CN108833258A - A kind of mail service actively discovers abnormal method - Google Patents
A kind of mail service actively discovers abnormal method Download PDFInfo
- Publication number
- CN108833258A CN108833258A CN201810602641.2A CN201810602641A CN108833258A CN 108833258 A CN108833258 A CN 108833258A CN 201810602641 A CN201810602641 A CN 201810602641A CN 108833258 A CN108833258 A CN 108833258A
- Authority
- CN
- China
- Prior art keywords
- account
- detection module
- address
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/42—Mailbox-related aspects, e.g. synchronisation of mailboxes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/21—Monitoring or handling of messages
- H04L51/23—Reliability checks, e.g. acknowledgments or fault reporting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Abstract
A kind of mail service actively discovers abnormal method, including mail service device and mail account, detection module is added in mail service device, detection module includes that the quantity for periodically analyze and externally send within cycle time to mail account mail to the IP address of mail account is analyzed, the analysis of the quantity of mail is externally sent according to the analysis result and mail account of the IP address of mail account as a result, judging whether to issue the user with mail service abnormality alarming.The present invention proposes that a kind of mail service actively discovers abnormal method, by detecting the mail server of user with the presence or absence of abnormal, to prevent user without knowing it, the case where sending mass advertising mail and spam from trend other users, transmission/delivering mail server IP address is avoided to be prohibited by third-party spam alliance, normal mail delivery is influenced, while also creating a good network environment for the mail service of user.
Description
Technical field
The present invention relates to mail service technical fields more particularly to a kind of mail service to actively discover abnormal method.
Background technique
With the development of internet, mail service delivers letters from pervious Messenger and develops to E-mail service, and with
The development of E-mail service, more and more users can all apply for an Email Accounts, and in Email Accounts often
Receive a large amount of advertisement matter and spam or even user oneself account can active transmission spam and advertisement matter to
Other people, user is ignorant, this is that account in the mail server of user is hacked, and then sends outward and plays mass advertising
Mail, spam.The IP address for finally resulting in the mail server of user itself puts the list list of spam alliance into,
Finally mail but can not be normally sent when user, which really needs, sends mail.
Summary of the invention
It is an object of the invention to propose that a kind of mail service actively discovers abnormal method, by the mail for detecting user
Server is with the presence or absence of exception, to prevent user without knowing it, sends mass advertising mail from trend other users
And the case where spam.
For this purpose, the present invention uses following technical scheme:
A kind of mail service actively discovers abnormal method, including mail service device and mail account, in the postal
Detection module is added in part delivery server, the detection module includes periodically analyzing the IP address of the mail account
It is analyzed with the quantity for externally sending mail within cycle time to the mail account, according to the IP of the mail account
The analysis result and the mail account of location externally send the analysis of the quantity of mail as a result, judging whether to issue the user with mail
Service abnormality alarming.
Preferably, it includes recording the mail that the detection module, which periodically carries out analysis to the IP address of the mail account,
The login time of account and the mail account log in the IP address of the mail server;
The detection module sets detection time threshold value, is starting, institute with the login time of the mail account of record
Stating detection time threshold value is periodic regime, is judged the ownership place of the IP address of the mail account recorded, is judged
Whether the ownership place of IP address belongs to the IP address ownership place that user often logs in, if it is not, then sending mail service to user
Abnormality alarming.
Preferably, the quantity that the detection module externally sends mail to the mail account within cycle time is divided
Analysis includes the quantity and setting mail violation theme for recording the mail account and externally sending mail;
The detection module setting number of mail threshold value and post time threshold value, the detection module judge described
In post time threshold value, the mail account of record sends the quantity of mail to multiple target domain names, if more than setting
The fixed number of mail threshold value, if so, the Mail Contents that analysis is transmitted, if containing the mail violation theme, if
It is then to send mail service abnormality alarming to user.
Preferably, the detection module judge the mail account whether setting the post time threshold value
It is interior, the number of mail threshold value of setting is sent more than to same target domain name, if so, the Mail Contents that analysis is transmitted,
Whether the mail violation theme is contained, if so, sending mail service abnormality alarming to user.
Preferably, the login time of the mail account is after a login time threshold period, institute
State the login time that detection module will remove mail account, and again the login of the following primary mail account when
Between as starting.
Beneficial effects of the present invention:
By the way that detection module is added in mail service device, the mail account of active detecting user logs in IP address
Extremely whether the IP address ownership of inconsequent carries out judging that account has the possibility being hacked extremely, and issues alarm;
Also a certain amount of mail is sent to single target domain name or multiple target domain names within a certain period of time simultaneously to carry out
It threshold decision and whether abnormal carries out judging mail account by the mail violation theme of the sending of setting, and issues abnormal announcement
It is alert.It finds the problem in advance, handles exception mail account, avoid transmission/delivering mail server IP address by third-party rubbish
Rubbish Mail Consortium is prohibited, and influences normal mail delivery, while also creating a good network for the mail service of user
Environment.
Detailed description of the invention
Fig. 1 is that mail service of the invention actively discovers abnormal flow chart.
Specific embodiment
To further illustrate the technical scheme of the present invention below with reference to the accompanying drawings and specific embodiments.
A kind of mail service of the present embodiment actively discovers abnormal method, including mail service device and mail account
Number, detection module is added in the mail service device, the detection module includes periodically to the IP of the mail account
The quantity that address analyze and externally send within cycle time to the mail account mail is analyzed, according to the postal
The analysis result and the mail account of the IP address of part account externally send the analysis of the quantity of mail as a result, judge whether to
User issues mail service abnormality alarming.
Preferably, it includes recording the mail that the detection module, which periodically carries out analysis to the IP address of the mail account,
The login time of account and the mail account log in the IP address of the mail server;
As shown in Figure 1, the detection module sets detection time threshold value, with the login time of the mail account of record
For starting, the detection time threshold value is periodic regime, is carried out to the ownership place of the IP address of the mail account recorded
Judgement, judges whether the ownership place of IP address belongs to the IP address ownership place that user often logs in, if it is not, then sending to user
Mail service abnormality alarming.
User sets a detection time threshold value, such as sets detection time threshold value as one hour, one day, one week or one
Month, and the IP address of the mail server is recorded by the detection module, the IP address of record is for the common IP of user
Location judges the ownership place of IP address ownership place that user logs in each time and the common IP address recorded, look at be
It is not the ownership place for belonging to common IP address, if it is not, then sending mail service abnormality alarming to user.Such as the common postal of user
The ownership place of the IP address of part account is certain domestic city, and the detection time threshold value set is one hour, in one hour, mail
The IP address of account is changed to external somewhere suddenly, this will detection trigger module to user send mail service abnormality alarming.
Preferably, the quantity that the detection module externally sends mail to the mail account within cycle time is divided
Analysis includes the quantity and setting mail violation theme for recording the mail account and externally sending mail;
As shown in Figure 1, the detection module setting number of mail threshold value and post time threshold value, the detection module
Judging in the post time threshold value, the mail account of record sends the quantity of mail to multiple target domain names,
Whether it is more than the number of mail threshold value of setting, if so, analyzing transmitted Mail Contents, if disobey containing the mail
Theme is advised, if so, sending mail service abnormality alarming to user.
Detection module sets a post time threshold value as the period, and it is small as one such as to set post time threshold value
When, one day, one week or one month, and be set in post time threshold value, the number of mail threshold value that user sends, such as
30 envelopes are sent in one hour, detection module detected mail account in one hour, had sent 40 envelope postals to multiple target domain names
Part has been more than 30 set envelopes, has just judged the Mail Contents of transmission, if Mail Contents contain mail violation theme, such as
The themes term such as advertisement, and Mail Contents are similar, then send mail service abnormality alarming to user.
Preferably, the detection module judge the mail account whether setting the post time threshold value
It is interior, the number of mail threshold value of setting is sent more than to same target domain name, if so, the Mail Contents that analysis is transmitted,
Whether the mail violation theme is contained, if so, sending mail service abnormality alarming to user.
Detection module sets a post time threshold value as the period, and it is small as one such as to set post time threshold value
When, one day, one week or one month, and be set in post time threshold value, the number of mail threshold value that user sends, such as
30 envelopes are sent in one hour, detection module detected mail account in one hour, had sent 40 envelopes to the same target domain name
Mail has been more than 30 set envelopes, has just judged the Mail Contents of transmission, if Mail Contents contain mail violation theme,
Such as advertisement theme term then sends mail service abnormality alarming to user.
Preferably, the login time of the mail account is after a login time threshold period, institute
State the login time that detection module will remove mail account, and again the login of the following primary mail account when
Between as starting.
After detecting IP address ownership place in the detection time threshold value of setting, the time logged in next time with user is made
The ownership place of the IP address of mail account is had detected in one week for the starting of new detection cycle, such as user, and this is examined
Survey is with the login time of Monday for starting, then detection finishes after a week, then the login time of Monday will be removed, and use next time
Family login time is Tuesday, then originates using next Tuesday as new detection.
The technical principle of the invention is described above in combination with a specific embodiment.These descriptions are intended merely to explain of the invention
Principle, and shall not be construed in any way as a limitation of the scope of protection of the invention.Based on the explanation herein, the technology of this field
Personnel can associate with other specific embodiments of the invention without creative labor, these modes are fallen within
Within protection scope of the present invention.
Claims (5)
1. a kind of mail service actively discovers abnormal method, including mail service device and mail account, it is characterised in that:
Detection module is added in the mail service device, the detection module includes periodically to the IP of the mail account
The quantity that address analyze and externally send within cycle time to the mail account mail is analyzed, according to the postal
The analysis result and the mail account of the IP address of part account externally send the analysis of the quantity of mail as a result, judge whether to
User issues mail service abnormality alarming.
2. a kind of mail service actively discovers abnormal method according to claim 1, it is characterised in that:
It includes recording the login of the mail account that the detection module, which periodically carries out analysis to the IP address of the mail account,
Time and the mail account log in the IP address of the mail server;
The detection module sets login time threshold value, is starting with the login time of the mail account of record, described to step on
Record time threshold is periodic regime, is judged the ownership place of the IP address of the mail account recorded, with judging IP
Whether the ownership place of location belongs to the IP address ownership place that user often logs in, if it is not, it is abnormal then to send mail service to user
Alarm.
3. a kind of mail service actively discovers abnormal method according to claim 1, it is characterised in that:
It includes record that the quantity that the detection module externally sends mail to the mail account within cycle time, which carries out analysis,
The mail account externally sends the quantity and setting mail violation theme of mail;
The detection module setting number of mail threshold value and post time threshold value, the detection module judge in the mail
In sending time threshold value, the mail account of record sends the quantity of mail to multiple target domain names, if more than setting
The number of mail threshold value, if so, the Mail Contents that analysis is transmitted, if containing the mail violation theme, if so,
Mail service abnormality alarming is sent to user.
4. a kind of mail service actively discovers abnormal method according to claim 3, it is characterised in that:
The detection module judges the mail account whether in the post time threshold value of setting, to same target
Domain name sends more than the number of mail threshold value of setting, if so, the Mail Contents that analysis is transmitted, if contain the postal
Part violation theme, if so, sending mail service abnormality alarming to user.
5. a kind of mail service actively discovers abnormal method according to claim 2, it is characterised in that:
For the login time of the mail account after login time threshold period, the detection module will
The login time of mail account is removed, and the login time of the following primary mail account is used as starting again.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810602641.2A CN108833258A (en) | 2018-06-12 | 2018-06-12 | A kind of mail service actively discovers abnormal method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810602641.2A CN108833258A (en) | 2018-06-12 | 2018-06-12 | A kind of mail service actively discovers abnormal method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108833258A true CN108833258A (en) | 2018-11-16 |
Family
ID=64144957
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810602641.2A Pending CN108833258A (en) | 2018-06-12 | 2018-06-12 | A kind of mail service actively discovers abnormal method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108833258A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109862029A (en) * | 2019-03-01 | 2019-06-07 | 论客科技(广州)有限公司 | A kind of method and system of the reply Brute Force behavior using big data analysis |
CN110061981A (en) * | 2018-12-13 | 2019-07-26 | 成都亚信网络安全产业技术研究院有限公司 | A kind of attack detection method and device |
CN110995643A (en) * | 2019-10-10 | 2020-04-10 | 中国人民解放军国防科技大学 | Abnormal user identification method based on mail data analysis |
Citations (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030154394A1 (en) * | 2002-02-13 | 2003-08-14 | Levin Lawrence R. | Computer virus control |
CN1647061A (en) * | 2002-02-19 | 2005-07-27 | 波斯蒂尼公司 | E-mail management services |
CN101170403A (en) * | 2007-12-10 | 2008-04-30 | 柯美阳 | Email SMS alarming system and its method |
US20090113001A1 (en) * | 2007-10-29 | 2009-04-30 | Microsoft Corporation | Pre-send evaluaton of e-mail communications |
CN101540773A (en) * | 2009-04-22 | 2009-09-23 | 成都市华为赛门铁克科技有限公司 | Junk mail detection method and device thereof |
CN102098235A (en) * | 2011-01-18 | 2011-06-15 | 南京邮电大学 | Fishing mail inspection method based on text characteristic analysis |
US20120084367A1 (en) * | 2010-10-01 | 2012-04-05 | Clover Leaf Environmental Solutions, Inc. | Generation and retrieval of report information |
CN102663291A (en) * | 2012-03-23 | 2012-09-12 | 奇智软件(北京)有限公司 | Information prompting method and information prompting device for e-mails |
CN103186830A (en) * | 2011-12-31 | 2013-07-03 | 成都勤智数码科技股份有限公司 | Work order generation method and device according to mail intelligent analysis |
CN103532797A (en) * | 2013-11-06 | 2014-01-22 | 网之易信息技术(北京)有限公司 | Abnormity monitoring method and device for user registration |
CN103716335A (en) * | 2014-01-12 | 2014-04-09 | 绵阳师范学院 | Detecting and filtering method of spam mail based on counterfeit sender |
CN104009964A (en) * | 2013-02-26 | 2014-08-27 | 腾讯科技(深圳)有限公司 | Network link detection method and system |
CN104506426A (en) * | 2012-03-23 | 2015-04-08 | 北京奇虎科技有限公司 | Information prompting method and device for E-mails |
CN106656728A (en) * | 2015-10-30 | 2017-05-10 | 国家电网公司 | Mail detection and monitoring system |
CN107018067A (en) * | 2017-05-02 | 2017-08-04 | 深圳市安之天信息技术有限公司 | A kind of malious email method for early warning monitored based on Botnet and system |
CN107040494A (en) * | 2015-07-29 | 2017-08-11 | 深圳市腾讯计算机系统有限公司 | User account exception prevention method and system |
CN107665301A (en) * | 2016-07-28 | 2018-02-06 | 腾讯科技(深圳)有限公司 | Verification method and device |
US20180077192A1 (en) * | 2015-05-29 | 2018-03-15 | Alibaba Group Holding Limited | Account theft risk identification |
CN107968740A (en) * | 2017-10-17 | 2018-04-27 | 广东睿江云计算股份有限公司 | A kind of method and device of filtering spam mail |
-
2018
- 2018-06-12 CN CN201810602641.2A patent/CN108833258A/en active Pending
Patent Citations (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030154394A1 (en) * | 2002-02-13 | 2003-08-14 | Levin Lawrence R. | Computer virus control |
CN1647061A (en) * | 2002-02-19 | 2005-07-27 | 波斯蒂尼公司 | E-mail management services |
US20090113001A1 (en) * | 2007-10-29 | 2009-04-30 | Microsoft Corporation | Pre-send evaluaton of e-mail communications |
CN101170403A (en) * | 2007-12-10 | 2008-04-30 | 柯美阳 | Email SMS alarming system and its method |
CN101540773A (en) * | 2009-04-22 | 2009-09-23 | 成都市华为赛门铁克科技有限公司 | Junk mail detection method and device thereof |
US20120084367A1 (en) * | 2010-10-01 | 2012-04-05 | Clover Leaf Environmental Solutions, Inc. | Generation and retrieval of report information |
CN102098235A (en) * | 2011-01-18 | 2011-06-15 | 南京邮电大学 | Fishing mail inspection method based on text characteristic analysis |
CN103186830A (en) * | 2011-12-31 | 2013-07-03 | 成都勤智数码科技股份有限公司 | Work order generation method and device according to mail intelligent analysis |
CN102663291A (en) * | 2012-03-23 | 2012-09-12 | 奇智软件(北京)有限公司 | Information prompting method and information prompting device for e-mails |
CN104506426A (en) * | 2012-03-23 | 2015-04-08 | 北京奇虎科技有限公司 | Information prompting method and device for E-mails |
CN104009964A (en) * | 2013-02-26 | 2014-08-27 | 腾讯科技(深圳)有限公司 | Network link detection method and system |
CN103532797A (en) * | 2013-11-06 | 2014-01-22 | 网之易信息技术(北京)有限公司 | Abnormity monitoring method and device for user registration |
CN103716335A (en) * | 2014-01-12 | 2014-04-09 | 绵阳师范学院 | Detecting and filtering method of spam mail based on counterfeit sender |
US20180077192A1 (en) * | 2015-05-29 | 2018-03-15 | Alibaba Group Holding Limited | Account theft risk identification |
CN107040494A (en) * | 2015-07-29 | 2017-08-11 | 深圳市腾讯计算机系统有限公司 | User account exception prevention method and system |
CN106656728A (en) * | 2015-10-30 | 2017-05-10 | 国家电网公司 | Mail detection and monitoring system |
CN107665301A (en) * | 2016-07-28 | 2018-02-06 | 腾讯科技(深圳)有限公司 | Verification method and device |
CN107018067A (en) * | 2017-05-02 | 2017-08-04 | 深圳市安之天信息技术有限公司 | A kind of malious email method for early warning monitored based on Botnet and system |
CN107968740A (en) * | 2017-10-17 | 2018-04-27 | 广东睿江云计算股份有限公司 | A kind of method and device of filtering spam mail |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110061981A (en) * | 2018-12-13 | 2019-07-26 | 成都亚信网络安全产业技术研究院有限公司 | A kind of attack detection method and device |
CN109862029A (en) * | 2019-03-01 | 2019-06-07 | 论客科技(广州)有限公司 | A kind of method and system of the reply Brute Force behavior using big data analysis |
CN110995643A (en) * | 2019-10-10 | 2020-04-10 | 中国人民解放军国防科技大学 | Abnormal user identification method based on mail data analysis |
CN110995643B (en) * | 2019-10-10 | 2022-01-07 | 中国人民解放军国防科技大学 | Abnormal user identification method based on mail data analysis |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103198123B (en) | For system and method based on user's prestige filtering spam email message | |
JP4694146B2 (en) | Prevent outgoing spam | |
US10243989B1 (en) | Systems and methods for inspecting emails for malicious content | |
US7711781B2 (en) | Technique for detecting and blocking unwanted instant messages | |
US8117263B2 (en) | Systems and methods for delivering time sensitive messages over a distributed network | |
US7117358B2 (en) | Method and system for filtering communication | |
US7779080B2 (en) | System for policing junk e-mail messages | |
US7389413B2 (en) | Method and system for filtering communication | |
US8751581B2 (en) | Selectively blocking instant messages according to a do not instant message list | |
US20070180031A1 (en) | Email Opt-out Enforcement | |
RU2541123C1 (en) | System and method of rating electronic messages to control spam | |
US20080082658A1 (en) | Spam control systems and methods | |
US20070016641A1 (en) | Identifying and blocking instant message spam | |
CN108833258A (en) | A kind of mail service actively discovers abnormal method | |
US20070094722A1 (en) | Detecting networks attacks | |
EP1635524A1 (en) | A method and system for identifying and blocking spam email messages at an inspecting point | |
US20030229673A1 (en) | Systems and methods for electronic conferencing over a distributed network | |
US20110173272A1 (en) | Filtering of electonic mail messages destined for an internal network | |
US7620691B1 (en) | Filtering electronic messages while permitting delivery of solicited electronics messages | |
JP2006521635A5 (en) | ||
JP2004500761A (en) | System to identify distributed content | |
WO2006033936A3 (en) | Self-tuning statistical method and system for blocking spam | |
WO2003105009A1 (en) | Sytems and methods for establishing electronic conferencing over a distributed network | |
US20090106065A1 (en) | Process for automatically handling electronic requests for notification of unsolicited commercial email and other service disruptions | |
US20050044153A1 (en) | Email processing system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181116 |
|
RJ01 | Rejection of invention patent application after publication |