KR100784194B1 - System for blocking spam mail and method of the same - Google Patents

Abstract

The present invention relates to a spam mail blocking system and method for blocking the reception of spam mails sent randomly in bulk for advertisement, etc. transmitted through the Internet or wired or wireless communication network.

The spam mail blocking system and method according to the present invention not only authenticates the sender of the e-mail through a response to the authenticated mail, but also blocks the spam mail through a multi-blocking engine, thereby effectively preventing unnecessary transmission of the authenticated mail. It can be effectively reduced, and if spammers use a third party's e-mail address to send a large amount of e-mail, there will be a noticeable effect of preventing unexpected damage due to the large amount of authentication mail sent to the third party. have.

Spam mail; certification; SMTP; Authentication mail; Sender self-authentication; Pending list; Two-stage transmission; Multiple block

Description

SYSTEM FOR BLOCKING SPAM MAIL AND METHOD OF THE SAME}

1 is a block diagram of a spam mail blocking system according to the present invention.

2 is a flowchart of a spam mail blocking process according to the present invention;

3 is a flowchart illustrating a process of dividing an authentication mail into two steps.

4 is a block diagram showing an internal engine configuration of an anti-spam system for multiple blocking.

5 is a flowchart illustrating a process of multiple blocking of e-mails.

*** Explanation of symbols on the main parts of the drawing ***

10: mail transmission and reception unit 20: temporary storage unit

30: list of authenticators 40: authentication processing unit

100: spam blocking system 200, 300: mail server

400: internet or wired or wireless network

The present invention relates to a spam mail blocking system and method, and more specifically, spam mail for blocking the reception of spam mails, which are randomly sent in bulk for advertisement, etc. transmitted through the Internet or wired or wireless communication network. A blocking system and method are disclosed.

E-mail occupies an important position as a communication means for transmitting messages through the Internet or a wired or wireless communication network, and its use is also rapidly increasing. As the convenience and utilization of e-mail increases and diversifies, the proportion of e-mail as a means of exchanging messages not only for work but also for personal use is gradually increasing, and the time required for the transmission and confirmation of received e-mail. It is also increasing.

On the other hand, as the use of e-mail is becoming more common and its weight is increasing, spam mail using e-mail is rapidly increasing as a medium of advertising / marketing for an unspecified majority. This is a misuse of the fact that e-mail can be received regardless of the recipient's intention, regardless of whether the contents of the e-mail have been checked, and the recipient has to spend a lot of time for checking or deleting unwanted e-mail (spam). This will occur.

In particular, these spam mails are intended to be sent to a larger number of recipients, and thus a lot of e-mail addresses are being bought and sold. Recently, a program that extracts an e-mail address or automatically generates spam mail has been distributed, so that anyone can easily send spam to an unspecified number. As a result, the average number of recipients is soaring enough to receive more than a dozen spam mails per day. In addition, the spam mail is being used as a means for distributing malicious codes such as viruses and spyware, in addition to containing information that the recipient does not want, and the severity of the damage is increasing day by day.

Therefore, the recipient of the e-mail not only has to spend a lot of time and effort to handle unnecessary spam, but also has a problem such as exposure to malicious code or unnecessary waste of network and system resources.

The conventional techniques for blocking such spam mails typically include searching and filtering whether a specific word or the like is included in the subject or content of an email based on a common characteristic of spam mails, and particularly spam reported. A blacklist of domains or e-mail addresses was created to block e-mail sent from these domains or e-mail addresses.

In the first method of searching and filtering a specific word, it is difficult to effectively block e-mail spam that is evolving because it is based on information inferred from past spam mails. In case of mail, proper filtering was difficult. In addition, there is a problem that by filtering the e-mail containing a specific word, even the normal e-mail containing these words.

Next, the second method using the black list, there is a problem that can not be blocked when the sender of spam mail using a variety of sender e-mail address or create a virtual e-mail address.

Accordingly, there is an urgent need for an effective technology that can effectively block randomly transmitted spam mails.

The present invention has been presented to solve the above problems, and an object of the present invention is to authenticate an e-mail sender with a predetermined authentication mail, and to receive and process an e-mail sent by an authenticated sender to a receiver as a normal e-mail to an unspecified recipient. It is to provide a spam blocking system and method that can effectively block spam sent randomly.

In addition, another object of the present invention is to send a second authentication mail without first sending the authentication mail to the sender of the received e-mail as much as the amount of the e-mail to authenticate the sender and then send the remaining authentication mail By using the transmission method, when spammers send spam mails using another person's e-mail address, a spam mail blocking system that prevents damage caused by sending a large amount of authentication mails to the e-mail address at one time. And a method.

In addition, another object of the present invention is to filter the received e-mail through a multi-blocking engine, filtering the e-mail containing viruses, spam mail and malicious code, etc., and then send the authentication mail in the final step, spam mail, malware The present invention provides a spam mail blocking system and method that can effectively block mails and virus mails and prevent waste and overload of system resources due to mass transmission of authentication mails.

In order to achieve the above object, a spam mail blocking system according to the present invention is located at the front end of a mail server for sending and receiving a plurality of email, for authenticating the sender with the sender's email address for sending each email. A spam mail blocking system that sends an authentication mail, authenticates the sender according to whether or not the sender responds to the authentication mail, and receives / deletes the email. Each e-mail is temporarily stored in the temporary storage for a set time after the authentication mail is sent, and then deleted.The e-mail in which the sender's response is received within the set time among each e-mail stored in the e-mail is stored in the recipient's mail account. E-mail sending / receiving unit to send to Authenticator list that classifies and stores e-mail addresses of registered senders by recipient, and searches whether the sender's e-mail address is included in each recipient's certifier list for each e-mail, and included in certifier list. Sends the authentication mail for each email to the sender's email address which is not yet sent, and stores the unique key and the key value corresponding to the unique key for each authentication mail sent, and the sender's access and response through each authentication mail. An authentication processing unit for authenticating the sender for each recipient according to whether or not the authentication processing unit is configured to send the electronic message of the sender with respect to the first e-mail which is part of the plurality of e-mails transmitted by the same sender temporarily stored in the temporary storage unit. The first authentication mail is sent to the e-mail address, and the sender of each first authentication mail is sent within the set time. When the answer is received, the second authentication mail is sent to the sender's email address for the second email, which is the remaining email among the sender's emails, and the sender for each first authentication mail within the set time. If the response is not received, characterized in that both the first e-mail and the second e-mail is deleted.

Preferably, the first e-mail is a predetermined number of e-mails of a plurality of e-mails sent by the sender in a fast receiving order.

Further, in order to achieve the above object, another embodiment of the spam mail blocking system according to the present invention is located in the front end of the mail server for sending and receiving e-mail, the sender to the sender's e-mail address to send the e-mail It is a spam mail blocking system that sends an authentication mail for authenticating the certificate, authenticates the sender according to whether the sender responds to the authentication mail, and receives / deletes the email. The mail server of the sender by an STP session A false account blocker that refuses to receive e-mails whose mail accounts are not registered on the mail server through e-mails, a mail sender / receiver that receives e-mails passing through the false account blocker, and receive Anti-virus department that blocks and deletes e-mails infected with viruses and malicious codes among the received e-mails, and among received e-mails. Spam pattern ranking section that blocks and deletes e-mail containing specific words and formats extracted by pattern analysis of spam mail, sender's e-mail address authenticated through authentication mail, and any registered mail recipient. A list of authenticators that classify and store the sender's e-mail addresses by recipient, and whether or not the sender's e-mail address is included in the authenticator list for e-mails that have passed through the anti-virus section and the spam pattern ranking section, Send the authentication mail to the sender's e-mail address not included in the list, and store the unique key for the authentication mail and the key value corresponding to the unique key to authenticate the sender according to the sender's access and response through the authentication mail. Included in the list of authenticators in the e-mail that passed the authentication processing unit and the anti-virus unit and spam pattern ranking unit. And a temporary storage unit for temporarily storing the e-mail sent by an unsent sender, and the e-mail transmitting / receiving unit deletes the e-mail stored in the temporary storage unit after a predetermined time elapses after the transmission of the authentication mail. When receiving a response of the e-mail stored in the temporary storage unit characterized in that for transmitting to the mail account of the recipient of the mail server.

Preferably, the authentication e-mail includes access information including a URL for the sender to access the authentication processing unit, and the authentication processing unit displays a special character pattern graphically displayed on a web page linked to the connection information, and sends a special message from the sender. It accepts a character pattern and authenticates the sender. The mail transceiving unit may provide a pending list, which is a list linked to the temporarily stored e-mail, so that the recipient may receive and store the e-mail stored in the temporary storage unit by selection. At this time, the mail transmission / reception unit transmits the e-mail selected by the recipient from the pending list to the mail account of the recipient of the mail server regardless of whether or not it responds to the authentication mail, and the authentication processing unit transmits the e-mail selected by the recipient from the pending list. Add your email address to the list of certifiers.

Further, in order to achieve the above another object, the spam mail blocking method according to the present invention, at the front end of the mail server for transmitting and receiving a plurality of email, authenticate the sender with the email address of the sender to send each email An anti-spam method for sending an authentication mail for authenticating the sender, authenticating the sender according to the sender's response to the authentication mail, and sending the authenticated sender's e-mail to the receiver. Step 1, a second step for retrieving the sender's email address from each list of authenticators that is generated for each recipient of the email and the transmission of the email to the recipient is a list of authorized and authorized senders, sender's email address For recipients with a list of certifiers containing, the number of mail servers sent to each recipient A third step of sending to the user's mail account, a fourth step of temporarily storing each e-mail sent to the recipient, for a recipient having a list of authenticators that do not contain the sender's e-mail address, of each temporarily stored e-mail. A fifth step of sending the first authentication mail to the sender's e-mail address for the first e-mail, which is a part of the e-mail, and if the sender's response to the first authentication mail is received within a predetermined time period, the first e-mail. A sixth step of sending the mail to the recipient's mail account on the mail server and adding the sender's email address to the recipient's certifier list; a second email, the remaining email except for the first one of each temporarily stored email. Step 7 of sending the second authentication mail to the sender's e-mail address for the mail, the sender of the second authentication mail within the set time. When a response is received, the eighth step of sending the second e-mail to the recipient's mail account of the mail server and adding the sender's e-mail address to the recipient's authenticator list, the sender for the second authentication mail within the set time. The ninth step of deleting the temporarily stored second e-mail if no response is received, and if the sender's response to the first authentication mail is not received within the set time, the temporarily stored first e-mail and the second e-mail. A tenth step of deleting all the mails; the fourth and fifth steps are performed in any order, and the sixth to ninth and tenth steps are selectively performed; Nine steps are optionally performed.

Preferably, the first authentication mail and the second authentication mail include access information including a URL for a sender to access a predetermined web page in order to respond to the first authentication mail and the second authentication mail. Steps 6 and 8 may include steps 6-1 of displaying the special character pattern processed on the web page and steps 6-2 of receiving the special character pattern from the sender and authenticating the sender. Also, in step 11, the recipient list provides a pending list, which is a list linked to the first and second e-mails, to the recipients so that the recipient can check the temporarily stored first and second e-mails. The twelfth step of sending the selected e-mail to the recipient's mail account on the mail server regardless of whether the sender responds to the first and second authentication mails; and for the e-mail selected by the recipient from the pending list, The method further includes a thirteenth step of adding an e-mail address to the recipient's authenticator list, wherein the twelfth and thirteenth steps are performed in any order, and the eleventh to thirteenth steps are the fifth to tenth steps. Ensure that they are performed in any order.

Further, in order to achieve the above another object, another embodiment of the spam mail blocking method according to the present invention, in the front end of the mail server for sending and receiving e-mail, the sender to the sender's e-mail address of sending the e-mail It is a spam mail blocking method that sends an authentication mail for authenticating the certificate, authenticates the sender according to the sender's response to the authentication mail, and sends the authenticated sender's email to the recipient. The first step is to block receiving e-mails whose mail accounts are not registered in the mail server through communication with the mail server, and receive e-mails whose mail accounts are registered in the mail server. The second step, the third step of blocking and deleting the e-mail infected with viruses and malware among the received e-mails, The fourth step of blocking and deleting an e-mail containing specific words and formats extracted by the pattern analysis of spam mail among the e-mails, generated for the recipient of each e-mail, and the transmission of the e-mail to the recipient is authenticated and approved. A fifth step of retrieving the sender's e-mail address from the authenticator list which is the sender's list; and a sixth step of sending the e-mail to the recipient's mail account of the mail server if the authenticator list includes the sender's e-mail address. A seventh step of temporarily storing the e-mail when the sender's e-mail address is not included in the list of authenticators; an eighth step of transmitting the authentication mail to the sender's e-mail address for the temporarily stored e-mail; If the sender's response to the authentication mail is received within the set time, the temporarily stored email is sent to the recipient's message on the mail server. A ninth step of sending to the account, adding the sender's e-mail address to the authenticator list, and a tenth step of deleting the temporarily stored e-mail if the sender's response to the authentication mail is not received within the set time. The third and fourth steps are performed in any order, the sixth and seventh to tenth steps are optionally performed, the seventh and eighth steps are performed in an order, The ninth and tenth steps are optionally performed.

Preferably, the authentication mail includes access information including a URL for the sender to access a predetermined web page in order to respond to the authentication mail, and the ninth step displays a special character pattern graphically processed on the web page. Step 9-1 and step 9-2 to receive a special character pattern from the sender to authenticate the caller. In addition, the eleventh step of providing the recipient with a pending list, a list linked to the e-mail so that the recipient can check the temporarily stored e-mail, irrespective of whether the sender responds to the e-mail by selecting the e-mail selected by the recipient from the pending list. A twelfth step of transmitting to the recipient's mail account of the mail server, and a thirteenth step of adding the sender's e-mail address to the recipient's authenticator list, for the e-mail selected by the recipient from the pending list; The steps and the thirteenth step are performed in any order, and the eleventh to thirteenth steps are performed regardless of the order of the eighth to tenth steps.

Hereinafter, with reference to the accompanying drawings will be described in detail the advantages, features and preferred embodiments of the present invention.

1 is a block diagram of a spam mail blocking system according to the present invention. As shown in FIG. 1, each mail server 200 or 300 transmits and receives mutual e-mails through the Internet or wired or wireless communication network 400, and the spam blocking system 100 according to the present invention includes a mail server 200. It is located at the front end. The mail servers 200 and 300 are general mail servers for sending and receiving e-mails, and mail accounts of senders and recipients for sending and receiving e-mails are registered. 1 illustrates an embodiment in which a spam mail blocking system is provided only in the mail server 200. The mail server 300 is a mail server in which a mail account of an email sender is registered, and the mail server 200 is a mail account of an email receiver. Represents this registered mail server.

The spam blocking system 100 according to the present invention includes a mail transmission and reception unit 10 for transmitting and receiving an e-mail with the mail server 300, a temporary storage unit 20 for temporarily storing the received e-mail, and a spam blocking system 100 It includes an authenticator list (30) for storing a list of the sender authenticated by the; and authentication processing unit 40 for generating and transmitting an authentication mail to the sender to authenticate the sender. On the other hand, the transmission of the authentication mail may be performed by the mail transmission and reception unit 10, of course.

The mail transmitting and receiving unit 10 according to the present invention transmits and receives e-mails through the Internet or wired or wireless communication network (400). Therefore, the e-mail transmitted by the sender from the mail server 300 is received by the mail transmission / reception unit 10 and stored in the temporary storage unit 20. The temporary storage unit 20 temporarily stores the e-mail until the authentication is determined by the authentication processing unit 40, and classifies and stores the e-mail according to the recipient of the e-mail. In addition, the mail transmission / reception unit 10 transmits or deletes the corresponding e-mail to the mail server 200 according to whether the authentication processing unit 40 is authenticated. In detail, when authentication is completed by the authentication processing unit 40, the mail transmitting and receiving unit 10 extracts the corresponding e-mail from the temporary storage unit 20 and transmits the e-mail to the corresponding recipient e-mail address of the mail server 200. The e-mail transmitted to the mail server 200 is stored in a separate storage area (not shown) assigned to the corresponding recipient, so that the recipient can receive and check it. On the other hand, when authentication is not performed by the authentication processing unit 40, that is, when it is determined that the e-mail is spam mail, the mail transmission and reception unit 10 deletes the e-mail stored in the temporary storage unit 20.

The authenticator list 30 according to the present invention is a list of the e-mail addresses of the senders whose transmission of the e-mail to the recipient is approved / authenticated. The sender's e-mail address included in the authenticator list 30 includes the sender's e-mail address that has been authenticated by the authentication processing unit 40, and the sender's e-mail address individually registered by the recipient.

The authentication processing unit 40 according to the present invention is a component that blocks spam mail transmitted from spammers by authenticating the sender of the electronic mail through the authentication mail. Specifically, the authentication processing unit 40 searches for the sender of the received e-mail in the authenticator list 30, and generates and transmits an authentication mail when the sender is not included in the authenticator list 30. The authentication mail includes access information such as a URL for the sender to access the authentication processing unit 40. In addition, the authentication processing unit 40 stores a unique key for the authentication mail and a corresponding key value, and performs an authentication response in response to a graphic processed special character pattern displayed on a web page accessed through the access information. You will be asked. That is, the authentication processing unit 40 requires the caller to publicly authenticate through a character pattern in which the sender can immediately analyze the meaning through the naked eye. Therefore, a sender (spammer) who sends a large amount of spam mail or a spam mail using a randomly generated false account cannot receive the authentication mail or must respond in one hand, thereby effectively identifying the sender of the spam mail. . The authentication processing unit 40 adds the sender's e-mail address to the authenticator list 30 when the authentication is completed after the sender's response is received to the authentication mail, and sends a message indicating the completion of the authentication to the mail transmission / reception unit 10. To send. On the other hand, if a response is not received from the sender within a predetermined time period, the authentication processing unit 40 determines the corresponding e-mail as spam mail and transmits a message indicating failure of authentication to the mail transmission / reception unit. Therefore, the mail transmission / reception unit 10 transmits or deletes the e-mail stored in the temporary storage unit 20 according to the authentication completion or authentication failure message of the authentication processing unit 40 to the mail server 200.

On the other hand, each e-mail stored in the temporary storage unit 20 in the state that the authentication of the sender is not complete may be provided to the corresponding recipient in the form of a list. That is, the mail account registrant (recipient) of the mail server 200 may check a list of e-mails for which authentication has not been completed (hereinafter referred to as a 'pending list'), and selectively receive e-mails from the lists. . In this case, the mail transmission / reception unit 10 extracts the e-mail selected by the recipient from the temporary storage unit 20 and transmits the e-mail selected by the recipient to the corresponding recipient mail account of the mail server 200. Therefore, the e-mail received by the receiver through the above process is not deleted regardless of the sender's authentication.

2 is a flowchart of a spam mail blocking process according to the present invention. Referring to Figure 2 describes the spam mail blocking process according to the present invention.

When the e-mail is transmitted from the mail server 300, the mail transmitting and receiving unit 10 receives the e-mail and the received e-mail is stored in the temporary storage unit 21 (ST200).

The authentication processing unit 40 searches whether the sender of the e-mail is included in the authenticator list 30 (ST210). Specifically, the sender e-mail address included in the e-mail is searched in the authenticator list 30.

When the sender's e-mail address is included in the authenticator list 30, the mail transmission / reception unit 40 transmits the e-mail stored in the temporary storage unit 20 to the mail account of the receiver of the mail server 200. (ST220, ST230).

On the other hand, if the sender's e-mail address is not in the list of authenticators, the authentication processing unit 40 generates an authentication mail and transmits it to the sender's e-mail address (ST220, ST240). At this time, the authentication mail is preferably generated using a pre-stored generation format (text content, access information, code, etc.).

The authentication processing unit 40 waits for the sender's response to the authentication mail for a preset time (ST250).

When there is a response from the sender within the set time, that is, when the sender accesses the authentication processing unit 40 through the access information of the authentication mail and inputs a character pattern or the like, the authentication processing unit verifies the sender's e-mail address. It registers to the list 30 (ST260, ST270). Therefore, the e-mail received from the sender's e-mail address is then transmitted directly to the mail server 200 without authentication through the authentication mail.

In addition, the mail transmission / reception unit 10 transmits the e-mail temporarily stored in the temporary storage unit 20 to the recipient mail account of the mail server 200 (ST230).

On the other hand, if the caller does not access the authentication processing unit 40 within the set time, the authentication processing unit transmits a message indicating the authentication failure to the mail transmission and reception unit 10, the electronic transmission and reception unit electronic stored in the temporary storage unit 20 The mail is deleted (ST280).

On the other hand, the authenticator list 30 can be changed by the recipient directly access to add or delete the sender's e-mail address, and can be set to prohibit reception of the specific sender's e-mail address. If the recipient deletes the registered sender's e-mail address from the list of authenticators, then the e-mail received from the sender's e-mail address can be received after re-authentication through the authentication process of steps ST240 to ST270. . In addition, it is desirable to prevent the authentication of the e-mail address that is set as non-receipt before the recipient releases it separately. In this case, the mail transmission / reception unit 10 deletes the e-mail transmitted from the e-mail address forbidden immediately from the temporary storage unit 20 without an authentication process.

In addition, as described above, the mail transmission / reception unit 10 may provide each recipient with a pending list for the e-mail stored in the temporary storage unit 20. In this case, when the corresponding recipient selects to store the specific e-mail among the e-mails of the pending list, the mail transmitting / receiving unit 10 transmits the selected e-mail to the recipient mail account of the mail server 200. Accordingly, the selected e-mail is not deleted regardless of whether the ST250 and ST260 respond to the authentication mail, and the receiver can quickly receive and confirm the e-mail required before the sender's authentication response. In addition, of course, the sender of the selected e-mail may be configured to automatically add an e-mail address to the authenticator list 30.

Variation 1

On the other hand, in authenticating the sender according to whether or not to send and respond to the sender who sent the e-mail, if the actual sender of the e-mail is not the sender, that is, a spammer or malicious sender is an e-mail of a third party. When sending an e-mail through an address, a problem may occur in which a large amount of authentication mail is sent to the third party. For example, a spammer with an e-mail address of a@a.com may use a third-party e-mail address b@b.com as a sender and send it to a large number of recipients who have mail accounts on mail server C (c.com). When transmitting a large amount of e-mail, when the spam blocking system 100 according to the present invention is applied to the mail server C, the authentication mail is transmitted to b@b.com as much as the amount of e-mail transmitted. In this case, the same number of authentication mails are transmitted not only when the number of recipients is large but also when a large number of electronic mails are sent to one recipient. In general, the mail server has a limit of 256 messages, which can be handled at the same time, no matter how many e-mails are sent at the same time. Could be. Therefore, the spam blocking system 100 according to the present invention, in transmitting the authentication mail for the received e-mail, does not transmit the authentication mail for the e-mail sent from the same sender at a time, authentication of a part of the e-mail After the mail is transmitted first, the authentication mail for the remaining e-mails is transmitted or the e-mail is deleted according to whether the sender responds. Hereinafter, a two-step transmission process of the authentication mail will be described in detail.

3 is a flowchart illustrating a process of dividing an authentication mail into two steps. In FIG. 3, it is assumed that a large amount of e-mails are received from the same sender at one time. Referring to Figure 3 describes the process of dividing the authentication mail into two steps as follows.

When the e-mail is transmitted from the mail server 200, the mail transmitting and receiving unit 10 receives the e-mail (ST300).

The authentication processing unit 40 searches whether the sender of the e-mail is included in the authenticator list 30 (ST305). In this case, if the received e-mail is an e-mail transmitted to a plurality of recipients, it is searched whether each recipient is included in the authenticator list.

If there is no authenticator list in which the sender's e-mail address is registered, the authentication processing unit 40 generates and transmits an authentication mail for some of the received e-mails (ST310 and ST315). Specifically, the authentication mail is transmitted to a predetermined number of e-mails according to the receiving order of the e-mails. For example, if 256 e-mails with 256 mail account registrants are received, authentication mails are first transmitted to the two received e-mails. At this time, the mail transmission and reception unit 10 stores the received e-mail in the temporary storage unit 20. Hereinafter, the selected partial e-mail will be referred to as 'first e-mail', and the authentication e-mail transmitted to the first e-mail will be referred to as 'first authentication e-mail'.

The authentication processing unit 40 waits for the sender's response to the first authentication mail for a preset time (ST320).

If there is no response from the sender for the set time, that is, if the caller does not access the authentication processing unit 40 through the access information included in the first authentication mail within the set time, the authentication processing unit displays a message indicating authentication failure. To the mail transmission / reception unit 10, and the mail transmission / reception unit deletes all e-mails including the first e-mail stored in the temporary storage unit 20, that is, all e-mails transmitted from the sender (ST325, ST330). ). In other words, in the above example, the sender is regarded as a spam mail sender, and the first two e-mails from which the first authentication mail is transmitted, as well as the remaining 254 e-mails from which the authentication mail is not transmitted, are also authenticated. Delete without sending mail.

On the other hand, when there is a response from the sender within the set time, that is, when the sender accesses the authentication processing unit 40 through the access information of the first authentication mail and inputs a character pattern, the authentication processing unit sends the e-mail address of the sender. Is registered in the authenticator list 30 of the corresponding recipient (ST325, ST335). At this time, the mail transmitting and receiving unit 10 of course transmits the first e-mail of the e-mail stored in the temporary storage unit 20 to the mail account of the corresponding recipient of the mail server 200. In addition, the authentication processing unit 40 generates and transmits an authentication mail for the remaining e-mails except the first e-mail among the e-mails transmitted by the sender (ST340). Hereinafter, the remaining e-mail except for the first e-mail among the e-mails transmitted by the sender is referred to as a 'second e-mail', and the authentication e-mail transmitted to the second e-mail is referred to as a 'second authentication mail'.

The authentication processing unit 40 waits for the sender's response for a set time for each second authentication mail, and then, for the second authentication mail for which the response is received, the sender's e-mail in the authenticator list 30 of the corresponding receiver. The address is registered, and the mail transmission / reception unit 10 transmits the second e-mail from the temporary storage unit 20 to the mail account of the corresponding recipient of the mail server 200, respectively (ST345 to ST355). On the other hand, the mail transmission / reception unit 10 deletes the second electronic mail stored in the temporary storage unit 20 for the second authentication mail for which the response is not received for the set time (ST350 and ST360).

On the other hand, if there is a recipient whose sender of the e-mail is registered in the authenticator list 30 in ST305, the mail transmitting / receiving unit 10 sends the received e-mail to the corresponding recipient of the corresponding mail server 200. Transfer to a mail account (ST310, ST365). Further, after storing the remaining e-mail not included in each recipient's authenticator list 30 in the temporary storage unit 20 and generating and transmitting an authentication mail for some of the remaining e-mails, whether the sender responds or not. In accordance with the transmission or deletion processing to the mail server 200 (ST370, ST320 to ST360).

Meanwhile, as described above, the e-mail stored in the temporary storage unit 20 is provided to each recipient through a pending list, and the recipient selectively receives the e-mail stored in the temporary storage unit through the pending list, Of course, it can be registered in the authenticator list (30). In detail, the recipient may check and receive not only the electronic mail in which the authentication mail is transmitted in ST315, ST340, and ST370, but also the electronic mail in which the authentication mail is not transmitted in ST315 and ST370. Therefore, it is possible to prevent the e-mail that has not been sent the authentication mail from ST315 and ST370 from being excessively delayed and received by the recipient.

Modification 2

On the other hand, when authenticating the received e-mail through the authentication mail, if there is a large amount of reception of the e-mail, the transmission of the authentication mail every day may waste system resources and overload. In addition, since a large amount of authentication mail is transmitted to the other party's mail server, the other party's mail server may be overloaded. Therefore, the spam blocking system according to the present invention, through the multi-blocking engine through the multi-blocking engine clear authentication e-mail and the mail containing a virus or malicious code and the authentication of the rest of the e-mail after authentication through the authentication mail To do this. Hereinafter, the multi-blocking process of the e-mail will be described.

First, an internal engine configuration of a spam blocking system for multiple blocking is shown in FIG. 4 is a block diagram illustrating an internal engine configuration of a spam blocking system for multiple blocking. As shown in FIG. 4, the spam blocking system 100 according to the present invention includes a mail transmitting and receiving unit 10, a temporary storage unit 20, an authenticator list 30, and an authentication processing unit 40 shown in FIG. 1. ), False account blocker 50 to block e-mail addressed to non-existent accounts, anti-virus unit 60 to block e-mail containing viruses or malware, patterns of spam mail or It may further include a spam pattern ranking unit 70 to search for a specific word or the like contained in the e-mail to block spam mail.

The false account blocking unit 50 according to the present invention is an engine that blocks an e-mail transmitted by using a false account that does not exist in the mail server 100 as a recipient only by communication with the sender side mail server. This is the same as a Simple Mail Transfer Protocol (SMTP) session of general mail servers, which communicates only with the sender's mail server, noting that there is no recipient account for the e-mail, and rejecting the reception of the actual e-mail data itself. In the past, spammers collected e-mail addresses from internet bulletin boards and cafes to obtain e-mail addresses for spam mails. However, recently, instead of collecting these e-mail addresses, random accounts are randomly generated for specific domains. Regardless of whether or not there is an e-mail account, a method of transmitting spam mail to the created account is used. Therefore, if the recipient e-mail address of the transmitted e-mail is an e-mail addressed to a mail account not registered in the mail server 100, the e-mail address is immediately blocked without receiving the e-mail. The e-mail passing through the false account blocking unit 50 is received by the mail transmitting and receiving unit 10.

The anti-virus unit 60 according to the present invention is an engine for filtering and blocking an e-mail infected with a virus or a malicious code among the e-mails received in the mail transmission / reception unit 10 and includes a virus engine based on an open source. Block emails infected with virus or malware. Specifically, the anti-virus unit 60 checks viruses and malware of an attached file or compressed file attached to the e-mail, and blocks the infected e-mail.

The spam pattern ranking unit 70 according to the present invention is an engine that blocks and analyzes spam mails by patterning and analyzing the characteristics of spam mails. Unlike regular filtering engines, this engine blocks e-mail by checking whether it was written according to a set of rules and sent in a specific format sent by spammers worldwide.

The authentication processing unit 40 searches the authenticator list 30 for the e-mail passing through the spam pattern ranking unit 70, and the sender's e-mail included in the authenticator list is sent by the mail transmission / reception unit 10. The sender's e-mail, which is transmitted to the server 200 and is not included in the authenticator list, is stored in the temporary storage unit 20 and finally sent to the recipient mail account of the mail server 200 through the authentication process through the authentication mail. Will be. Therefore, after the e-mail is blocked through the false account blocking unit, the anti-virus unit, and the spam pattern ranking unit, the authentication mail is transmitted only to the remaining e-mails. This can prevent the mail server from being overloaded.

Meanwhile, in FIG. 4, the spam blocking system 100 is a false account blocking unit 50-> mail transmitting and receiving unit 10-> anti-virus unit 60-> spam pattern ranking unit 70-> Although the e-mail is blocked and transmitted in the order of the authentication processing unit 40, this is a preferred embodiment for blocking spam mail and reducing the transmission of unnecessary authentication mail, which may be performed in a different order. Of course.

The process of blocking the e-mail sent from the sender's mail server through the multi-blocking engine is shown in FIG. 5 is a flowchart illustrating a process of multiple blocking of e-mails. Referring to Figure 5 describes the process of blocking the e-mail in the spam blocking system according to the present invention as follows.

When a request for transmission of an e-mail is received through a communication from the mail server 300, the false account blocking unit 50 checks whether the e-mail address of the recipient indicated in the e-mail is a mail account registered in the mail server 200. (ST500, ST505).

If the account is not registered as a result of checking the recipient's e-mail address, that is, the e-mail sent to the false account, the e-mail data itself does not need to be received. Therefore, the transmission of the e-mail itself is blocked (ST510, ST515).

The e-mail that has passed through the false account blocking unit 50 is transmitted and received by the mail transmitting and receiving unit 10 and passes through the anti-virus unit 60.

The anti-virus unit 60 checks whether the virus or malware is infected with the e-mail transmitted to the real account registered in the mail server 200 (ST520). As a result of the scan, the e-mail infected with the virus or the malicious code is blocked or deleted, and the spam pattern ranking unit 70 checks the remaining e-mails (ST525 and ST515).

The spam pattern ranking unit 70 searches for the e-mail with various conditions such as whether the e-mail complies with the rule and includes a specific pattern and blocks the e-mail if applicable (ST530, ST535, ST515). In addition, for words such as (advertisement), (loan), (adult), etc. that are legally marked as spam mails, if the e-mail contains a predetermined number or more, the e-mail is regarded as spam mail and blocked. .

In response to the e-mail passing through the spam pattern ranking unit 70, the authentication processing unit 40 searches the sender in the authenticator list 30 of the receiver (ST540). The e-mail transmitted by the sender included in the search result authenticator list is transmitted to the recipient mail account of the mail server 200 by the mail transceiving unit 10 (ST545, ST550). On the other hand, the e-mail sent by the sender not included in the authenticator list is stored in the temporary storage unit 20, and the sender authentication through the authentication mail is performed by the authentication processing unit 40 (ST545, ST555, ST560).

As described above, the spam mail blocking system and method according to the present invention not only authenticates the sender of the e-mail through the response to the authenticated mail, but also blocks the spam mail through the multi-blocking engine, thereby effectively blocking the spam mail and the like. Unnecessary transmission of mail can be effectively reduced, and if spammers send a large amount of e-mail using a third party's e-mail address, a large amount of authentication mail will be sent to the third party to prevent unexpected damage. There is a significant effect that can be.

In other words, the spam mail blocking system and method according to the present invention,

Firstly, it sends an authentication mail to the sender for the e-mail sent from an unregistered e-mail address, and authenticates the sender according to the response to the authentication mail. Can effectively block spam sent from fictitious email addresses,

Second, since only the e-mail sent by the authenticated sender is received, unnecessary waste of time and resource consumption for the spam processing can be significantly reduced.

Third, the spam mail blocking function is processed at the sender side rather than the receiver side of the e-mail, thereby preventing unnecessary waste of resources at the recipient mail server.

Fourthly, by sending authentication mails to a plurality of e-mails sent by the same sender in two steps, an unnecessary amount of unnecessary mail is sent to the third party due to spammers who generate spam mails using the e-mail addresses of the third parties. You can prevent the damage caused by sending an authentication email.

Fifth, by blocking multiple incoming e-mails through multiple blocking engines, you can effectively block not only spam mails but also infected with viruses or malware.

Sixth, through the multi-blocking engine, virus mails and verified spam mails are blocked without sending authentication mails, preventing waste and overloading of system resources due to sending and processing a large number of authentication mails, and receiving a large amount of authentication mails. To avoid overloading the other party's mail servers.

Seventh, providing each recipient with a pending list, which is a list of e-mails stored in the temporary storage before receiving a response to the authentication mail, and temporarily sending the e-mail without the sender's authentication according to the recipient's choice. Since it is sent from the storage to the user's mail account on the mail server, not only can the e-mail be quickly checked regardless of the sender's authentication, but also the e-mail is lost even if the sender does not respond to the authentication mail by mistake. Prevent,

Lastly, it can be applied to other mail systems using the authentication method through authentication mail, so it is highly scalable.

While the preferred embodiments of the present invention have been described using specific terms, such descriptions are for illustrative purposes only, and it is understood that various changes and modifications may be made without departing from the spirit and scope of the following claims. Should be done.

Claims (14)

Located at the front end of the mail server for transmitting and receiving a plurality of e-mails, and transmits an authentication mail for authenticating the sender to the sender's e-mail address to send each e-mail, and whether the sender responds to the authentication mail A spam mail blocking system for authenticating the sender and receiving / deleting the e-mail according to Receiving each of the e-mail sent by the sender, and temporarily stores each e-mail sent to the authentication mail in the temporary storage for a set time after the authentication mail is sent, and then delete the e-mail A mail transmitting / receiving unit which transmits an e-mail in which the sender's response is received to the mail account of the receiver of the mail server within the set time; An authenticator list for storing the sender's e-mail address authenticated through the authentication mail and the sender's e-mail address registered by the receiver of the e-mail for each of the recipients; And Search whether the sender's e-mail address is included in each recipient's authenticator list for each e-mail, and authenticating each e-mail with the sender's e-mail address not included in the authenticator list; Send the mail separately, and store a unique key for each of the transmitted authentication mails and a key value corresponding to the unique keys to send the sender for each recipient according to whether the sender accesses and responds through the authentication mails. Including an authentication processing unit for authenticating, The authentication processing unit, The first authentication mail is respectively transmitted to the sender's email address with respect to the first email which is a part of the plurality of emails sent by the same sender temporarily stored in the temporary storage unit, and the first authentication mail is transmitted within the set time. When the sender's response to the first authentication mail is received, a second authentication mail is respectively sent to the sender's email address for the second email, which is the remaining email among the plurality of emails sent by the sender, And if the sender's response to each of the first authentication mails is not received within the set time, deleting the first and second e-mails. The method of claim 1, The first email, Spam mail blocking system, characterized in that the predetermined number of e-mails of the plurality of e-mails sent from the sender is a fast receiving order. delete The method of claim 1, The authentication email, And the sender includes access information including a URL for accessing the authentication processing unit. The method of claim 4, wherein The authentication processing unit, And displaying a special character pattern processed graphically on a web page linked to the access information, and receiving the special character pattern from the sender to authenticate the sender. The method of claim 1, The mail transmitting and receiving unit, And a pending list which is a list linked to the temporary stored e-mail so that the recipient can receive and store the e-mail temporarily stored in the temporary storage unit. The method of claim 6, The mail transmitting and receiving unit, And the e-mail selected by the recipient from the pending list is transmitted to the mail account of the recipient of the mail server regardless of whether the recipient responds to the authentication mail. The method of claim 6, The authentication processing unit, And the email address of the sender is added to the authenticator list for the email selected by the recipient from the pending list. In front of a mail server that transmits and receives a plurality of e-mails, an authentication mail for authenticating the sender is transmitted to an e-mail address of the sender that transmits each of the e-mails, and according to whether the sender responds to the authentication mail. A spam mail blocking method for authenticating the sender and sending an authenticated sender's e-mail to the receiver, Receiving a first e-mail sent by the sender; A second step of retrieving the sender's e-mail address from each authenticator list generated for the recipient of each e-mail, the sender being a list of senders whose transmission of the e-mail has been authenticated and approved; A third step of sending, for a recipient having an authenticator list including the sender's e-mail address, each e-mail sent to the recipient to the recipient's mail account of the mail server; A fourth step of temporarily storing each e-mail sent to the recipient for a recipient having a list of authenticators not including the sender's e-mail address; A fifth step of transmitting a first authentication mail to the sender's e-mail address with respect to a first e-mail which is an e-mail of some of the temporarily stored e-mails; If the sender's response to the first authentication mail is received within a predetermined set time, the first email is sent to the mail account of the recipient of the mail server, and the sender's email address is authenticated of the recipient. A sixth step of adding to the child list; A seventh step of transmitting a second authentication mail to the sender's e-mail address for a second e-mail other than the first e-mail among the temporarily stored e-mails; If the sender's response to the second authentication mail is received within the set time, send the second email to the mail account of the recipient of the mail server, and send the sender's email address to the authenticator of the recipient. An eighth step of adding to the list; A ninth step of deleting the temporarily stored second e-mail when the sender's response to the second authentication mail is not received within the set time; And If the sender's response to the first authentication mail is not received within the set time, a tenth step of deleting all of the temporarily stored first and second e-mails; The fourth and fifth steps are performed regardless of the order, the sixth to ninth steps and the tenth step are selectively performed, and the eighth and ninth steps are selectively performed. Spam blocking method characterized in that the. The method of claim 9, The first authentication mail and the second authentication mail, Access information including a URL for the sender to access a predetermined web page in response to the first authentication mail and the second authentication mail; The sixth step and the eighth step, A sixth step of displaying a special character pattern graphicly processed on the web page; And And receiving a special character pattern from the sender and authenticating the sender. The method of claim 9, An eleventh step of respectively providing the recipient with a pending list which is a list linked with the first and second e-mails so that the recipient can confirm the temporarily stored first and second e-mails; A twelfth step of transmitting the e-mail selected by the recipient from the pending list to the mail account of the recipient of the mail server regardless of whether the sender responds to the first authentication mail and the second authentication mail; And And a thirteenth step for adding the sender's email address to the recipient's authenticator list, for the email selected by the recipient from the pending list, The twelfth step and the thirteenth step are performed in any order, and the eleventh to thirteenth steps are performed regardless of the order of the fifth to tenth steps. Way. delete delete delete

Images