Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing – Network resources access controlling
Reexamination Certificate
1999-11-23
2001-11-20
Etienne, Ario (Department: 2155)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
Network resources access controlling
C709S218000, C709S227000, C709S238000, C370S351000, C713S152000
Reexamination Certificate
active
06321267
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention generally concerns electronic messaging. In particular, the present invention concerns a system for filtering undesired electronic mail.
2. Description of the Related Art
Generally, the term “spam” has come to refer to posting electronic messages to news groups or mailing to addresses on an address list the same message an unacceptably large number (generally, 20-25) of times. As used herein, the term “spam” or “junk mail” refers to the sending of unsolicited electronic messages (or “email”) to a large number of users on the Internet. This includes email advertisements, sometimes referred to as Unsolicited Commercial Email (UCE), as well as non-commercial bulk email that advocates some political or social position. A “spammer” is a person or organization that generates the junk mail.
The principal objection to junk mail is that it is theft of an organization's resources, such as time spent by employees to open each message, classify it (legitimate vs. junk), and delete the message. Time is also spent by employees following up on advertising content while on the job. In addition, there is an increased security risk from visiting web sites advertised in email messages. Employees may also be deceived into acting improperly, such as to release confidential information, due to a forged message. Still yet, there is a loss of the network administrator's time to deal with spam and forged messages, as well as the use of network bandwidth, disk space, and system memory required to store the message. Finally, in the process of deleting junk mail, users may inadvertently discard or overlook other important messages. Another objection to junk mail is that it is frequently used to advertise objectionable, fraudulent, or dangerous content, such as pornography, illegal pyramid schemes or to propagate financial scams.
Spam can also be a serious security problem. For instance, the recent Melissa virus and ExploreZip.worm have been spread almost exclusively via email attachments. Such viruses are usually dangerous only if the user opens the attachment that contains the malicious code, but many users open such attachments.
Email may also be used to download or activate dangerous code, such as Java applets, Javascript, and ActiveX controls. Email programs that support Hypertext Markup Language (HTML) can download malicious Java applets or scripts that execute with the mail user's privileges and permissions. Email has also been used to activate certain powerful ActiveX controls that were distributed with certain operating systems and browsers. In this case, the code is already on the user's system, but is invoked in a way that is dangerous. For instance, this existing code can be invoked by an email message to install a computer virus, turn off security checking, or to read, modify, or delete any information on the user's disk drive.
Both spammers, and those who produce malicious code, typically attempt to hide their identities when they distribute mail or code. Instead of mailing directly from an easily-traced account at a major Internet provider, they may, for instance, send their mail from a spam-friendly network, using forged headers, and relay the message through intermediate hosts. Consequently, the same mechanisms that can be used to block spam can also be used to provide a layer of protection for keeping malicious code out of an organization's internal network.
Simple Mail Transfer Protocol (SMTP)
Simple Mail Transfer Protocol (SMTP) is the predominant email protocol used on the Internet. It is a Transmission Control Protocol/Internet Protocol (TCP/IP) communication protocol that defines the message formats used for transfer of mail from one Message Transfer Agent (MTA) via the Internet to another MTA. As shown in
FIG. 1
, Internet mail operates at two distinct levels: the User Agent (UA) and the MTA. User Agent programs provide a human interface to the mail system and are concerned with sending, reading, editing, and saving email messages. Message Transfer Agents handle the details of sending email across the Internet.
According to SMTP, an email message is typically sent in the following manner. A user
1040
(located at a personal computer or a terminal device) runs a UA program
1041
to create an email message. When the User Agent completes processing of the message, it places the message text and control information in a queue
1042
of outgoing messages. This queue is typically implemented as a collection of files accessible to the MTA. In some instances, the message may be created on a personal computer and transferred to the queue using methods such as the Post Office Protocol (POP) or Interactive Mail Access Protocol (IMAP).
The sending network will have one or more hosts that run a MTA
1043
, such as Unix sendmail by Sendmail, Inc. of California or Microsoft Exchange. By convention, it establishes a Transmission Control Protocol (TCP) connection to the reserved SMTP port (TCP
25
) on the destination host and uses the Simple Mail Transfer Protocol (SMTP)
1044
to transfer the message across the Internet.
The SMTP session between the sending and receiving MTAs results in the message being transferred from a queue
1042
on the sending host to a queue
1046
on the receiving host. When the message transfer is completed, the receiving MTA
1045
closes the TCP connection used by SMTP, the sending host
1043
removes the message from its mail queue, and the recipient
1048
can use his/her configured User Agent program
1047
to read the message in the mail queue
1046
.
FIG. 2
is a graphical representation of an example of the SMTP messages sent across the Internet. In this example, sender@remote.dom sends a message to user@escom.com (The top-level domain name “dom” does not actually exist, and is used for illustrative purposes only to avoid referring to a example domain).
The sending host's Message Transfer Agent
1001
sends an email message to the receiving host
1002
. At step
1010
, the sending MTA opens a TCP connection to the receiving host's reserved SMTP port. This is shown as a dashed line with an italics description to differentiate it from the subsequent protocol messages. This typically involves making calls to the Domain Name System (DNS) to get the IP address of the destination host or the IP address from a Mail Exchange (MX) record for the domain. For example, the domain escom.com has a single MX record that lists the IP address 192.135.140.3. Other networks, particularly large Internet Service Providers (ISPs), might have multiple MX records that define a prioritized list of IP addresses to be used to send email to that domain.
The sending MTA typically establishes the connection by: (1) making a socket system call to acquire a socket (a structure used to manage network communications); (2) filling in the socket structure with the destination IP address (e.g., 192.135.140.3); (3) defining the protocol family (Internet) and destination port number (by convention, the MTAs use the reserved TCP port
25
); and, (4) making a connect system call to open a TCP connection to the remote MTA and returning a descriptor for the communications channel.
The process of opening a TCP connection causes the receiving host's operating system (or networking software) to associate the TCP connection with a process that is listening on the destination TCP port. The TCP connection is a bi-directional pipe between the sending MTA
1001
on the sending host and the receiving MTA
1002
on the receiving host. SMTP is line-oriented, which means that all protocol messages, responses, and message data are transferred as a sequence of ASCII characters ending with a line feed (newline) character.
In step
1011
, the receiving MTA sends a service greeting message when it is ready to proceed. The greeting message typically gives the host name, MTA program and version number, date/time/timezone, and perhaps additional information as deemed by the host administrator.
Blank Rome Comisky & McCauley LLP
ESCOM Corporation
Etienne Ario
LandOfFree
Method and apparatus for filtering junk email does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for filtering junk email, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for filtering junk email will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2610649