US2019312729A1PendingUtilityA1

E-mail message authentication extending standards complaint techniques

57
Assignee: ICONIX INCPriority: May 9, 2008Filed: Mar 11, 2019Published: Oct 10, 2019
Est. expiryMay 9, 2028(~1.8 yrs left)· nominal 20-yr term from priority
H04W 12/06H04L 51/04H04L 63/08H04L 9/3271H04L 9/32G06Q 10/107
57
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A system and method for e-mail authentication. The method includes aggregating a plurality of headers associated with an e-mail message and transmitting the aggregated plurality of headers to a validation service. A validation response is then received from the validation service. The e-mail is authenticated based on the validation response.

Claims

exact text as granted — not AI-modified
1 . (canceled) 
     
     
         2 . A computer-implemented method of processing an e-mail, comprising:
 receiving the e-mail from a sender;   processing one or more headers of the e-mail to extract information representing the sender;   transmitting the extracted information to a validation service, wherein the validation service is to filter the extracted information for one or more spoofed domains and is to return a validation response that identifies a registered sender based on the extracted information, the registered sender representing a legitimate, known entity;   retrieving a published domain record of the registered sender;   authenticating the e-mail dependent on whether the extracted information corresponds to the retrieved, published domain record; and   transmitting a message reporting failed authentication to the validation service dependent on whether the extracted information does not correspond to the retrieved, published domain record;   wherein the message is to identify the registered sender, the extracted information, and a reason for failed authentication.   
     
     
         3 . The computer-implemented method of  claim 2 , wherein:
 transmitting the message comprises reporting via the message a condition where the e-mail originates with a spoofed domain; and   the message identifies the spoofed domain.   
     
     
         4 . The computer-implemented method of  claim 2 , wherein:
 the published record comprises a sender policy framework (SPF) record;   authenticating comprises identifying whether the e-mail was sent from a machine specified by the SPF record; and   transmitting the message comprises reporting a condition where the e-mail originates with a domain of the registered sender the email but was not sent from the machine specified by the SPF record.   
     
     
         5 . The computer-implemented method of  claim 4 , wherein:
 the extracted information represents a FROM: header of the e-mail; and   determining comprises ascertaining whether the FROM: header corresponds to the machine.   
     
     
         6 . The computer-implemented method of  claim 5 , wherein:
 the extracted information represents an identified value comprising at least one of a purported responsible authority (PRA) value, a domain keys (DK) value, a domain keys identified mail (DKIM) value and a mail from (MFROM) value;   ascertaining comprises determining that the FROM: header does not correspond to the machine, but determining from the extracted information that the e-mail was sent by an entity corresponding to identified value.   
     
     
         7 . The computer-implemented method of  claim 6 , wherein:
 the extracted information comprises each of the PRA value, the DK value, the DKIM value and the MFROM value; and   transmitting the message is performed in response to a determination that the email was not sent by an entity corresponding to any of the PRA value, the DK value, the DKIM value or the MFROM value.   
     
     
         8 . The computer-implemented method of  claim 7 , wherein the message further identifies each of the PRA value, the DK value and the DKIM value. 
     
     
         9 . The computer-implemented method of  claim 2 , wherein authenticating the e-mail comprises causing an e-mail client of an e-mail recipient to display a confidence icon to the e-mail recipient, the confidence icon to indicate whether the e-mail was successfully authenticated. 
     
     
         10 . The computer-implemented method of  claim 2 , wherein authenticating the e-mail comprises causing an e-mail client of an e-mail recipient to display a confidence icon as part of a FROM: field, the confidence icon to indicate that the e-mail was successfully authenticated. 
     
     
         11 . An apparatus comprising instructions stored on non-transitory computer-readable media, the instructions when executed to cause at least one computing device to:
 receive the e-mail from a sender;   process one or more headers of the e-mail to extract information representing the sender;   transmit the extracted information to a validation service, wherein the validation service is to filter the extracted information for one or more spoofed domains and is to return a validation response that identifies a registered sender based on the extracted information, the registered sender representing a legitimate, known entity;   retrieve a published domain record of the registered sender;   authenticate the e-mail dependent on whether the extracted information corresponds to the retrieved, published domain record; and   transmit a message reporting failed authentication to the validation service dependent on whether the extracted information does not correspond to the retrieved, published domain record;   wherein the message is to identify the registered sender, the extracted information, and a reason for failed authentication.   
     
     
         12 . The apparatus of  claim 11 , wherein:
 the instructions, when executed, are to further cause the at least one computing device to report via the message a condition where the e-mail originates with a spoofed domain; and   the message identifies the spoofed domain.   
     
     
         13 . The apparatus of  claim 11 , wherein:
 the published record comprises a sender policy framework (SPF) record;   the instructions, when executed, are to further cause the at least one computing device to identify whether the e-mail was sent from a machine specified by the SPF record, and to report a condition where the e-mail originates with a domain of the registered sender the email but was not sent from the machine specified by the SPF record.   
     
     
         14 . The apparatus of  claim 13 , wherein:
 the extracted information represents a FROM: header of the e-mail; and   the instructions, when executed, are to further cause the at least one computing device to ascertain whether the FROM: header corresponds to the machine.   
     
     
         15 . The apparatus of  claim 14 , wherein:
 the extracted information represents an identified value comprising at least one of a purported responsible authority (PRA) value, a domain keys (DK) value, a domain keys identified mail (DKIM) value and a mail from (MFROM) value;   the instructions, when executed, are to further cause the at least one computing device to determine that the FROM: header does not correspond to the machine, but to determine from the extracted information that the e-mail was sent by an entity corresponding to identified value.   
     
     
         16 . The apparatus of  claim 15 , wherein:
 the extracted information comprises each of the PRA value, the DK value, the DKIM value and the MFROM value; and   transmission of the message is performed in response to a determination that the email was not sent by an entity corresponding to any of the PRA value, the DK value, the DKIM value or the MFROM value.   
     
     
         17 . The apparatus of  claim 16 , wherein the message further identifies each of the PRA value, the DK value and the DKIM value. 
     
     
         18 . The apparatus of  claim 11 , wherein the instructions, when executed, are to further cause at least one computing device to cause an e-mail client of an e-mail recipient to display a confidence icon to the e-mail recipient, the confidence icon to indicate whether the e-mail was successfully authenticated. 
     
     
         19 . The apparatus of  claim 11 , wherein the instructions, when executed, are to further cause an e-mail client of an e-mail recipient to display a confidence icon as part of a FROM: field, the confidence icon to indicate that the e-mail was successfully authenticated. 
     
     
         20 . A computer-implemented method of processing an e-mail, comprising:
 receiving the e-mail from a sender;   processing one or more headers of the e-mail to extract information representing the sender;   transmitting the extracted information to a validation service, wherein the validation service is to filter the extracted information for one or more spoofed domains and is to return a validation response that identifies a registered sender based on the extracted information, the registered sender representing a legitimate, known entity;   retrieving a published domain record of the registered sender;   authenticating the e-mail dependent on whether the extracted information corresponds to the retrieved, published domain record; and   transmitting a message reporting failed authentication to the validation service dependent on whether the extracted information does not correspond to the retrieved, published domain record;   wherein
 the published record comprises a sender policy framework (SPF) record, 
 authenticating comprises identifying whether the e-mail was sent from a machine specified by the SPF record, and whether the e-mail was sent from an entity represented by at least one of purported responsible authority (PRA) value, a domain keys (DK) value, a domain keys identified mail (DKIM) value and a mail from (MFROM) value, and 
 the message is to identify the registered sender, the extracted information, and a reason for failed authentication. 
   
     
     
         21 . The computer-implemented method of  claim 20 , wherein:
 transmitting the message comprises reporting via the message a condition where the e-mail originates with a spoofed domain; and   the message identifies the spoofed domain.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.