CN110460582A - A kind of detection method and device of risk email address - Google Patents

A kind of detection method and device of risk email address Download PDF

Info

Publication number
CN110460582A
CN110460582A CN201910631674.4A CN201910631674A CN110460582A CN 110460582 A CN110460582 A CN 110460582A CN 201910631674 A CN201910631674 A CN 201910631674A CN 110460582 A CN110460582 A CN 110460582A
Authority
CN
China
Prior art keywords
email address
prefix
domain name
risk
mailbox
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910631674.4A
Other languages
Chinese (zh)
Inventor
郦柏金
陈万源
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tong Shield Holdings Ltd
Tongdun Holdings Co Ltd
Original Assignee
Tong Shield Holdings Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tong Shield Holdings Ltd filed Critical Tong Shield Holdings Ltd
Priority to CN201910631674.4A priority Critical patent/CN110460582A/en
Publication of CN110460582A publication Critical patent/CN110460582A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/107Computer-aided management of electronic mailing [e-mailing]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/42Mailbox-related aspects, e.g. synchronisation of mailboxes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/48Message addressing, e.g. address format or anonymous messages, aliases
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Human Resources & Organizations (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Strategic Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Operations Research (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Tourism & Hospitality (AREA)
  • Marketing (AREA)
  • General Business, Economics & Management (AREA)
  • Economics (AREA)
  • Computing Systems (AREA)
  • Quality & Reliability (AREA)
  • Artificial Intelligence (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Evolutionary Computation (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The embodiment of the invention provides the detection methods and device of a kind of risk email address, the detection method and device are applied to the registrar of internet platform, whether the domain name for specially judging the email address received is disposable mailbox domain name, and email address is if it is labeled as risk email address;Whether it is that randomness prefix judges to the prefix of email address using deep learning model trained in advance if domain name is not disposable mailbox domain name, email address is if it is labeled as risk email address;Whether it is that false email address judges to email address if prefix is not randomness prefix, email address is if it is labeled as risk email address.I.e. for effective detection means is provided to the analysis of the substantive content of risk email address in the application, can take appropriate measures on the basis of effective detection, to avoid the improper registration of criminal.

Description

A kind of detection method and device of risk email address
Technical field
The present invention relates to Internet technical fields, more particularly to the detection method and device of a kind of risk email address.
Background technique
Currently, as the rise of the platforms such as electric business, social activity and internet finance is especially in electric business transaction platform The platform for newly promoting oneself is drawn, many preferential activities can be released, such as send discount coupon red packet.And there are some just to keep a close watch on this A little chances, by improper means by way of registering user's trumpet, to obtain these discount coupon red packets.Wherein, mailbox Location is an important dimension of such platform in registration, transaction.
Corresponding grey industry has been formed at present, platform registration has been carried out for these users and all kinds of email addresses is provided.Cause This, the platforms such as electric business, social activity and internet finance identify these risk postals it is necessary to carry out identification filtering to email address Case address, to avoid the improper registration of criminal.
Summary of the invention
In view of this, the present invention provides the detection methods and device of a kind of risk email address, to avoid criminal Improper registration is carried out by risk email address.
To solve the above-mentioned problems, the invention discloses a kind of detection methods of risk email address, are applied to internet The registrar of platform, the detection method comprising steps of
Whether the domain name for judging the email address received is disposable mailbox domain name, if it is by the email address Labeled as risk email address;
If domain name is not disposable mailbox domain name, using deep learning model trained in advance to the mailbox Whether the prefix of address is that randomness prefix is judged, the email address is if it is labeled as risk email address;
It whether is false mailbox to the email address by smtp agreement if the prefix is not randomness prefix Address judged, the email address is if it is labeled as risk email address, if not then by the mailbox Location is labeled as authentic and valid email address.
Optionally, whether the domain name for judging the email address received is disposable mailbox domain name, comprising steps of
It is prefix and domain name that the email address, which is pressed@Character segmentation,;
Compared using the disposable name single pair domain name safeguarded in advance, with this judge domain name whether be Disposable mailbox domain name.
Optionally, described to utilize whether deep learning model trained in advance is randomness to the prefix of the email address Prefix judged, comprising steps of
It is the prefix and domain name that the email address, which is pressed@Character segmentation,;
The prefix is inputted the deep learning model to handle, is obtained before whether the prefix be the randomness Sew.
Optionally, the prefix is inputted before the deep learning model progress processing step described, further includes step It is rapid:
The prefix is converted to the id sequence of regular length according to the dictionary safeguarded in advance;
It is described to handle the prefix input deep learning model, comprising:
The id sequence inputting is handled to the deep learning model.
Optionally, described whether to be that false email address judges to the email address by smtp agreement, including Step:
HEOL packet is sent to mail server pointed by the email address by smtp agreement, and receives first state Code;
If the first state code is not default value, determine the email address for false email address;
If the first state code is the default value, further pass through smtp agreement to the mail server RCPT packet is sent, and receives the second status code;
If second status code is the default value, determine the email address for false mailbox Location, if second status code is the default value, determining the email address not is false email address.
A kind of detection device of risk email address, applied to the registrar of internet platform, the detection device Include:
First judgment module, whether the domain name for being configured as the email address that judgement receives is disposable mailbox domain name, If it is the email address is labeled as risk email address;
Second judgment module utilizes training in advance if being configured as domain name not is disposable mailbox domain name Whether deep learning model is that randomness prefix judges to the prefix of the email address, if it is by the mailbox Location is labeled as risk email address;
Third judgment module, if being configured as the prefix not is randomness prefix, by smtp agreement to described Whether email address is that false email address is judged, the email address is if it is labeled as risk email address, If not the email address is then labeled as authentic and valid email address.
Optionally, the first judgment module includes:
First cutting unit is configured as the email address being prefix and domain name by@Character segmentation;
First judging unit is configured as comparing using the disposable name single pair domain name safeguarded in advance, Judge whether domain name is disposable mailbox domain name with this.
Optionally, second judgment module includes:
Second cutting unit is configured as the email address being the prefix and domain name by@Character segmentation;
Second judgment unit is configured as handling on the prefix input deep learning model, obtain described Whether prefix is the randomness prefix.
Optionally, second judgment module further includes prefix process unit, in which:
The prefix process unit be also used to second judgment unit by the prefix input the deep learning model it Before, be also used to the prefix is converted to according to the dictionary safeguarded the id sequence of regular length in advance;
The second judgment unit is then used to handle the id sequence inputting to the deep learning model.
Optionally, the third judgment module includes:
First transmission unit is configured as sending by smtp agreement to mail server pointed by the email address HEOL packet, and receive first state code;
First judging unit, if being configured as the first state code is not default value, with determining the mailbox Location is false email address;
Second transmission unit further passes through if being configured as the first state code is the default value Smtp agreement sends RCPT packet to the mail server, and receives the second status code;
Second judging unit, if being configured as second status code is the default value, determine described in Email address determines the email address not if second status code is the default value for false email address For false email address.
It can be seen from the above technical proposal that this application provides the detection method and device of a kind of risk email address, The detection method and device are applied to the registrar of internet platform, specially judge the domain name of the email address received Whether it is disposable mailbox domain name, email address is if it is labeled as risk email address;If domain name is not disposable Whether mailbox domain name is then that randomness prefix is sentenced to the prefix of email address using deep learning model trained in advance It is disconnected, email address is if it is labeled as risk email address;If prefix is not randomness prefix, pass through smtp agreement Whether it is that false email address judges to email address, email address is if it is labeled as risk email address, such as Fruit is not that email address is labeled as authentic and valid email address.It is directed in the application in the essence of risk email address The analysis of appearance provides effective detection means, can take appropriate measures on the basis of effective detection, to avoid illegal The improper registration of molecule.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is a kind of flow chart of the detection method of risk email address of the embodiment of the present application;
Fig. 2 is the model structure block diagram of the deep learning model of the embodiment of the present application;
Fig. 3 is a kind of block diagram of the detection device of risk email address of the embodiment of the present application.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
Present inventor has found that risk email address is generally showed by carrying out analysis to the email address of black production Following several types:
1, email address domain name is disposable mailbox domain name, and prefix shows normal users name type, such as The characteristics of " aivuv14745 bccto.me ", this kind of mailbox shows be mailbox validity period it is very short, but really necessary being , it can freely be obtained by this kind of mailbox server.
2, due to needing Mass production registration mailbox, mailbox prefix domain name generally can be all generated at random by machine, then By calling the automation of Netease's registration interface to generate registration mailbox, such as " xg8kkwkl9h@163.com ", " pzaiofdwhrtpj@ 163.com " etc..The characteristics of this kind of mailbox shows is that email address prefix is that randomness is very strong, and registration mailbox prefix can all lack Weary semantic information does not meet the characteristics of people registers.
3, due to being not that each platform can need to make mailbox one authenticity veritification, some email addresses are not Existing, this email address a part is that domain name fails to provide mail server function, and a part is and unregistered postal Case address.
According to above-mentioned analysis, the application spy proposes following specific embodiment, to solve the test problems of risk email address:
Embodiment one
Fig. 1 is a kind of flow chart of the detection method of risk email address of the embodiment of the present application.
Shown in referring to Fig.1, detection method provided in this embodiment is applied to the platforms such as electric business, social activity and internet finance Registrar, specifically comprise the following steps:
Whether S1, the domain name for detecting email address are disposable mailbox domain name.
After the email address for registration that system receives that user uploads when registering, the email address is detected Domain name whether be disposable domain name, if it is disposable domain name then directly by the email address be labeled as risk email address, To cancel the registration operating right of relative users in subsequent registration operation.If the domain name of the email address is not primary Property domain name, then execute subsequent step.
Here in order to realize that the domain name to the email address detects, the specific step that executes includes following content:
Firstly, the email address received is divided into prefix and domain name two parts according to character@.The present embodiment is using in advance A 20000 or so blacklist domain name datas are first maintained, the data type of each of them is all by@+domain name Form storage, it is contemplated that retrieval performance can construct the binary tree storage of this part of data later.
Then, by maximizing@+domain name data of detection user, to judge whether this email address is disposable mailbox. Why may require that plus@and retrieve herein, is since the domain name of many disposable mailboxes may be normal operation in normal domain in the presence of part The form of name, such as " tmail.com ", if directly retrieving domain name, will lead to " hotmail.com " also can be identified as disposably Mailbox domain name.If being matched to disposable mailbox domain name, the email address is directly labeled as risk email address.
Whether S2, detection email address include randomness prefix.
For not being the email address of disposable mailbox domain name, then deep learning model pair trained in advance is further utilized Whether its prefix is that randomness prefix is judged, if its prefix is randomness prefix, which is labeled as Risk email address.
Firstly, email address is divided into two parts of prefix and domain name by character@, or clear-cut just in previous step Segmentation result.Then, prefix therein is input to deep learning model trained in advance to identify, if the knot of identification The prefix of the email address is identified as randomness prefix 0.5 or more, then by fruit value, and the email address is determined as risk postal Case address.If its prefix is not identified as randomness prefix, next operation is executed.
In addition, prefix is converted into an id sequence using a dictionary safeguarded before before identifying to prefix Column, then identify the id sequence inputting into the deep learning model.When the prefix is converted to id sequence to sequence Arrange it is insufficient do a Sequence Filling, supplying sequence length is 75, is input to preparatory trained model later, obtains model Identification as a result, its model structure is as shown in Figure 2.
Whether S3, detection email address are false email address.
I.e. by the judgement of front, if the prefix of the email address and nonrandomness prefix, further to the mailbox Whether address is that false email address is judged, if it is false mailbox, then risk email address is marked as, if not It is to be marked as authentic and valid email address, i.e., allows to be registered according to the email address in subsequent registration, from And it avoids criminal and carries out improper registration using risk email address.
Here the judgement of false email address is executed as follows:
Firstly, sending HELO packet to mail server pointed by the email address by smtp agreement, and receive the postal Part server is directed to the first state code of HEOL packet feedback.
If the first state code is not a default value, such as 250, determine the email address for false mailbox Location.
If the first state code is the default value, such as 250, then is sent by smtp agreement to mailbox server RCPT packet, and receive the second status code that the mailbox server is directed to RCPT packet feedback.
If second status code is not the default value, such as 250, determine the email address for false email address; If second status code is the default value, such as 250, determine that the email address is authentic and valid email address.
It can be seen from the above technical proposal that this application provides a kind of detection method of risk email address, the detection Method is applied to the registrar of internet platform, specially judges whether the domain name of the email address received is disposable Email address is if it is labeled as risk email address by mailbox domain name;If domain name is not disposable mailbox domain name, benefit It whether is that randomness prefix judges to the prefix of email address with deep learning model trained in advance, if it is by postal Case address mark is risk email address;If prefix is not randomness prefix, by smtp agreement to email address whether Judged for false email address, email address is if it is labeled as risk email address, if not then by mailbox Address is labeled as authentic and valid email address.It is directed in the application and the analysis of the substantive content of risk email address is provided Effective detection means can take appropriate measures on the basis of effective detection, to avoid the improper note of criminal Volume.
Embodiment two
Fig. 3 is a kind of block diagram of the detection device of risk email address of the embodiment of the present application.
Referring to shown in Fig. 3, detection device provided in this embodiment is applied to the platforms such as electric business, social activity and internet finance Registrar, specifically include first judgment module 10, the second judgment module 20 and third judgment module 30.
First judgment module is for detecting whether the domain name of email address is disposable mailbox domain name.
After the email address for registration that system receives that user uploads when registering, the email address is detected Domain name whether be disposable domain name, if it is disposable domain name then directly by the email address be labeled as risk email address, To cancel the registration operating right of relative users in subsequent registration operation.If the domain name of the email address is not primary Property domain name, then execute subsequent step.
Here in order to realize that the domain name to the email address detects, which specifically includes the first cutting unit and One judging unit.
The email address that first cutting unit is used to receive is divided into prefix and domain name two parts according to character@.This Embodiment utilizes maintains a 20000 or so blacklist domain name datas in advance, and the data type of each of them is all It is stored by way of+domain name, it is contemplated that retrieval performance can construct the binary tree storage of this part of data later.
First judging unit be used for by maximize detection user@+domain name data, come judge this email address whether be Disposable mailbox.Why may require that plus@and retrieve herein, is since the domain name of many disposable mailboxes may have portion It point is the form of normal domain name, such as " tmail.com ", if directly retrieving domain name, will lead to " hotmail.com " can also be known It Wei not disposable mailbox domain name.If being matched to disposable mailbox domain name, the email address is directly labeled as risk mailbox Address.
Second judgment module is for detecting whether email address includes randomness prefix.
For not being the email address of disposable mailbox domain name, then deep learning model pair trained in advance is further utilized Whether its prefix is that randomness prefix is judged, if its prefix is randomness prefix, which is labeled as Risk email address.The module specifically includes the second cutting unit and second judgment unit.
Second cutting unit is used to email address being divided into two parts of prefix and domain name by character@, or simply With the segmentation result in previous step.Second judgment unit is used to for prefix therein to be input to deep learning mould trained in advance Type is identified, if the prefix of the email address is identified as randomness prefix 0.5 or more by the end value of identification, and The email address is determined as risk email address.If its prefix is not identified as randomness prefix, next behaviour is executed Make.
In addition, the present embodiment further includes prefix process unit, the unit is for knowing prefix in second judgment unit Before not, prefix is converted into an id sequence using a dictionary safeguarded before, then second judgment unit is by the id sequence Column, which are input in the deep learning model, to be identified.It is insufficient to sequence when the prefix is converted to id sequence to do a sequence Column filling, supplying sequence length is 75, is input to preparatory trained model later, obtain model identification as a result, its mould Type structure is as shown in Figure 2.
Third judgment module is for detecting whether email address is false email address.
I.e. by the judgement of front, if the prefix of the email address and nonrandomness prefix, further to the mailbox Whether address is that false email address is judged, if it is false mailbox, then risk email address is marked as, if not It is to be marked as authentic and valid email address, i.e., allows to be registered according to the email address in subsequent registration, from And it avoids criminal and carries out improper registration using risk email address.
The module specifically includes the first transmission unit, the first judging unit, the second transmission unit and the second judging unit.
First transmission unit is used to send HELO packet to mail server pointed by the email address by smtp agreement, And receive the first state code that the mail server is directed to HEOL packet feedback.
If the first judging unit is not a default value, such as 250 for the first state code, with determining the mailbox Location is false email address.
If the second transmission unit first state code is the default value, such as 250, then passes through smtp agreement to mailbox Server sends RCPT packet, and receives the second status code that the mailbox server is directed to RCPT packet feedback.
If the second judging unit is not the default value, such as 250 for second status code, the email address is determined For false email address;If second status code is the default value, such as 250, determine that the email address is authentic and valid Email address.
It can be seen from the above technical proposal that this application provides a kind of detection device of risk email address, the detection Device is applied to the registrar of internet platform, specially judges whether the domain name of the email address received is disposable Email address is if it is labeled as risk email address by mailbox domain name;If domain name is not disposable mailbox domain name, benefit It whether is that randomness prefix judges to the prefix of email address with deep learning model trained in advance, if it is by postal Case address mark is risk email address;If prefix is not randomness prefix, by smtp agreement to email address whether Judged for false email address, email address is if it is labeled as risk email address, if not then by mailbox Address is labeled as authentic and valid email address.It is directed in the application and the analysis of the substantive content of risk email address is provided Effective detection means can take appropriate measures on the basis of effective detection, to avoid the improper note of criminal Volume.
All the embodiments in this specification are described in a progressive manner, the highlights of each of the examples are with The difference of other embodiments, the same or similar parts between the embodiments can be referred to each other.
It should be understood by those skilled in the art that, the embodiment of the embodiment of the present invention can provide as method, apparatus or calculate Machine program product.Therefore, the embodiment of the present invention can be used complete hardware embodiment, complete software embodiment or combine software and The form of the embodiment of hardware aspect.Moreover, the embodiment of the present invention can be used one or more wherein include computer can With in the computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) of program code The form of the computer program product of implementation.
The embodiment of the present invention be referring to according to the method for the embodiment of the present invention, terminal device (system) and computer program The flowchart and/or the block diagram of product describes.It should be understood that flowchart and/or the block diagram can be realized by computer program instructions In each flow and/or block and flowchart and/or the block diagram in process and/or box combination.It can provide these Computer program instructions are set to general purpose computer, special purpose computer, Embedded Processor or other programmable data processing terminals Standby processor is to generate a machine, so that being held by the processor of computer or other programmable data processing terminal devices Capable instruction generates for realizing in one or more flows of the flowchart and/or one or more blocks of the block diagram The device of specified function.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing terminal devices In computer-readable memory operate in a specific manner, so that instruction stored in the computer readable memory generates packet The manufacture of command device is included, which realizes in one side of one or more flows of the flowchart and/or block diagram The function of being specified in frame or multiple boxes.
These computer program instructions can also be loaded into computer or other programmable data processing terminal devices, so that Series of operation steps are executed on computer or other programmable terminal equipments to generate computer implemented processing, thus The instruction executed on computer or other programmable terminal equipments is provided for realizing in one or more flows of the flowchart And/or in one or more blocks of the block diagram specify function the step of.
Although the preferred embodiment of the embodiment of the present invention has been described, once a person skilled in the art knows bases This creative concept, then additional changes and modifications can be made to these embodiments.So the following claims are intended to be interpreted as Including preferred embodiment and fall into all change and modification of range of embodiment of the invention.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning Covering non-exclusive inclusion, so that process, method, article or terminal device including a series of elements not only wrap Those elements are included, but also including other elements that are not explicitly listed, or further includes for this process, method, article Or the element that terminal device is intrinsic.In the absence of more restrictions, being wanted by what sentence "including a ..." limited Element, it is not excluded that there is also other identical elements in process, method, article or the terminal device for including the element.
Technical solution provided by the present invention is described in detail above, specific case used herein is to this hair Bright principle and embodiment is expounded, method of the invention that the above embodiments are only used to help understand and its Core concept;At the same time, for those skilled in the art, according to the thought of the present invention, in specific embodiment and application There will be changes in range, in conclusion the contents of this specification are not to be construed as limiting the invention.

Claims (10)

1. a kind of detection method of risk email address, the registrar applied to internet platform, which is characterized in that described Detection method comprising steps of
Whether the domain name for judging the email address received is disposable mailbox domain name, if it is marks the email address For risk email address;
If domain name is not disposable mailbox domain name, using deep learning model trained in advance to the email address Prefix whether be that randomness prefix is judged, if it is by the email address be labeled as risk email address;
It whether is false email address to the email address by smtp agreement if the prefix is not randomness prefix Judged, the email address is if it is labeled as risk email address, if not then by the email address mark Note is authentic and valid email address.
2. detection method as described in claim 1, which is characterized in that whether the domain name of the email address for judging to receive For disposable mailbox domain name, comprising steps of
It is prefix and domain name that the email address, which is pressed@Character segmentation,;
It is compared using the disposable name single pair domain name safeguarded in advance, judges whether domain name is primary with this Property mailbox domain name.
3. detection method as described in claim 1, which is characterized in that described to utilize deep learning model trained in advance to institute Whether the prefix for stating email address is that randomness prefix is judged, comprising steps of
It is the prefix and domain name that the email address, which is pressed@Character segmentation,;
The prefix is inputted the deep learning model to handle, obtains whether the prefix is the randomness prefix.
4. detection method as claimed in claim 3, which is characterized in that the prefix is inputted the deep learning mould described Before type carries out processing step, further comprise the steps of:
The prefix is converted to the id sequence of regular length according to the dictionary safeguarded in advance;
It is described to handle the prefix input deep learning model, comprising:
The id sequence inputting is handled to the deep learning model.
5. detection method as described in claim 1, which is characterized in that it is described by smtp agreement to the email address whether Judged for false email address, comprising steps of
HEOL packet is sent to mail server pointed by the email address by smtp agreement, and receives first state code;
If the first state code is not default value, determine the email address for false email address;
If the first state code is the default value, further sent by smtp agreement to the mail server RCPT packet, and receive the second status code;
If second status code is the default value, determine the email address for false email address, such as Second status code described in fruit is the default value, then determining the email address not is false email address.
6. a kind of detection device of risk email address, the registrar applied to internet platform, which is characterized in that described Detection device includes:
First judgment module, whether the domain name for being configured as the email address that judgement receives is disposable mailbox domain name, if It is then by the email address labeled as risk email address;
Second judgment module utilizes depth trained in advance if being configured as domain name not is disposable mailbox domain name Whether learning model is that randomness prefix judges to the prefix of the email address, if it is by the email address mark It is denoted as risk email address;
Third judgment module, if being configured as the prefix not is randomness prefix, by smtp agreement to the mailbox Whether address is that false email address is judged, the email address is if it is labeled as risk email address, if It is not that the email address is labeled as authentic and valid email address.
7. detection device as claimed in claim 6, which is characterized in that the first judgment module includes:
First cutting unit is configured as the email address being prefix and domain name by@Character segmentation;
First judging unit is configured as comparing using the disposable name single pair domain name safeguarded in advance, with this Judge whether domain name is disposable mailbox domain name.
8. detection device as claimed in claim 6, which is characterized in that second judgment module includes:
Second cutting unit is configured as the email address being the prefix and domain name by@Character segmentation;
Second judgment unit is configured as handling on the prefix input deep learning model, obtains the prefix It whether is the randomness prefix.
9. detection device as claimed in claim 8, which is characterized in that second judgment module further includes prefix process list Member, in which:
The prefix process unit is also used to before the prefix is inputted the deep learning model by second judgment unit, also For the prefix to be converted to the id sequence of regular length according to the dictionary safeguarded in advance;
The second judgment unit is then used to handle the id sequence inputting to the deep learning model.
10. detection device as claimed in claim 6, which is characterized in that the third judgment module includes:
First transmission unit is configured as sending HEOL to mail server pointed by the email address by smtp agreement Packet, and receive first state code;
First judging unit determines that the email address is if being configured as the first state code is not default value False email address;
Second transmission unit is further assisted by smtp if being configured as the first state code is the default value It discusses to the mail server and sends RCPT packet, and receive the second status code;
Second judging unit determines the mailbox if being configured as second status code is the default value Address is false email address, if second status code is the default value, it is empty for determining the email address not False email address.
CN201910631674.4A 2019-07-12 2019-07-12 A kind of detection method and device of risk email address Pending CN110460582A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910631674.4A CN110460582A (en) 2019-07-12 2019-07-12 A kind of detection method and device of risk email address

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910631674.4A CN110460582A (en) 2019-07-12 2019-07-12 A kind of detection method and device of risk email address

Publications (1)

Publication Number Publication Date
CN110460582A true CN110460582A (en) 2019-11-15

Family

ID=68481179

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910631674.4A Pending CN110460582A (en) 2019-07-12 2019-07-12 A kind of detection method and device of risk email address

Country Status (1)

Country Link
CN (1) CN110460582A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111162996A (en) * 2019-12-27 2020-05-15 广东睿江云计算股份有限公司 Mail registration optimization method and system
CN114389854A (en) * 2021-12-22 2022-04-22 杭州美创科技有限公司 Malicious e-mail detection method and system
CN115099832A (en) * 2022-06-29 2022-09-23 广州华多网络科技有限公司 Abnormal user detection method and device, equipment, medium and product thereof

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100138340A1 (en) * 2002-09-19 2010-06-03 John Earl Shirey System and apparatus for transaction fraud processing
CN105450474A (en) * 2015-12-07 2016-03-30 小米科技有限责任公司 Method and device for detecting e-mail server address
CN105516192A (en) * 2016-01-14 2016-04-20 杭州同盾科技有限公司 Mail address security identification control method and mail address security identification control system
CN108683749A (en) * 2018-05-18 2018-10-19 携程旅游信息技术(上海)有限公司 A kind of judgment method, equipment and the medium of random email address

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100138340A1 (en) * 2002-09-19 2010-06-03 John Earl Shirey System and apparatus for transaction fraud processing
CN105450474A (en) * 2015-12-07 2016-03-30 小米科技有限责任公司 Method and device for detecting e-mail server address
CN105516192A (en) * 2016-01-14 2016-04-20 杭州同盾科技有限公司 Mail address security identification control method and mail address security identification control system
CN108683749A (en) * 2018-05-18 2018-10-19 携程旅游信息技术(上海)有限公司 A kind of judgment method, equipment and the medium of random email address

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111162996A (en) * 2019-12-27 2020-05-15 广东睿江云计算股份有限公司 Mail registration optimization method and system
CN111162996B (en) * 2019-12-27 2020-12-15 广东睿江云计算股份有限公司 Mail registration optimization method and system
CN114389854A (en) * 2021-12-22 2022-04-22 杭州美创科技有限公司 Malicious e-mail detection method and system
CN115099832A (en) * 2022-06-29 2022-09-23 广州华多网络科技有限公司 Abnormal user detection method and device, equipment, medium and product thereof

Similar Documents

Publication Publication Date Title
CN110460582A (en) A kind of detection method and device of risk email address
CN107872772B (en) Method and device for detecting fraud short messages
US8984289B2 (en) Classifying a message based on fraud indicators
CN108259415B (en) Mail detection method and device
CN103929411B (en) Information displaying method, terminal, safety server and system
Lam et al. Involuntary information leakage in social network services
CN103227786B (en) A kind of website login information filling method and device
WO2019076017A1 (en) Feedback information processing method and apparatus, terminal device and medium
JP2000339236A (en) Mischievous mail preventing device, method therefor and recording medium
JP2014532934A (en) Email tag
CN107688733B (en) Service interface calling method, device, user terminal and readable storage medium
EP3198521B1 (en) Method and apparatus of processing a doi (digital object unique identifier) in interaction information
CN105516192B (en) A kind of mail address is safe to identify control method and device
CN107920094A (en) Data capture method, device, server and the network equipment
CN109039874A (en) A kind of the mail auditing method and device of Behavior-based control analysis
CN110096635A (en) A kind of the inquiry visual display method and device of traditional Chinese and western medicine medicine information
CN103685254B (en) The safety detection method and server of public account information
US11010687B2 (en) Detecting abusive language using character N-gram features
CN108683583A (en) A kind of Junk mail processing method, device and storage medium
CN105490913B (en) Instant message processing method and device
CN109885780A (en) Data processing method and device
CN112039874B (en) Malicious mail identification method and device
CN115603926A (en) Phishing mail identification method, system, device and storage medium
CN102760130B (en) The method and apparatus of process information
CN107508834A (en) A kind of Information Authentication method and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20191115

RJ01 Rejection of invention patent application after publication