US2013325991A1PendingUtilityA1
Filtering Unsolicited Emails
Est. expiryNov 9, 2031(~5.3 yrs left)· nominal 20-yr term from priority
Inventors:Charles W. Chambers, Jr.Martin TraversoDain Sidney SundstromDavid Andrew PhillipsDavid Eric HagarMark Erol Kent
H04L 51/212H04L 51/12
44
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A method for filtering unsolicited emails may comprise dynamically aggregating historical email data associated with a user or a group of users and dynamically determining one or more trusted trends criteria associated with the historical email data. The method may further comprise receiving a new email addressed to the user or the group of users, calculating a score associated with the new email based on the one or more trusted trends criteria, determining that the score is above a predetermined threshold score, and, based on the determination, selectively filtering the new email.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A computer-implemented method for filtering emails, the method comprising:
dynamically aggregating, by one or more processors, historical email data, the historical email data including emails associated with a user or a group of users; dynamically determining, by the one or more processors, one or more trusted trends criteria associated with the historical email data; receiving, by the one or more processors, a new email addressed to the user or the group of users; calculating, by the one or more processors, a score associated with the new email based on the one or more trusted trends criteria; determining, by the one or more processors, that the score is above a predetermined threshold score; and based on the determination, selectively filtering, by the one or more processors, the new email.
2 . The method of claim 1 , wherein the one or more trusted trends criteria include one or more attributes associated with the historical email data.
3 . The method of claim 2 , wherein the one or more attributes include one or more user side attributes.
4 . The method of claim 3 , wherein the one or more user side attributes include one or more of the following: a number of emails by size, a number of emails by time of day, a number of recipients per email, a number of emails per mail user agent, a number of emails by language, a number of emails by character set, a number of emails by number of attachments, a number of emails by content type, a number of emails having a header and a number of emails lacking a header, a receive to send ratio by address, a number of emails received by address, a number of emails sent to by address, and a percentage of unsolicited emails received.
5 . The method of claim 2 , wherein the one or more attributes include one or more infrastructure attributes.
6 . The method of claim 5 , wherein the one or more infrastructure attributes include one or more of the following: a number of Internet Protocol (IP) addresses in an Autonomous System Number (ASN), email volume per IP, a number of domains per the ASN, a number of emails by size, a number of sent and received emails per time of day, and a number of recipients per email.
7 . The method of claim 2 , wherein the one or more attributes include one or more company attributes.
8 . The method of claim 7 , wherein the one or more company attributes include one or more of the following: a number of IP addresses in the ASN, a number of sending Top-Level Domains (TLDs), a number of sent and received emails per time of day, a number of emails received per domain, and a number of emails received per sender.
9 . The method of claim 2 , wherein the one or more attributes include one or more email attributes.
10 . The method of claim 9 , wherein the one or more email attributes include one or more of the following: a number of headers per email, a number of recipients, a number of emails per language, a number of emails by character set, a number of emails by country, a number of emails by number of attachments, and a number of emails by content type.
11 . The method of claim 2 , wherein the one or more attributes include one or more trending attributes.
12 . The method of claim 11 , wherein the one or more trending attributes include one or more of the following: a number of emails by an IP address, a number of emails to a target by an IP address, and a number of Uniform Resource Locators (URLs) per email.
13 . The method of claim 1 , wherein the calculation of the score associated with the new email includes analyzing, by the one or more processors, content and metadata associated with the new email.
14 . The method of claim 1 , further comprising training, by the one or more processors, one or more machine learning algorithms by dynamically updating the one or more trusted trends criteria associated with the historical email data.
15 . The method of claim 1 , further comprising marking, by the one or more processors, the new email as a suspicious email based on the determination that the score is above the predetermined threshold score.
16 . The method of claim 1 , further comprising replacing, by the one or more processors, a URL associated with the new email with a predetermined safe URL.
17 . The method of claim 1 , further comprising redirecting, by the one or more processors, the new email into a sandbox.
18 . The method of claim 1 , wherein the calculating of the score associated with the new email comprises matching attributes of the new email to one or more patterns associated with the one or more trusted trends criteria.
19 . A system for filtering unsolicited emails, the system comprising:
an aggregating module configured to dynamically aggregate historical email data, the historical email data includes emails received by a user and emails sent by the user; a analyzing module configured to dynamically determine one or more trusted trends criteria associated with the historical email data and be dynamically trained based on the dynamically aggregated historical email data; and a filter configured to determine whether the new email meets the one or more trusted trends criteria and filter the new email based thereon.
20 . A non-transitory computer-readable medium having embodied thereon instructions being executable by at least one processor to perform a method for filtering unsolicited emails, the method comprising:
dynamically aggregating, by one or more processors, historical email data, the historical email data including emails associated with a user or a group of users; dynamically determining, by the one or more processors, one or more trusted trends criteria associated with the historical email data; receiving, by the one or more processors, a new email addressed to the user or the group of users; calculating, by the one or more processors, a score associated with the new email based on the one or more trusted trends criteria; determining, by the one or more processors, that the score is above a predetermined threshold score; and based on the determination, selectively filtering, by the one or more processors, the new email.
21 . A computer-implemented method for filtering emails, the method comprising:
dynamically aggregating, by one or more processors, historical email data, the historical email data including emails associated with a user or a group of users; dynamically determining, by the one or more processors, one or more trusted trends criteria associated with the historical email data, the one or more trusted trends criteria including one or more attributes associated with the historical email data, the one or more attributes including one or more user side attributes, one or more infrastructure attributes, one or more company attributes, one or more email attributes, and one or more trending attributes; receiving, by the one or more processors, a new email addressed to the user or the group of users; calculating, by the one or more processors, a score associated with the new email based on the one or more trusted trends criteria; determining, by the one or more processors, that the score is above a predetermined threshold score; and based on the determination, selectively filtering, by the one or more processors, the new email.
22 . The method of claim 21 , wherein the one or more user side attributes include two or more of the following: a number of emails by size, a number of emails by time of day, a number of recipients per email, a number of emails per mail user agent, a number of emails by language, a number of emails by character set, a number of emails by number of attachments, a number of emails by content type, a number of emails having a header and a number of emails lacking a header, a receive to send ratio by address, a number of emails received by address, a number of emails sent to by address, and a percentage of unsolicited emails received.
23 . The method of claim 22 , wherein the one or more infrastructure attributes include two or more of the following: a number of Internet Protocol (IP) addresses in an Autonomous System Number (ASN), email volume per IP, a number of domains per the ASN, a number of emails by size, a number of sent and received emails per time of day, and a number of recipients per email.
24 . The method of claim 24 , wherein the one or more company attributes include two or more of the following: a number of IP addresses in the ASN, a number of sending Top-Level Domains (TLDs), a number of sent and received emails per time of day, a number of emails received per domain, and a number of emails received per sender.
25 . The method of claim 24 , wherein the one or more email attributes include two or more of the following: a number of headers per email, a number of recipients, a number of emails per language, a number of emails by character set, a number of emails by country, a number of emails by number of attachments, and a number of emails by content type.
26 . The method of claim 25 , wherein the one or more trending attributes include two or more of the following: a number of emails by an IP address, a number of emails to a target by an IP address, and a number of Uniform Resource Locators (URLs) per email.
27 . The method of claim 21 , wherein the calculation of the score associated with the new email includes analyzing, by the one or more processors, content and metadata associated with the new email.
28 . The method of claim 21 , further comprising training, by the one or more processors, one or more machine learning algorithms by dynamically updating the one or more trusted trends criteria associated with the historical email data.
29 . The method of claim 26 , further comprising training, by the one or more processors, one or more machine learning algorithms by dynamically updating the one or more trusted trends criteria associated with the historical email data.
30 . The method of claim 21 , wherein the one or more attributes further comprises URL attributes including a number of emails in which a particular URL appears.Join the waitlist — get patent alerts
Track US2013325991A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.