more than 10 confirmation emails or has not responded to the first confirmation email within 5 days, he will be treated as a spammer and all future messages from this sender will be disposed using a local policy allows each SPAM Filter to set an individual criterion for determining what should be treated as a SPAM and how tight the SPAIVI filtering should be (whether to allow a few messages to be delivered before the sender's email address is confirmed). If at Step (210), SPAM
Filter Logic (33) determines that the message should be disposed, the process continues at az Step (208). If at Step (210), SPAM Filter Logic (33) determines that the message should be delivered, the process continues at Step (209}. If at Step (210), SPAM
Filter Logic (33) determines that the message should be held in the Temporary Message Storage (36), the process continues at Step (211).
At Step (208}, SPAM Filter Logic (33) will dispose the message, and after that, the process ends. The disposition of the message may include sending the message to a junk mail box, putting the message into a "SPAM folder", writing the message into a log f le, or simply deleting the message. The messages reaching Step (20~) are regarded as SPAM messages and should ordinarily be deleted. Sending notifications to the sender, recipient, or administrator will only amplify the SPAM problem.
At Step (209), SPAM Filter Logic (33) will deliver the message to the recipient(s), and thereafter, the process ends.
At Step (211), SPAM Filter Logic (33} will store the message in the Temporary Message Storage (36), and thereafter, the process ends. In. one implementation, messages stored in the Temporary Message Storage (36} are indexed by the senders' email addresses so that a list of senders can be easily obtained and all messages from a particular sender can be easily manipulated.
Messages held in the Temporary Message Storage (36) are processed by the Held Message Handler (35). In one i~~nplementation, Held Message Handler (35) automatically starts at a fixed interval (e.g., 30 minutes) to check with lr7ata Center (102) to determine if the status of the senders of the messages held in the Temporary Message Storage (36) has been changed and then decide whether a message should be delivered, continued to be held, or disposed. The logical Ilow of the Held Message Handler (35) is shown in FIG 3.
The process of Held Message Handler (35) starts at Step (300) at fixed intervals, for example, 30 minutes. At Step (301} Held Message Handler (35) compiles a list of senders' emails addresses from the messages stored in the Temporary Message Storage (36). In ane implementation where the messages stored in the Temporary Message Storage (36) are indexed by senders' email addresses as described m Step (211), the list of senders can be easily obtained.
At Step (302), Held Message Handler (35) creates an "Update Status Request".
In one implementation, the data items included in the Update Status Request is as shown in FIG 4 including item (403). Update Status Request (403) contains a SPAM Filter Type, a List of Sender Email Addresses, and a Random Number. The SPAM Filter Type indicates whether the SPAM Filter is mail server based (103x), client based (103b), or third party hosted (103c). The List of Sender Email Addresses can include all senders whose messages are held in the Temporary Message Storage (36). The Random Number in the Request will be returned in the Response from the Data Center (102).
The Random Number is used to ensure that the Response received from the Data Center is truly generated by the Data Center in real time, not a "playback" event.
I S At Step (303), Held Message Handler (35) signs and encrypts the Update Status Request (403) using the Crypto :Engine {34). In one implementation, 1024-bit RSA
algorithm, 160-bit SHAT, and 128-bit AES are used to sign and encrypt the Update Status Request (403) in the same way as described in Step {203). As described above, the signing and encryption of the Update Status request is optional.
At Step (304), Held Message Handler (35) sends the (opt;ionally signed and encrypted) Update Status Request (403) to the Data Center (I02). For a third party hosted SPAM Filter (105) that accesses the Data Center (102) directly, Held Message Handler (35) may send the Update Status Request (403) without digital signature and encryption.
In response to the transmission, Held Message Handler (35) may receive an error response from the Data Center (102) if there is any communication error or the Request is corrupted or tampered with. In this case, the process will continue at Step (302) to try again.
At Step (305), Held Message Handler (3S) receives the (optionally signed and encrypted) Response from the Data Center (102). For a third party hosted SPAM
Filter (105) situated in the same secure environment of the Data Center (102), the Response received may not be signed and encrypted.
At Step (306) Held Message Handler (35) decrypts and verifies the Response received from the Data Center (102) using the f:rypto Engine (34) as required.
Similar to Step (206), the verifications can not only include verifying the digital signature on the Response, but also include verifying that the List of Senders and the Random Number in fhe Response are the same as those sent in the Request. This ensures that the Response is truly generated by the Data Center in response to the Request, not a "playback" event. If any of the decryption and verification steps fails, indicating that the Response may be corrupted or tampered with, the process continues at Step ( 302) to try again.
If all the decryption and verification checks succeed, the process will continue to Step (307).
In one implementation, the Response from the Bata Center (102), after decryption and signature verification, is an "Update Status Response" as is shown as item (404) in FICJ. 4. The Update Status Response (~04) contains a List of Sender Status and a Random Number. The Random Number is the same Random Number sent in the Request and has been used in Step (306) to thwart the "playback" attack. The List of Sender Status can be a Iist where each item contains the same data items of a Sender Status Response (402) except the Random Number. In other words, each item in the List of Sender Status can contain the Sender Email Address and a Sender Status indicating whether the Sender is in the 'White List (21), Mack List (22), or Unconfirmed List (23), and if the Sender is its the Unconfirmed List (23), the number of unanswered confirmation emails {N) and the maximum time (T) the Data Center (102) leas been waiting for the answer to confirmation emails will also be included in the item.
The remainder of the logical flow starting from Step (307) will be repeated for each Sender in the List of Sender Status in the Update Status Response {404).
The processing for each Sender is very similar to the Steps (207)-(211) in FIG 2.
However, after processing each item in the List of Sender Status, the process will continue at Step (307) so as to process the next item in the List, until all the Senders in the List have been processed.
At Step (307), Held Message Handler (35) decides «~hat to do next according to 1J the status of the Sender. If the Sender is in the Mack List {22) (Case a), the process continues at Step {308). If the Sender is in the i~Vhite fist (21) (Case b), the process continues at Step {309). If the Sender is in the Unconfirmed List {23) (Case c), the process continues at Step (310).
Similar to Step (210) in FIG. 2, at Step (310) Held Message Handler (3 5) uses the Number N and Time T to detea~nine whether the Sender's messages held in the Temporary Message Storage (36) should be delivered, continued to be held, or otherwise disposed according to a local policy. In one implementation, the same policy used in Step (210) of FIG. 2 is used in Step (310) for consistency. If at Step (310) Held Message Handler (35) determines that the message should be otherwise disposed, the process continues at Step (308). If at Step (310) Held Message Handler (35) determines that the message should be delivered, the process continues at Step (309). If at Step (310) Held Message Handler (35) determines that the message should continued to be held in the Temporary Message Storage (3li), the process continues at Step (311).
At Step (308), Held Message Handler {35) will dispose all messages in the Temporary Message Storage (36) that are from the particular Sender, and thereafter, the process continues at Step (307) again to process the next item in the List of Sender Status.
The disposition of the messages m.ay include sending the messages to a junk mail box, putting the messages into a "SPAM folder", writing the messages into a log file, or simply deleting the messages. At Step (309), Held Message Handler (35) will deliver to the recipients) ALL messages in the Temporary Message Storage (36) that are from the particular Sender, and thereafter, the process continues at Step (307) again to process the next item in the List of Sender Status.
At Step (311), Held Message I-Iandler (35) will maintain ALL the messages from the particular Sender in the Temporary Message Storage (36). The process then continues at Step (307) to again process the next item in the List of Sender Status.
After finishing processing ALL the items in the List of Sender Status at Step (30~), (309), or (311), the process ends.
Referring now to FIG 5, the logical flow of the Check Sender Status Service (27) in the Bata Center (102) is shown. The function of the Check Sender Status Service (27) is to receive the (optionally signed and encrypted) Check Sender Request (401) sent from the SPAM Filter at Step (204) of FIG. 2, and then return a {optionally signed and encrypted) Sender Status Response (402) that will be received by the SPAM
Filter at Step (205) of FIG. 2.
The process of Check Sender Status Service (27) starts at Step (500) when the (optionally signed and encrypted) Check Sender Request (401) sent from the SPAM filtez-at Step (204) is received. At Step (501), Check Sender Status Service (27) decrypts and verifies the signed and encrypted Request using the Crypto Engine {26) to recover the Check Sender Request (401) as necessary. The verification can not only verify the digital signature on the Request using the public key of the SPAM Filter, but can also verify that the SPAM Filter's public key is in the List of SPAM Filer Public Keys (30) to ensure that the key is authentic. The Check Sender Request (401) may not be signed and encrypted at all, when it is sent from a third party hosted SPAM Filter (105) situated in the same secure environment of the Data Center (102). In such a case, Step (501) can be skipped.
If the decryption or verification fails at Step (501), the process continues at Step (513), which returns an error response to the SPAM Filter, and the process ends. If all the decryption and verif canons succeed, the process continues to Step (502).
At Step (502), Check Sender Status Service (27) chucks the status of Sender Email Address. There are 4 possibilities: a) the Sender is in the White List (21), b) the Sender is in the Black List (22), c) the Sender is in the Unconfirmed List (2:3), and d) the Sender is not in any of the lists. For cases a) and b) - the Sender is either in the White List (21) or is in the Black List (22), the process continues at Step (50~). For cases c) and d) - the Sender is either in the Unconfirmed List (23) or not in any list at all, the process continues at Step (50S).
At Step (505), Check Sender Status Service (27) checks whether a confirmation message (e.g., email) for the same message (e.g., as identified by subject and time) has been sent to the Sender Location (e.g., Email) Address previously. 'This step checks if a record can be found in the Confirmation Message Records (20) that contains the identifying information (e.g., Email Address, Subject, and Time) matching these items in the Check Sender Request (401). If so, the process continues at Step (50~).
~therwise, the process continues at Step (506). Using the uniqueness of the identifying information (e.g., the Sender Email Address, Subject, and Time), the Data Center (102) can avoid sending multiple confirmation messages when a message addressed to multiple recipients is processed by several SPAM Filters. In other words, when an unconfirmed sender sends out one message to many .reci_~ients, he/she will only receive one confirmation message, 2Jr regardless hOW many recipients are in tile "To:", "CC:", and "BCC:"
fields. I~oWever, the unconfirmed sender will continue receiving one confirmation message for each distinct message he sends out, regardless the number of recipients in the message header, until he answers one of the confirmation messages. Thereafter, the Sender will be included in the White List (21) and will not receive any further confirmation messages. The advantage S of such a design is that it gives the Sender ample chances to answer one of the confirmation messages, even if the first a few confirmation messages are lost, ignored, or accidentally deleted. Such a design also avoids the annoyance of receiving too many confirmation messages. While the Subject and Time, which are also needed in the confirmation message to refer to the original message (see Step (506) below), are used to I 0 uniquely identify the message here, alternative ways of uniquely identifying the message are possible. For example, the Message-~D can be used to uniquely identify the message.
At Step (SOb), Check Sender Status Service (27) sends a confirmation message (e.g., email) to Sender (e.g., using the Sender Email Address). A Confirmation Message Record will also be created in the Confirmation Message Records (20). The Record is I S identified by a unique Confirmation Identifier (ID) and, in one implementation, includes the Sender Email Address, Subject, and Time obtained from the Check Sender Request (401), and a randomly generated Authorization Code. A typical example of a confirmation email is shown in .FIG 7. While the text of the confirmation message is arbitrary as long as it explains the purpose of the message and what to do with it, a few 20 design considerations should be noted.
The confirmation message can include a hyperlink that includes the unique Confrmation Email ID (id=8afc2389cb98d401 in the example). This ID will be sent to Data Center (102) when the hyperlink is clicked allowing the Data Center (102) to quickly find the corresponding record in the Confirmation Message Records (20).

The subject of the confirmation message can be "Re: " plus the original subject (Subject in Check Sender Request (401)). This gives the original message sender an indication that the confirmation message is in response to his original message.
Otherwise, the confirmation message itself can be easily mistaken as a SPAM
and ignored, because it is from a location (e.g., email address (antispamcenter@zixcorp.com in the example)) unknown to the original message sender. The subject and the time (Subject and Time in Check Sender Request (401)) are used to refer to the original message. In one implementation, there is no mentioning of the recipients. This avoids exposing the recipients' email addresses in the confirmation message, which is sent in the clear (not encrypted). As mentioned before, a well-designed system should avoid unnecessary exposure of user email addresses.
The Authorization Code can be randomly generated, converted to a distorted graphic form, such as a GIF, and then attached to the confirmation message.
This makes it very difficult for a machine to recognize the authorization code. It requires a human to answer the confirmation email correctly, ~ne noteworthy example situation relates to the processing of the confirmation messages by the SPAM Filters., if for example the Sender has a SPAM Filter installed. In order to avoid unnecessary delays, the sender address of tine confirmation message (antispamcenter@zixcorp.com in the example of FIG 7), can be included in V~hite List (21) before Data Center (102) starts to operate. This will cause all SPAM
Filters to allow the confirmation messages to pass through the system immediately. The sender address of the confirmation message (e.g. antispamcenter(c~zixcorp.com) can require a pass code, because the address will become common knowledge. Accordingly to avoid spamrners from spoofing the system, the Pass Code can be used and verified by all SPAM
Filters.
The Pass Code can be included i.n a user header in the con.fzrrnation message and the same Pass Code can be returned in the Sender Status Response (402) when the SPAM
Filter queries the status of the sender address (e.g., antispamcenter@zixcorp.com).
Because the Data Center (102) controls both th.e Pass Code in the confirmation message and the Pass Code in the Sender Status Response (402), the Pass Code for the Sender Location (e.g., antispamcenter@zixcorp.com) can be changed frequently to avoid being discovered and used by spammers.
In an alternative implementation, the domains or ernail addresses protected by a SPAM Filter can be manually entered into the white list when a customer purchases the SPAM Filter. In this way, the confirmation messages will never be sent to an email address protected by a SPAM Filter (because the email address protected by the SPAM
Filter has already been added to the white list when the customer purchased the SPAM
Filter). In such an alternative implementation, if the sender email address of the confirmation message (e.g., antispamcenter@zixcorp.com) is used only far sending confirmation emails and not far other purposes (e.g. contaciing customers), then it can be included in Black list (22) to block messages that appear to be originating from it. In this case, the email notices, such as those shown in FIG 9 shauld use a sender email address that is different from the sender email address of the confirmation email to avoid being blocked.
After sending the confirmation message at Step (506), the process continues at Step (507) to update the Unconfirmed List (23). In one implementation, each item in the Unconfirmed List (23) contains the Sender data (e.g., Sender Email Address), the time the first confirmation message was sent (which can be used to calculate the maximum time (T) the Data Center (102) has been waiting for the answer to the confirmation messages), and the number of confirmation messages sent (N). The procedure of updating the Unconfirmed List (23) depends on whether the Sender is already in the List (depends on whether it is case c), or case d described above)). If the Sc;nder is already in the Unconfirmed List (23) (case c)), the process will simply increase the number of confirmation emails sent (N) 1>y 1. ~n the other hand, if the Sender is not in the Unconfirmed List (23) (case d)), the process will add a ne:~,v item to the Unconfirmed List (23). The item added to the Unconfirmed List (23) can include the Sender Email Address;
the time of the first confirmation email (the time of the confirmation email sent at Step (506) (which can be used t~ calculate (T) late-), and the number of confirmation emails sent N =1. After Step (507), the process for eases c) and d) also continues at Step (508).
At Step (508) Check Sender Status Service (27) composes an appropriate Sender IO Status Response (402). In one implementation, the data items included in the Sender Status Response is shown in item (402) of FICA 4. In this e~amp~=e, the Response includes the Sender Email Address and the Sender Status indicating whether flee Sender is in the White List (21), in the ~laok List (22), or in the Unconfin~~ed List (23). If the Sender is in the ~7Vhite List (21) and is marked as "pass code required", the associated Pass Code 15 will also be include in the Sender Status Response (402). If the Sender is in the Unconfirmed List (23), the number of confirmation emails sent (N), and the maximum time the Data Center is waiting for the answer to the confirmation emails (T) can also be included in the Sender Status Rc;sponse (402). T can be calculated as the current time minus the time the first confirmation email was sent to ths~ Sender. The Sender Status 20 Response {402) also can include a Random Number, whi<;h is copied from the Random Number in the Cheek Sender Request (401).
At Step (509), Check Sender Status Service (27) optionally signs and encrypts the Sender Status Response (402) using the Crypto Engine (26). For a third party hosted SPAM Filter (103c) situated in l:he same secure environment of the Data Center (102), 25 Step (509) is not necessary and may be skipped.

At Step (510), Check Sender Status Service (27) sends the (optionally signed and encrypted) Sender Status Response (402) to the requestin;' SPAN( Filter.
At Step (511), Check Sender Status Service {27) uses the Sender identification information (e.g., Sender Email Address) and the List of Recipients in the Check Sender Request (401) to update the Sender - Recipient Associations Dat abase (24). In one implementation, the Sender - Recipients Associations Database (24) keeps a list of recipients a sender has ever sent a message to, the time the recipient was added to the list, and the number of repeated sends to the same recipient. In addition' the Sender -Recipient Associations Database {24) will keep a list of Subject and Time of the recent messages sent by the sender (within one month, for exam:ple). In such an implementation, the Check Sender Status Service (27) first checks if the Subject and Time are already in the list of Subject and Time of the recent messages. If so, the process will do nothing, because the same message has already been processed. (A message sent to multiple recipients may be processed several times by different SPAS Filters.) Otherwise, the I5 process will update the Sender - Recipient Associations Database as follows. In one implementation, the Subject and Time of the message will be added to the list of recent messages associated with the Sender ire the Sender - Recipient Associations Database (24). In addition, the Check Sender Status Service (27) v~~ill process all recipients in the List of Recipients in the Check Sender Request (401) as fbllows, If the recipient is not in the recipient list of the Sender, the recipient will be added to the list, the time the recipient is added to the list will be recorded, and the wumber of repeated send operations will be set to zero (0). If the recipient is already in the recipient list of the Sender, the number of repeated sends for that recipient will be increased by one (1). After updating the Sender -Recipient Association Database (24) at Step (511), the process continues at Step (512):

At Step (512), the Check Sender Status Service (2'~) checks for a predefined trigger condition for detecting sp ammers are met, and if so, the Data Center Operator can be notified. The Operator can investigate the situation further and decide whether the Sender is a spammer. If so, the Sender can be moved to the Black List (22) manually using the Manual List Editing LfI (25}. One example of a trigger condition is that the number of recipients in the recipient list exceeds certain value, 10,000, for example.
Another example of a trigger condition is a sudden increase in the number of recipients in the recipient list in a short period of time. It should be noted, when a commercial system built according to this invention is fast rolled out, the Sender - Recipient Associations I O Database may not be very useful, because there are very i:ew SPAM Filters installed at the beginning, and the information collected by the SPAM Filters represents only a tiny fraction of the total Sender - Recipient correlation inforrr~ation available.
At this stage, however, because the number ofmessages processed by the system is small, the trigger condition can be set relatively loose and the trigger event rate wll not be too high for the 15 Data Center Operator to investigate. When the commerciial system is in place for some time (many SPAM Filters will be installed in various places}, the Sender -Recipient correlation information collected will become more reliable to allow more sophisticated trigger conditions to be set to better identify spammers. In one implementation, identified spammers can be automatically moved to the Black List (22) without further investigation 20 of the Data Center Operator. After Step (512), the process ends.
Because Steps (511} and (S12) are carried out after the Data Center (102) has already returned the (optionally signed and encrypted) Sender Status Response (402) at Step (510), steps (511) and (~12) do not have to be run in the same process as the Check Sender Status Service (27). In one implementation, after Step (~10}, the process of Check 25 Sender Status Service (27) may simply spawn a separate process to run Steps (511) and (512) in the background and then terminate. Such a design will give the Data Center (102) faster response to sen~e the Check Sender Requests.. In one implementation, Step (512) is not connected to the Cheek Sender Request process. In this implementation, Step (512) can be run in a process that starts periodically, completely independent of the processing of Check Sender Requests, so as to analy2e the Sender-Recipient Associations Database (24) to look for signatures of spammers.
Referring now to FICr 6, the logical flow of Update Status Service (2~) is shown.
Update Status Service (2~) allows the Data Center (i02) t:o receive the Update Status Request (403) from the SPAM filter and returns an Updai:e Status Response (404). In one implementation, Update Status Request (403) contains only the Senders whose messages are held in the Temporary Message Storage (36) of the ShAM Filter. The SPAM
Filter considers those Senders as Unconfirmed. The Update Status Response (404) notifies the SPAM Filter which of those originally Unconfirmed Sens~ers have been moved to the White List (21) or Black List (22), and for these that are ,till in the Unconfirmed List (23), how many confirmation messages have been sent to~ each of then and how long the Data Center has been waiting for an answer.
The process of Update Status Service (2~) starts at: Step (b00) when the (optionally signed and encrypted) Update Status Request (403) is received. The Request (403) is sent at Step (304) of the Held Message Handler process (35) shown in FICi 3.
At Step (601), Update Status Service (2~) decrypia and verifies the Request using the Crypto Bngine (26) to recover the Update Status Request (403) as required.
The verification can verify the digital signature on the Request using the public key of the SPAM Filter, but also can verify th~.t the SPAM Filter's public key is in the List of SPAM
Filer Public Keys (30) to ensure; that the key is authentic. As indicated above, the Update Status Request (403) may rot be signed and encrypted arid, in sazch a case, Step (601) can be skipped. If the decryption or verification fails at Step (601), the process continues at Step (607), which returns an error response, and the process ends. If all the decryption and verifications succeed, the process continues at Step (ti02).
At Step (602), Update Status Service (28) creates an Update Status Response (404) with an empty List of Sender Status. In one implementation, the Update Status Response (404) contains the Random Number copied from the Update Status Request (403) but has an empty List of Sender Status. The Sender Status will be added to the List by repeating Steps (603) and (604) for each Sender.
Step (603) and Step {604) are repeated for each Sender listed in the Update Status Request (403). At Step (603), Update Status Service (28) obtains the Sender Status and Step (604) adds the status information to the List of Sender Status of the Update Status Response (404). In one implementation, each item added to the List is identical to the Sender Status Response (402) except it does not contain the Random Number. In other words, each item added to the List of Sender Status contains the Sender Email Address and the Sender Status indicating whether the Sender is in the White List (2I), Black List (22), or Unconfirmed List (23). If the Sender is in the Unconfirmed List (23), the number of unanswered confirmation emails (N) and the maximum time (T) the Data Center (102) has been waiting for the answer to the confirmation emails can also be included in the response. After finishing processing ali Senders at Steps (603) and (604), the process continues at Step (605).
At Step (605), Update Status Service (28) optionally signs and encrypts the Update Status Response (404) using the Crypto Engine (:L). For a third party hosted SPAM Filter (I03c) situated in the same secure environrrmnt of the Data Center (102) and that has direct access to the Data Center {102), Step (605) is not necessary and may be skipped.

At Step (606), Update Status Service (28) sends the (optionally signed and encrypted) Update Status Response (404) to the requesting SPAM Filter.
Thereafter, the process ends.
Referring now to FICB 8, the logical flow of Sender Response Process (29) for the Data Center (102) to process Sender's responses to the ccmfirmation messages is shown.
In the implementation where the Sender responds to the confirmation message by clicking a provided hyperlink, a default web browser will be launched and an HTTP
request will be sent to the Data Center (i02;6.
The logical flow of Sender Response Process (29;> starts at Step (800) when the HTTP request is received. The HTTP request can include the Confirmation Message ID
(e.g., Confirmation Email ID), which can be used to locate the corresponding record in the Confirmation Message Records (20).
At Step (801), Sender Response Process (29) returns a response (e.g., an HTTP
response), which includes an Authorization Code. In onf; implementation, the response includes a web (e.g., HTML) form asking the Sender to enter the Authorization Code included in the confirmation message. After the Sender enters the Authorization Code and clicks an "OK" button on the web form, the Authorization Code will be sent to the Data Center (102). Because the Authorization Code contained in the confirmation message is in a distorted graphic form in one implementation, human action is required to enter the code correctly.
At Step (802), Sende~° Response Process (29) receives the Authorization Code (e.g., sent in the web form).
At Step (803), Sender R esponse Process (29) checks if the Authorization Code is correct. In one implementation, the process will use the Confirmation Email ID
included in the HTTP request to locate the corresponding record in the Confirmation Message Records (20). The process will compare the Authorization Code in the record with the Authorization Code received at Step (~02) and see if they match. If they do I~~T match, the process continues at Step (~06), which, in one implementation, returns a web page telling the Sender that the Authorization Code is not correct and asks the Sender to try again. Thereafter the process ends. If the Authorization Code obtained from the record matches the Authorization Cade received at Step (802), the process continues to Step (804) At Step (804), Sender Response Process (29) moves the Sender from the Unconfirmed List (23) to the White List (21). In addition, all the records in the I O Confirmation Message Records (20) corresponding to confirmation messages sent to the same Sender will be deleted.
At Step (g05), Sender Response Process (29) returns a response (e.g., a web page) indicating success. The web page can tell the Sender that he has been successfully added to the trusted.sender database and will not receive any maore confrmation emails.
I S Thereafter, the process ends.
While this invention has been described in terms of several preferred implementations, it is contemplated that alterations, modifications and permutations thereof will become apparent to those skilled in the art upon a reading of the specification and study of the drawings.
20 For example, instead of having the SF'AM Filter periodically query the Data Center (102) for sender's status, the Data Center (102) can automatically notify the SPAM Filter when a sender status changes. In addition, the SPAM filters can keep copies of the White, Black and unconfirmed lists, which may in turn be regularly updated by the Data Center (102) to improve processing speed at the local SPAM filter. When an 25 unconfirmed sender has successfully answered a confirmation message and has been 3~

moved to the white list, the Data Center can send an email message that contains the changed sender status to all affected SPAM Filters.
Instead of keeping the List of SPAM Filter Public Keys (30) at the Data Center;
each SPAM Filter may be issued a digital certificate that authenticates its public key. The digital certificate can be included in the Claeck Sender Request (401) and the Update Status Request (403) sent to the Data Center. The Data Center can then verify the digital certificate, instead of checking the List of SPAM Filter Public Keys (30), to ensure that the SPAM Filter's public key is authentic.
While the implementation disclosed above is designed under the principle of never unnecessarily transmitting users' email addresses in the clear, such a principle may be viewed as less important than simplicity o~~ implementation. In this case, the encryption and digital signature do not have to be implemented.
While the above has described the Data Center (~.~02) as a generalized or specialized computer, those skilled in the art will recognize that a cluster of many computers distributed over different parts of the Internet, coordinated to serve the same functionality as described above, can be used to provide redundancy, higher throughput and faster response time.
While the response to the confirmation message is described as clicking a hyperlink and entering the authorization code, those skilled in tlxe art will recognize that many other types of responses are possible. For example, the sender may return an email message with the authorization code or call a telephone number to enter the authorization code.
While the implementation disclosed above uses the Data Center to send out confirmation emails and process the answers, a different .design configuration is possible.
For example, the confirmation emails and answers can be sent and processed by 3~

individual SPAM Filters and the result of the confirmation (success or failure) can be sent to the Data Center to update the white list kept there and shared among all SPAM Filters.
Some features of the disclosure will be used withcmt corresponding use of other features. Furthermore, additional features may be emplo~red without changing the operation of the present invention. Accordingly, it is appropriate that the appended claims be construed broadly and in a manner consistent with the disclosure.

Claims (58)

THE EMBODIMENTS OF THE INVENTION IN WHICH AN EXCLUSIVE
PROPERTY OR PRIVILEGE IS CLAIMED ARE DEFINED AS FOLLOWS:
1. A method for detecting spam in a messaging system comprising:
generating a white list of confirmed message senders, each of said confirmed message senders having been confirmed as being able to receive messages;
sharing the white list among a plurality of spam filters in the messaging system;
using the white list at a given one of the plurality of spam filters to determine if a sender of a received message has been previously confirmed, and if so, forwarding the received message to a recipient without separately confirming the sender.
2. The method of claim 1 wherein the messaging system is an email system
3. The method of claim 1 wherein the white list is shared with at least two spam filters.
4. The method of claim 1 wherein if the sender has not been previously confirmed, sending a confirmation to the sender, verifying a response from the sender, and if the response is verified, adding the sender to the white list at the given spam filter and sharing the information with other spam filters in the messaging system.
5. The method of claim 1 wherein sharing includes publishing the white list at a central location.
6. The method of claim 1 wherein using the white list includes checking the white list maintained at a central location.
7. The method of claim 1 wherein the if the sender has not been previously confirmed, the method further including sending a confirmation to sender, verifying a response from the sender, and if the response is verified, adding the sender to the white list at a central location that is shared among the plurality of seam filters.
8. A method for identifying a spam message comprising:
receiving a message at a span filter in a network that includes a plurality of seam filters;
identifying the sender of the message;
determining if the sender has been previously confirmed as a valid sender including determining if the sender is included in a list of confirmed senders for any span filter in the network; and if so, then forwarding the received message to a recipient without separately confirming the sender.
9. The method of claim wherein the message is an email message.
10. The method of claim 8 wherein the white list is shared with at least two spam filters.
11. The method of claim 8 further comprising determining if the sender has not been previously confirmed and if not confirmed sending a confirmation to the sender, verifying a response from the sender, and if the response is acceptable, adding the sender to the white list at the given spam filter and sharing information with other spam filters in network, the information including information indicating that the sender has been confirmed.
12. The method of claim 11 wherein sharing includes publishing the white list at a central location
13. The method of claim 11 wherein determining includes checking a white list maintained at a central location
14. The method of claim 13 further comprising if the sender has not been previously confirmed, sending a confirmation to the sender, verifying a response, and if the response is acceptable, adding the sender to the white list shared among the plurality of spam filters.
15. A method for detecting a spammer in a network that includes a plurality of spam filters:
collecting information relating to a sender from a plurality of the spam filters:

determining a trend in the collected information; and identify a spammer based on the trend.
16. The method of claim 15 wherein collecting information includes collecting information relating to a number of messages sent by a sender to unrelated email addresses.
17. The method of claim 15 wherein determining trends includes correlating the messages received by an individual spam filter relating to a same sender.
18. The method of claim 15 wherein identifying includes determining that a sender is a spammer if a number of messages sent to unrelated email addresses in the correlated data exceeds a predetermined threshold.
19. The method of claim 18 wherein the threshold is time dependent.
20. A method for detecting spam in a messaging system comprising:
generating a white list of confirmed message senders and maintaining the white list at a data center:
receiving a message at a seam filter in a network that includes a plurality of spam filters:

verifying with the data center that the sender of the message is a confirmed message sender, add if so, forwarding the received message to a recipient without separately confirming the sender.
21. The method of claim 20 wherein the message is an email message.
22. The method of claim 20 further comprising sharing the white list with at least two seam filters in the network.
23. The method of claim 20 further comprising determining if the sender has not been previously confirmed, and if not confirmed then sending from the data center a confirmation to the sender, verifying a response received at the data sender, and if the response is acceptable, adding to the white list a name identifying the sender and sharing information identifying the sender as being confirmed with other spam filters in network
24. A method for identifying a spam message comprising:
Receiving a message at a seam filter in a network that includes a plurality of spam filters;
identifying the sender of the message;

verifying with a data center coupled to a plurality of the spam filters if the sender has been previously confirmed as a valid sender including determining if the sender is included in a list of confirmed senders for any seam filter in the network, said list maintained at the data center;
if the sender has been previously confirmed, forwarding the received message to a recipient without separately confirming the sender.
25. The method of claim 24 wherein the message is an email message.
26. The method of claim 24 wherein the list is shared with at least two spam filters.
27. The method of claim 24 further comprising determining if the sender has not been previously confirmed, and if not confirmed sending from the data center a confirmation to the sender, verifying if the response is acceptable, and adding an name identifying the sender to the list maintained at the data center.
28. A method for detecting a spammer in a network that includes a plurality of spam filters:
collecting, using a data center, information relating to a sender from a plurality of the spam filters:
determining a trend in the collected information;

identify a spammer based on the trend, including adding the sender to a list of confirmed spammers maintained by the data center.
29. The method of claim 28 wherein collecting information includes collecting information relating to a number of messages sent by a sender to unrelated email addresses.
30. The method of claim 28 wherein determining trends includes correlating messages received by an individual seam filter relating to a name sender.
31. The method of claim 28 wherein identifying includes determining that a sender is a spammer if a number of messages sent to unrelated email addresses in the correlated data exceeds a predetermined threshold.
32. The method of claim 31 wherein the threshold is time dependent.
33. A method for filtering spam in a messaging system comprising:
confirming that a message sender can receive;
sharing information indicating that the message sender can receive among a plurality of spam filters in the messaging system;
using said information at a given one of the plurality of spam filters to determine if a message should be allowed without separately determining whether the message sender can receive.
34. The method of claim 33 wherein the message is an email message.
35. The method of claim 33 further comprising confirming at a first spam filter in the system that a sender of a message can receive messages.
36. The method of claim 35 further comprising receiving the message at a second seam filter.
37. The method of claim 35 further comprising sharing information developed by the first seam filter with one or more other spam filters in the messaging system.
38. The method of claim 37 further comprising sharing the information with a data center, and thereafter allowing access by each of the spam filters in the messaging system to the information.
39. The method of claim 33 wherein the information is maintained in a list of confirmed senders.
40. The method of claim 39 wherein the list is shared with a plurality of the spam filters in the messaging system.
41. The method of claim 39 wherein the information is maintained in a list which is maintained by a data center accessible by a plurality of spam filters in the messaging system.
42. The method of claim 41 further comprising sharing the list with a plurality of seam filters in the messaging system.
43. The method of claim 42 further comprising maintaining a copy of the list at a plurality of spam filters in the messaging system.
44. The method of claim 39 further comprising associating a passcode with one or more of the confirmed senders in the list, and verifying a message received from a sender in the list includes the passcode if specified.
45. The method of claim 44 further comprising triggering an addition of a passcode for a sender in the list upon an occurrence of an predefined event.
46. The method of claim 45 wherein the event includes detection that an email address associated with the sender has been compromised.
47. The method of claim 39 further comprising including a pass code in the list for each confirmed sender and verifying the pass code is included in the message prior to forwarding the message from the sender to a recipient.
48. The method of claim 47 further comprising automatically adding the passcode associated with the sender at a time for transmission of a message from the sender in the messaging system.
49. The method of claim 48 further comprising providing a plug in module for automatically adding the passcode, the plug in module adapted to add the passcode prior to transmission to the messaging system.
50. The method of claim 33 further comprising correlating sender-recipient data at a spam filter in the messaging system and determining data related to how fast a list of recipients grows for a given sender;
determining a list of unacceptable senders using the sender-recipient data and the determined data; and sharing the list of unacceptable senders with other spam filters in the messaging system.
51. The method of claim 50 further comprising maintaining a list of recipients for each sender of messages processed by a given spam filter.
52. The method of claim 51 further comprising maintaining the list of recipients for each sender at a data center.
53. A method for processing messages at a seam filter in a messaging system, the messaging system including a plurality of spam filters, the method comprising:
receiving a message for processing, the message from an sender for delivery to an intended recipient;
determining if the sender is a confirmed sender, including querying a data center to determine if the sender is included in a list of confirmed senders based on information received from any of the plurality of spam filters in the messaging system, where confirmed senders are senders having a verified capability to receive messages;
if the sender is a confirmed sender, enabling transmission of the message to the intended recipient.
54. A method for processing messages at a seam filter in a messaging system, the messaging system including a plurality of spam filters, the method comprising:
receiving a message for processing, the message from a sender for delivery to an intended recipient;
determining if the sender is a confirmed sender, including querying a data center to determine if the sender is included in a list of confirmed senders based on information received from any of the plurality of spam filters in the messaging system, where confirmed senders are senders having a verified capability to receive messages;
if the sender is a not a confirmed sender, confirming the sender including sending the sender a notification;

upon receipt of a confirmation from the sender, sharing the sender's confirmed status with the plurality of spam filters in the messaging system including publishing the sender's status to the data center.
55. A method for minimizing spam in a messaging system, the messaging system including a plurality of spam filters, the method comprising:
receiving a request from one of the spam filters in the messaging system to verify if a sender of a message is a confirmed sender, a confirmed sender being a sender having a verified capability to receive messages;
evaluating a list of confirmed senders;
providing a notification to the one spam filter indicating whether the sender's status is confirmed.
56. A method for minimizing spam in a messaging system, the messaging system including a plurality of spam filters, the method comprising:
receiving a request from one of the spam filters in the messaging system to verify if a sender of a message is a confirmed sender, a confirmed sender being a sender having a verified capability to receive messages;
evaluating a list of confirmed senders;
if the sender is not included in the list of confirmed senders, confirming the sender including providing a notification to the sender and upon receipt of a confirmation from the sender, sharing the sender's status with the other spam filters in the messaging system including adding the sender to the list; and providing a notification to the one spam filter indicating whether the sender's status is confirmed.
57. The method of claim 56 wherein the step of confirming the sender is performed by a spam filter.
58. The method of claim 56 wherein the step of confirming the sender is performed by the requesting spam filter.
CA002473285A 2003-07-18 2004-07-08 Spam processing system and methods including shared information among plural spam filters Abandoned CA2473285A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/623,112 US20050015455A1 (en) 2003-07-18 2003-07-18 SPAM processing system and methods including shared information among plural SPAM filters
US10/623,112 2003-07-18

Publications (1)

Publication Number Publication Date
CA2473285A1 true CA2473285A1 (en) 2005-01-18

Family

ID=32908880

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002473285A Abandoned CA2473285A1 (en) 2003-07-18 2004-07-08 Spam processing system and methods including shared information among plural spam filters

Country Status (3)

Country Link
US (1) US20050015455A1 (en)
CA (1) CA2473285A1 (en)
GB (1) GB2404052A (en)

Families Citing this family (142)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6826407B1 (en) * 1999-03-29 2004-11-30 Richard J. Helferich System and method for integrating audio and visual messaging
US7003304B1 (en) * 1997-09-19 2006-02-21 Thompson Investment Group, Llc Paging transceivers and methods for selectively retrieving messages
US6253061B1 (en) * 1997-09-19 2001-06-26 Richard J. Helferich Systems and methods for delivering information to a transmitting and receiving device
US6636733B1 (en) 1997-09-19 2003-10-21 Thompson Trust Wireless messaging method
US6983138B1 (en) * 1997-12-12 2006-01-03 Richard J. Helferich User interface for message access
US8046832B2 (en) * 2002-06-26 2011-10-25 Microsoft Corporation Spam detector with challenges
US7590696B1 (en) 2002-11-18 2009-09-15 Aol Llc Enhanced buddy list using mobile device identifiers
US7428580B2 (en) 2003-11-26 2008-09-23 Aol Llc Electronic message forwarding
US7249162B2 (en) * 2003-02-25 2007-07-24 Microsoft Corporation Adaptive junk message filtering system
US7219148B2 (en) * 2003-03-03 2007-05-15 Microsoft Corporation Feedback loop for spam prevention
US20050091320A1 (en) * 2003-10-09 2005-04-28 Kirsch Steven T. Method and system for categorizing and processing e-mails
US20040177120A1 (en) * 2003-03-07 2004-09-09 Kirsch Steven T. Method for filtering e-mail messages
US7206814B2 (en) * 2003-10-09 2007-04-17 Propel Software Corporation Method and system for categorizing and processing e-mails
US20050080857A1 (en) * 2003-10-09 2005-04-14 Kirsch Steven T. Method and system for categorizing and processing e-mails
US7366761B2 (en) * 2003-10-09 2008-04-29 Abaca Technology Corporation Method for creating a whitelist for processing e-mails
US20050091319A1 (en) * 2003-10-09 2005-04-28 Kirsch Steven T. Database for receiving, storing and compiling information about email messages
US8005899B2 (en) 2003-03-19 2011-08-23 Message Level Llc System and method for detecting and filtering unsolicited and undesired electronic messages
US7640590B1 (en) * 2004-12-21 2009-12-29 Symantec Corporation Presentation of network source and executable characteristics
US7739494B1 (en) 2003-04-25 2010-06-15 Symantec Corporation SSL validation and stripping using trustworthiness factors
US7483947B2 (en) 2003-05-02 2009-01-27 Microsoft Corporation Message rendering for identification of content features
US7272853B2 (en) * 2003-06-04 2007-09-18 Microsoft Corporation Origination/destination features and lists for spam prevention
US7519668B2 (en) * 2003-06-20 2009-04-14 Microsoft Corporation Obfuscation of spam filter
US7711779B2 (en) 2003-06-20 2010-05-04 Microsoft Corporation Prevention of outgoing spam
US8533270B2 (en) 2003-06-23 2013-09-10 Microsoft Corporation Advanced spam detection techniques
US7653693B2 (en) * 2003-09-05 2010-01-26 Aol Llc Method and system for capturing instant messages
WO2005010728A2 (en) * 2003-07-23 2005-02-03 Findbase Llc Method and system for determining the probability of origin of an email
US7539729B1 (en) 2003-09-15 2009-05-26 Cloudmark, Inc. Method and apparatus to enable mass message publications to reach a client equipped with a filter
US7797443B1 (en) * 2003-12-03 2010-09-14 Microsoft Corporation System and method for detecting spam e-mail
US7882360B2 (en) 2003-12-19 2011-02-01 Aol Inc. Community messaging lists for authorization to deliver electronic messages
US7885901B2 (en) * 2004-01-29 2011-02-08 Yahoo! Inc. Method and system for seeding online social network contacts
US7269590B2 (en) * 2004-01-29 2007-09-11 Yahoo! Inc. Method and system for customizing views of information associated with a social network user
US8612359B2 (en) * 2004-01-29 2013-12-17 Yahoo! Inc. Method and system for sharing portal subscriber information in an online social network
US20050171954A1 (en) * 2004-01-29 2005-08-04 Yahoo! Inc. Selective electronic messaging within an online social network for SPAM detection
US7707122B2 (en) * 2004-01-29 2010-04-27 Yahoo ! Inc. System and method of information filtering using measures of affinity of a relationship
US8214438B2 (en) * 2004-03-01 2012-07-03 Microsoft Corporation (More) advanced spam detection features
US20050198508A1 (en) * 2004-03-04 2005-09-08 Beck Stephen H. Method and system for transmission and processing of authenticated electronic mail
US20050198159A1 (en) * 2004-03-08 2005-09-08 Kirsch Steven T. Method and system for categorizing and processing e-mails based upon information in the message header and SMTP session
US7752440B2 (en) * 2004-03-09 2010-07-06 Alcatel-Lucent Usa Inc. Method and apparatus for reducing e-mail spam and virus distribution in a communications network by authenticating the origin of e-mail messages
US7181761B2 (en) * 2004-03-26 2007-02-20 Micosoft Corporation Rights management inter-entity message policies and enforcement
DK1733532T3 (en) * 2004-03-30 2008-11-03 Imencro Software Sa Filters and methods for filtering electronic messages
US7747860B2 (en) 2004-05-04 2010-06-29 Message Level, Llc System and method for preventing delivery of unsolicited and undesired electronic messages by key generation and comparison
US7912905B2 (en) * 2004-05-18 2011-03-22 Computer Associates Think, Inc. System and method for filtering network messages
CN101288060B (en) * 2004-05-25 2012-11-07 波斯蒂尼公司 Electronic message source reputation information system
US8707251B2 (en) * 2004-06-07 2014-04-22 International Business Machines Corporation Buffered viewing of electronic documents
US7552186B2 (en) 2004-06-28 2009-06-23 International Business Machines Corporation Method and system for filtering spam using an adjustable reliability value
US7664819B2 (en) 2004-06-29 2010-02-16 Microsoft Corporation Incremental anti-spam lookup and update service
US7996471B2 (en) * 2004-07-13 2011-08-09 At&T Intellectual Property I, L.P. Electronic message distribution system
US7904517B2 (en) 2004-08-09 2011-03-08 Microsoft Corporation Challenge response systems
US7660865B2 (en) * 2004-08-12 2010-02-09 Microsoft Corporation Spam filtering with probabilistic secure hashes
US20080086532A1 (en) * 2004-10-04 2008-04-10 Brian Cunningham Method for the Verification of Electronic Message Delivery and for the Collection of Data Related to Electronic Messages Sent with False Origination Addresses
ATE548841T1 (en) * 2005-01-14 2012-03-15 Bae Systems Plc NETWORK BASED SECURITY SYSTEM
US7647381B2 (en) * 2005-04-04 2010-01-12 Aol Llc Federated challenge credit system
JP4559295B2 (en) * 2005-05-17 2010-10-06 株式会社エヌ・ティ・ティ・ドコモ Data communication system and data communication method
US8006285B1 (en) 2005-06-13 2011-08-23 Oracle America, Inc. Dynamic defense of network attacks
CN100349421C (en) * 2005-06-21 2007-11-14 广东省电信有限公司研究院 Detecting and positioning method of spam server
US7930353B2 (en) * 2005-07-29 2011-04-19 Microsoft Corporation Trees of classifiers for detecting email spam
EP1922631B1 (en) * 2005-08-09 2015-04-15 Message Level, LLC System and method for preventing delivery of unsolicited and undesired electronic messages by key generation and comparison
US7760722B1 (en) * 2005-10-21 2010-07-20 Oracle America, Inc. Router based defense against denial of service attacks using dynamic feedback from attacked host
US8635284B1 (en) * 2005-10-21 2014-01-21 Oracle Amerca, Inc. Method and apparatus for defending against denial of service attacks
US8065370B2 (en) 2005-11-03 2011-11-22 Microsoft Corporation Proofs to filter spam
US20070124385A1 (en) * 2005-11-18 2007-05-31 Denny Michael S Preference-based content distribution service
US7926108B2 (en) * 2005-11-23 2011-04-12 Trend Micro Incorporated SMTP network security processing in a transparent relay in a computer network
US7836132B2 (en) * 2005-12-13 2010-11-16 Microsoft Corporation Delivery confirmation for e-mail
EP1999613A4 (en) 2006-02-14 2014-08-06 Message Level Llc Method for predelivery verification of an intended recipient of an electronic message and dynamic generation of message content upon verification
US8131805B2 (en) * 2006-03-01 2012-03-06 Research In Motion Limited Multilevel anti-spam system and method with load balancing
EP1999617A2 (en) * 2006-03-03 2008-12-10 Big Online Ideas LLC Electronic communication relationship management system and methods for using same
DE102006029013A1 (en) * 2006-06-23 2007-12-27 Nokia Siemens Networks Gmbh & Co.Kg Method for automatically recording addresses in a list of accepted transmitters in a communication system
US8332947B1 (en) 2006-06-27 2012-12-11 Symantec Corporation Security threat reporting in light of local security tools
US8095967B2 (en) 2006-07-27 2012-01-10 White Sky, Inc. Secure web site authentication using web site characteristics, secure user credentials and private browser
US8577968B2 (en) * 2006-11-14 2013-11-05 Mcafee, Inc. Method and system for handling unwanted email messages
US7958117B2 (en) * 2006-11-17 2011-06-07 Yahoo! Inc. Initial impression analysis tool for an online dating service
US8224905B2 (en) 2006-12-06 2012-07-17 Microsoft Corporation Spam filtration utilizing sender activity data
US20080168536A1 (en) * 2007-01-10 2008-07-10 Rueckwald Mark C System and methods for reduction of unwanted electronic correspondence
US8185953B2 (en) * 2007-03-08 2012-05-22 Extrahop Networks, Inc. Detecting anomalous network application behavior
US8150928B2 (en) * 2007-04-02 2012-04-03 Chin Fang Spam resistant e-mail system
US8725597B2 (en) * 2007-04-25 2014-05-13 Google Inc. Merchant scoring system and transactional database
DE602007012885D1 (en) * 2007-10-03 2011-04-14 Research In Motion Ltd Method and apparatus for collaborative filtering of electronic mail
JP4444998B2 (en) * 2007-10-12 2010-03-31 富士通株式会社 E-mail information management program, e-mail information management apparatus, and e-mail information management method
US20090138560A1 (en) * 2007-11-28 2009-05-28 James Joseph Stahl Jr Method and Apparatus for Automated Record Creation Using Information Objects, Such as Images, Transmitted Over a Communications Network to Inventory Databases and Other Data-Collection Programs
US8590039B1 (en) 2007-11-28 2013-11-19 Mcafee, Inc. System, method and computer program product for sending information extracted from a potentially unwanted data sample to generate a signature
US8479284B1 (en) * 2007-12-20 2013-07-02 Symantec Corporation Referrer context identification for remote object links
EP2091217A1 (en) * 2008-02-18 2009-08-19 Research In Motion Limited Message filter program for a communication device
US8229413B2 (en) 2008-02-18 2012-07-24 Research In Motion Limited Message filter program for a communication device
US7512978B1 (en) * 2008-02-24 2009-03-31 International Business Machines Corporation Human-read-only configured e-mail
US9306796B1 (en) 2008-03-18 2016-04-05 Mcafee, Inc. System, method, and computer program product for dynamically configuring a virtual environment for identifying unwanted data
US8744976B2 (en) * 2008-04-28 2014-06-03 Yahoo! Inc. Discovery of friends using social network graph properties
US8806590B2 (en) * 2008-06-22 2014-08-12 Microsoft Corporation Signed ephemeral email addresses
US8301904B1 (en) 2008-06-24 2012-10-30 Mcafee, Inc. System, method, and computer program product for automatically identifying potentially unwanted data as unwanted
US8180838B2 (en) * 2008-08-29 2012-05-15 Microsoft Corporation Efficiently managing modular data storage systems
US8996622B2 (en) * 2008-09-30 2015-03-31 Yahoo! Inc. Query log mining for detecting spam hosts
EP2332311B1 (en) * 2008-10-06 2016-08-24 NEC Corporation Protection against unsolicited communication for ims
SG172048A1 (en) * 2008-12-12 2011-07-28 Boxsentry Pte Ltd Electronic messaging integrity engine
US8352558B2 (en) * 2009-02-10 2013-01-08 Microsoft Corporation Transport high availability via acknowledge management
US9055414B2 (en) * 2009-02-20 2015-06-09 Microsoft Technology Licensing, Llc Text messaging pipeline configuration
US8627461B2 (en) 2009-03-04 2014-01-07 Mcafee, Inc. System, method, and computer program product for verifying an identification of program information as unwanted
US8719939B2 (en) * 2009-12-31 2014-05-06 Mcafee, Inc. Malware detection via reputation system
US8458268B1 (en) * 2010-02-22 2013-06-04 Symantec Corporation Systems and methods for distributing spam signatures
US20110225076A1 (en) * 2010-03-09 2011-09-15 Google Inc. Method and system for detecting fraudulent internet merchants
US8745143B2 (en) * 2010-04-01 2014-06-03 Microsoft Corporation Delaying inbound and outbound email messages
SG177015A1 (en) * 2010-06-07 2012-01-30 Boxsentry Pte Ltd In situ correction of false-positive errors in messaging security systems (lagotto)
US8549617B2 (en) 2010-06-30 2013-10-01 Juniper Networks, Inc. Multi-service VPN network client for mobile device having integrated acceleration
US10142292B2 (en) 2010-06-30 2018-11-27 Pulse Secure Llc Dual-mode multi-service VPN network client for mobile device
US8127350B2 (en) * 2010-06-30 2012-02-28 Juniper Networks, Inc. Multi-service VPN network client for mobile device
US9111282B2 (en) 2011-03-31 2015-08-18 Google Inc. Method and system for identifying business records
US9438656B2 (en) * 2012-01-11 2016-09-06 International Business Machines Corporation Triggering window conditions by streaming features of an operator graph
US9430117B2 (en) 2012-01-11 2016-08-30 International Business Machines Corporation Triggering window conditions using exception handling
ES2631078T3 (en) * 2012-02-21 2017-08-28 Lleidanetworks Serveis Telemàtics S.A. Method for the certification of sending electronic messages
US8396935B1 (en) * 2012-04-10 2013-03-12 Google Inc. Discovering spam merchants using product feed similarity
US8918473B1 (en) * 2012-10-09 2014-12-23 Whatsapp Inc. System and method for detecting unwanted content
US9501746B2 (en) 2012-11-05 2016-11-22 Astra Identity, Inc. Systems and methods for electronic message analysis
US9154514B1 (en) 2012-11-05 2015-10-06 Astra Identity, Inc. Systems and methods for electronic message analysis
US9077744B2 (en) * 2013-03-06 2015-07-07 Facebook, Inc. Detection of lockstep behavior
US9811830B2 (en) 2013-07-03 2017-11-07 Google Inc. Method, medium, and system for online fraud prevention based on user physical location data
US9686308B1 (en) 2014-05-12 2017-06-20 GraphUS, Inc. Systems and methods for detecting and/or handling targeted attacks in the email channel
US9300554B1 (en) 2015-06-25 2016-03-29 Extrahop Networks, Inc. Heuristics for determining the layout of a procedurally generated user interface
US10204211B2 (en) 2016-02-03 2019-02-12 Extrahop Networks, Inc. Healthcare operations with passive network monitoring
US9729416B1 (en) 2016-07-11 2017-08-08 Extrahop Networks, Inc. Anomaly detection using device relationship graphs
US9660879B1 (en) 2016-07-25 2017-05-23 Extrahop Networks, Inc. Flow deduplication across a cluster of network monitoring devices
US10476673B2 (en) 2017-03-22 2019-11-12 Extrahop Networks, Inc. Managing session secrets for continuous packet capture systems
US10944788B2 (en) * 2017-04-07 2021-03-09 Trusona, Inc. Systems and methods for communication verification
US10063434B1 (en) 2017-08-29 2018-08-28 Extrahop Networks, Inc. Classifying applications or activities based on network behavior
US9967292B1 (en) 2017-10-25 2018-05-08 Extrahop Networks, Inc. Inline secret sharing
US10389574B1 (en) 2018-02-07 2019-08-20 Extrahop Networks, Inc. Ranking alerts based on network monitoring
US10264003B1 (en) 2018-02-07 2019-04-16 Extrahop Networks, Inc. Adaptive network monitoring with tuneable elastic granularity
US10038611B1 (en) 2018-02-08 2018-07-31 Extrahop Networks, Inc. Personalization of alerts based on network monitoring
US10270794B1 (en) 2018-02-09 2019-04-23 Extrahop Networks, Inc. Detection of denial of service attacks
US10116679B1 (en) 2018-05-18 2018-10-30 Extrahop Networks, Inc. Privilege inference and monitoring based on network behavior
US10411978B1 (en) 2018-08-09 2019-09-10 Extrahop Networks, Inc. Correlating causes and effects associated with network activity
JP6669954B2 (en) 2018-08-14 2020-03-18 デジタルア−ツ株式会社 Information processing apparatus, information processing method, and information processing program
US10594718B1 (en) 2018-08-21 2020-03-17 Extrahop Networks, Inc. Managing incident response operations based on monitored network activity
US10965702B2 (en) 2019-05-28 2021-03-30 Extrahop Networks, Inc. Detecting injection attacks using passive network monitoring
US11165814B2 (en) 2019-07-29 2021-11-02 Extrahop Networks, Inc. Modifying triage information based on network monitoring
US10742530B1 (en) 2019-08-05 2020-08-11 Extrahop Networks, Inc. Correlating network traffic that crosses opaque endpoints
US11388072B2 (en) 2019-08-05 2022-07-12 Extrahop Networks, Inc. Correlating network traffic that crosses opaque endpoints
US10742677B1 (en) 2019-09-04 2020-08-11 Extrahop Networks, Inc. Automatic determination of user roles and asset types based on network monitoring
US11165823B2 (en) 2019-12-17 2021-11-02 Extrahop Networks, Inc. Automated preemptive polymorphic deception
US10938780B1 (en) * 2020-03-04 2021-03-02 Snowflake Inc. Secure message exchange between deployments
EP4218212A1 (en) 2020-09-23 2023-08-02 ExtraHop Networks, Inc. Monitoring encrypted network traffic
US11463466B2 (en) 2020-09-23 2022-10-04 Extrahop Networks, Inc. Monitoring encrypted network traffic
US11349861B1 (en) 2021-06-18 2022-05-31 Extrahop Networks, Inc. Identifying network entities based on beaconing activity
US11296967B1 (en) 2021-09-23 2022-04-05 Extrahop Networks, Inc. Combining passive network analysis and active probing
US11843606B2 (en) 2022-03-30 2023-12-12 Extrahop Networks, Inc. Detecting abnormal data access based on data similarity

Family Cites Families (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5758083A (en) * 1995-10-30 1998-05-26 Sun Microsystems, Inc. Method and system for sharing information between network managers
US6031978A (en) * 1996-06-28 2000-02-29 International Business Machines Corporation System, method and program for enabling a client to reconnect to a same server in a network of computer systems after the server has moved to a different network address
US6249805B1 (en) * 1997-08-12 2001-06-19 Micron Electronics, Inc. Method and system for filtering unauthorized electronic mail messages
US6199102B1 (en) * 1997-08-26 2001-03-06 Christopher Alan Cobb Method and system for filtering electronic messages
US6023723A (en) * 1997-12-22 2000-02-08 Accepted Marketing, Inc. Method and system for filtering unwanted junk e-mail utilizing a plurality of filtering mechanisms
US5999932A (en) * 1998-01-13 1999-12-07 Bright Light Technologies, Inc. System and method for filtering unsolicited electronic mail messages using data matching and heuristic processing
US6546416B1 (en) * 1998-12-09 2003-04-08 Infoseek Corporation Method and system for selectively blocking delivery of bulk electronic mail
US6393464B1 (en) * 1999-05-10 2002-05-21 Unbound Communications, Inc. Method for controlling the delivery of electronic mail messages
AU5933700A (en) * 1999-07-13 2001-01-30 All Advantage. Com, Inc. Method and system for classifying users of an electronic network
WO2001016695A1 (en) * 1999-09-01 2001-03-08 Katsikas Peter L System for eliminating unauthorized electronic mail
US6321267B1 (en) * 1999-11-23 2001-11-20 Escom Corporation Method and apparatus for filtering junk email
US7249175B1 (en) * 1999-11-23 2007-07-24 Escom Corporation Method and system for blocking e-mail having a nonexistent sender address
US6779021B1 (en) * 2000-07-28 2004-08-17 International Business Machines Corporation Method and system for predicting and managing undesirable electronic mail
US6928465B2 (en) * 2001-03-16 2005-08-09 Wells Fargo Bank, N.A. Redundant email address detection and capture system
US20030009698A1 (en) * 2001-05-30 2003-01-09 Cascadezone, Inc. Spam avenger
US20030023736A1 (en) * 2001-07-12 2003-01-30 Kurt Abkemeier Method and system for filtering messages
GB0204589D0 (en) * 2002-02-27 2002-04-10 Gordano Ltd Filtering E-mail messages
AUPS193202A0 (en) * 2002-04-23 2002-05-30 Pickup, Robert Barkley Mr A method and system for authorising electronic mail
AU2003278421A1 (en) * 2002-06-19 2004-01-06 Joseph C. Benowitz Technology enhanced communication authorization system
US20040034694A1 (en) * 2002-08-15 2004-02-19 International Business Machines Corporation System, method, and computer program product in a data processing system for blocking unwanted email messages
US7219148B2 (en) * 2003-03-03 2007-05-15 Microsoft Corporation Feedback loop for spam prevention
US7320020B2 (en) * 2003-04-17 2008-01-15 The Go Daddy Group, Inc. Mail server probability spam filter
US7711779B2 (en) * 2003-06-20 2010-05-04 Microsoft Corporation Prevention of outgoing spam
US20050108337A1 (en) * 2003-11-14 2005-05-19 Electronic Data Systems Corporation System, method, and computer program product for filtering electronic mail
US7222158B2 (en) * 2003-12-31 2007-05-22 Aol Llc Third party provided transactional white-listing for filtering electronic communications
US20060036690A1 (en) * 2004-07-12 2006-02-16 O'neil Patrick J Network protection system

Also Published As

Publication number Publication date
US20050015455A1 (en) 2005-01-20
GB0415627D0 (en) 2004-08-18
GB2404052A (en) 2005-01-19

Similar Documents

Publication Publication Date Title
CA2473285A1 (en) Spam processing system and methods including shared information among plural spam filters
US7249175B1 (en) Method and system for blocking e-mail having a nonexistent sender address
US9647971B2 (en) Automatic delivery selection for electronic content
US6546416B1 (en) Method and system for selectively blocking delivery of bulk electronic mail
US7277549B2 (en) System for implementing business processes using key server events
JP5256358B2 (en) System and method for verifying delivery and integrity of electronic messages
US6321267B1 (en) Method and apparatus for filtering junk email
US9177293B1 (en) Spam filtering system and method
US8595495B2 (en) System and method for secure communications
US8347095B2 (en) System and method for preventing delivery of unsolicited and undesired electronic messages by key generation and comparison
US20060149823A1 (en) Electronic mail system and method
AU782333B2 (en) Electronic message filter having a whitelist database and a quarantining mechanism
US20080086532A1 (en) Method for the Verification of Electronic Message Delivery and for the Collection of Data Related to Electronic Messages Sent with False Origination Addresses
JP2005518763A (en) System and method for verifying delivery and integrity of electronic messages
WO2009011807A1 (en) Sender authentication for difficult to classify email
JP2009527058A (en) How to verify the intended recipient of an electronic message before delivery, and how to dynamically generate message content upon confirmation
EP1922631B1 (en) System and method for preventing delivery of unsolicited and undesired electronic messages by key generation and comparison
WO2008015669A2 (en) Communication authenticator
JP2009505216A (en) System and method for detecting and filtering unsolicited electronic messages
GB2405004A (en) Electronic message filtering
JP2012069125A (en) System and method for detecting and filtering unsolicited and undesired electronic messages

Legal Events

Date Code Title Description
EEER Examination request
FZDE Discontinued