Electrical computers and digital processing systems: multicomput – Computer conferencing – Priority based messaging
Reexamination Certificate
1999-07-19
2003-01-14
Follansbee, John A. (Department: 2156)
Electrical computers and digital processing systems: multicomput
Computer conferencing
Priority based messaging
C709S225000, C709S232000, C712S300000
Reexamination Certificate
active
06507866
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates to methodologies for detecting patterns in received e-mail messages on a computer system. In particular, the present invention describes a method for detecting undesired e-mail usage based on the pattern of received e-mail messages on a computer system.
Detection of an undesired pattern of e-mail messages is the first step in reducing or eliminating the volume of undesired e-mail messages received by a computer system or server. Once detection is accomplished, a policy can be set on the computer system or server to filter out the sources or types of e-mail messages.
Traditional methods for reducing or eliminating the volume of undesired e-mail messages focus on filtering techniques once sources or types of undesired e-mail have been identified. These methods assume that sources or types of undesired e-mail are given, and/or identify sources or types on a per-e-mail basis. For example, one per-e-mail basis determination technique involves analyzing the header of a particular e-mail to determine whether that e-mail was sent in a way that hides its true origin. A filter may then be used in conjunction with this technique to disregard any e-mail message hiding its true origin.
Format of Internet E-mail Messages
The 821 Header
The 821 header is a header which is attached to e-mail messages and which contains routing information for the e-mail. The 821 header contains commands and replies sent before transmission of the e-mail message at the Simple Mail Transfer Protocol (“SMTP”) level.
SMTP is based on a model of communication in which, as a result of a user e-mail request, a sender-SMTP establishes a two-way transmission channel with a receiver-SMTP. The receiver-SMTP may be the ultimate destination, or just an intermediary. In the transmission channel, SMTP commands are generated by the sender-SMTP and sent to the receiver-SMTP. The receiver-SMTP sends SMTP replies to the sender-SMTP in response to these commands.
In a typical exchange between the sender-SMTP and the receiver-SMTP, the sender-SMTP will send a “MAIL FROM” command indicating the sender of the e-mail. The receiver-SMTP will respond with an “OK” reply, if it can accept the e-mail. The sender-SMTP will then send a “RCPT” command, which identifies the recipient of the e-mail. If the receiver-SMTP can accept the e-mail message for that recipient, it will respond with an “OK” reply; if not, it will respond with a reply rejecting that recipient. Other recipients may then be negotiated. After all recipients have been negotiated, the sender-SMTP will send the data constituting the e-mail message. If the receiver-SMTP successfully receives the e-mail data, it will respond with an “OK” reply.
The command and reply sequence in the transmission channel will be part of an e-mail which is successfully transmitted, forming the 821 header for that e-mail message. This header will be comprised of fields of text, where each field represents a command or reply in the sequence. Additional details on SMTP commands and format can be found in the Internet standard document “Requests for Comments #821, Simple Mail Transfer Protocol,” Jonathan B. Postel (1982).
The 822 Header
Text messages sent by e-mail may be viewed as having an envelope and contents. The contents of an e-mail text message comprise the data sought to be conveyed to the recipient. The envelope contains information needed to accomplish transmission and delivery of the contents. This envelope is comprised of a header and fields within the header, where each field contains two sub-fields, a field-name and a field-body. The field-name specifies the name of the field, whereas the field-body contains the content of that field for that e-mail message.
The header which is a part of the e-mail message (“the 822 header”) is different from and in addition to the 821 header discussed earlier. The 821 header is used for mail routing, whereas the 822 header contains envelope information for an e-mail subscriber.
Typical 822 header fields include a “to” field containing the e-mail address of the receiving subscriber, “cc” and “bcc” fields containing addresses of subscribers to which copies of the e-mail message are sent, a “subject” field which may include a sending-subscriber text string identifying the subject of the e-mail message, and other fields. Formatting, and additional details of the 822 header are discussed in the Internet standard document “Request for Comments #822, Standard for the Format of ARPA Internet Messages,” David H. Crocker (1982).
EXAMPLES OF UNDESIRED E-MAIL USAGE
What constitutes undesired e-mail usage may vary depending on the e-mail policies implemented on a specific computer system or server. One general characteristic is that a large number of unwanted e-mail messages which tax system resources is usually produced as a consequence of such undesired usage. Undesired e-mail is not always generated by a malicious user; such e-mail may be generated unintentionally by users or even systems. For purposes of illustration, the following examples will assume that the environment comprises a wireless telephonic service provider, a gateway operated by the wireless telephonic service provider (the mobile device gateway), remote gateways not part of the wireless telephonic service provider and subscribers with mobile devices capable of communicating with the gateways operated by the wireless telephonic service provider through the remote gateways. In the following examples, the point of view of the wireless telephonic service provider is taken in considering what constitutes undesired e-mail usage.
Example 1
A subscriber put in place an automatic notification system which sent e-mail to his/her mobile device when his/her system was unreachable by his/her monitoring system. The system had a failure which caused this monitoring check to trigger and send e-mail messages stating that the system was unreachable. Unfortunately, this caused thousands of e-mail messages to be sent in a short amount of time to the mobile device gateway. These e-mail messages contained the same information. Such e-mail usage is undesirable.
Example 2
Similar to example 1, except that the monitoring trigger was based on the status of a database instead of whether the system was reachable.
Example 3
A system administrator frequently mailed information on the health of the system to a number of mobile users, regardless of the condition of the system. The average e-mail message load was approximately 600 messages per hour. Such e-mail usage is undesirable.
Example 4
A paging service was unable to use the blind copy feature to copy several recipients on an e-mail message. Therefore, the service sent the same e-mail message to these recipients, one at a time. Such e-mail usage could be deemed undesirable.
Example 5
An e-mail message may be relayed through a gateway although the e-mail message is not destined to or sourced from that gateway. Consequently, a system attached to the gateway may be used contrary to its designated purpose. Use of the system by such e-mail is undesirable.
Example 6
Mail bombing comprises sending continuous e-mail messages to a destination from one or several sources. It is an unacceptable attempt to disable an e-mail system or e-mail account. Such use of e-mail is undesirable.
Example 7
Some invaders of a system may attempt to pipe commands for execution through an e-mail server. For example, invaders have attempted to use e-mail servers to pipe unauthorized Telnet sessions out from the system for their use. Such use of e-mail is undesirable.
Example 8
An unsolicited e-mail message was sent to subscribers of a wireless system, using a number generator that incremented the user field. This caused a number of e-mail messages with the same content to be sent to subscribers. Such e-mail usage is undesirable.
Known Solutions
Most of the work in reducing or eliminating undesired e-mail has been performed in the area of filtering.
Origin-Based Heuristic Filtering
Heuristic filtering presumes that an undesired e-mail c
AT&T Wireless Services Inc.
Follansbee John A.
LandOfFree
E-mail usage pattern detection does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with E-mail usage pattern detection, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and E-mail usage pattern detection will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3050115