CN108833258A - A kind of mail service actively discovers abnormal method - Google Patents

A kind of mail service actively discovers abnormal method Download PDF

Info

Publication number
CN108833258A
CN108833258A CN201810602641.2A CN201810602641A CN108833258A CN 108833258 A CN108833258 A CN 108833258A CN 201810602641 A CN201810602641 A CN 201810602641A CN 108833258 A CN108833258 A CN 108833258A
Authority
CN
China
Prior art keywords
mail
account
detection module
address
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810602641.2A
Other languages
Chinese (zh)
Inventor
曾宪力
彭国柱
丘树杰
范裕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Ruijiang Cloud Computing Co Ltd
Guangdong Eflycloud Computing Co Ltd
Original Assignee
Guangdong Ruijiang Cloud Computing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Ruijiang Cloud Computing Co Ltd filed Critical Guangdong Ruijiang Cloud Computing Co Ltd
Priority to CN201810602641.2A priority Critical patent/CN108833258A/en
Publication of CN108833258A publication Critical patent/CN108833258A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/42Mailbox-related aspects, e.g. synchronisation of mailboxes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/23Reliability checks, e.g. acknowledgments or fault reporting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Abstract

A kind of mail service actively discovers abnormal method, including mail service device and mail account, detection module is added in mail service device, detection module includes that the quantity for periodically analyze and externally send within cycle time to mail account mail to the IP address of mail account is analyzed, the analysis of the quantity of mail is externally sent according to the analysis result and mail account of the IP address of mail account as a result, judging whether to issue the user with mail service abnormality alarming.The present invention proposes that a kind of mail service actively discovers abnormal method, by detecting the mail server of user with the presence or absence of abnormal, to prevent user without knowing it, the case where sending mass advertising mail and spam from trend other users, transmission/delivering mail server IP address is avoided to be prohibited by third-party spam alliance, normal mail delivery is influenced, while also creating a good network environment for the mail service of user.

Description

A kind of mail service actively discovers abnormal method
Technical field
The present invention relates to mail service technical fields more particularly to a kind of mail service to actively discover abnormal method.
Background technique
With the development of internet, mail service delivers letters from pervious Messenger and develops to E-mail service, and with The development of E-mail service, more and more users can all apply for an Email Accounts, and in Email Accounts often Receive a large amount of advertisement matter and spam or even user oneself account can active transmission spam and advertisement matter to Other people, user is ignorant, this is that account in the mail server of user is hacked, and then sends outward and plays mass advertising Mail, spam.The IP address for finally resulting in the mail server of user itself puts the list list of spam alliance into, Finally mail but can not be normally sent when user, which really needs, sends mail.
Summary of the invention
It is an object of the invention to propose that a kind of mail service actively discovers abnormal method, by the mail for detecting user Server is with the presence or absence of exception, to prevent user without knowing it, sends mass advertising mail from trend other users And the case where spam.
For this purpose, the present invention uses following technical scheme:
A kind of mail service actively discovers abnormal method, including mail service device and mail account, in the postal Detection module is added in part delivery server, the detection module includes periodically analyzing the IP address of the mail account It is analyzed with the quantity for externally sending mail within cycle time to the mail account, according to the IP of the mail account The analysis result and the mail account of location externally send the analysis of the quantity of mail as a result, judging whether to issue the user with mail Service abnormality alarming.
Preferably, it includes recording the mail that the detection module, which periodically carries out analysis to the IP address of the mail account, The login time of account and the mail account log in the IP address of the mail server;
The detection module sets detection time threshold value, is starting, institute with the login time of the mail account of record Stating detection time threshold value is periodic regime, is judged the ownership place of the IP address of the mail account recorded, is judged Whether the ownership place of IP address belongs to the IP address ownership place that user often logs in, if it is not, then sending mail service to user Abnormality alarming.
Preferably, the quantity that the detection module externally sends mail to the mail account within cycle time is divided Analysis includes the quantity and setting mail violation theme for recording the mail account and externally sending mail;
The detection module setting number of mail threshold value and post time threshold value, the detection module judge described In post time threshold value, the mail account of record sends the quantity of mail to multiple target domain names, if more than setting The fixed number of mail threshold value, if so, the Mail Contents that analysis is transmitted, if containing the mail violation theme, if It is then to send mail service abnormality alarming to user.
Preferably, the detection module judge the mail account whether setting the post time threshold value It is interior, the number of mail threshold value of setting is sent more than to same target domain name, if so, the Mail Contents that analysis is transmitted, Whether the mail violation theme is contained, if so, sending mail service abnormality alarming to user.
Preferably, the login time of the mail account is after a login time threshold period, institute State the login time that detection module will remove mail account, and again the login of the following primary mail account when Between as starting.
Beneficial effects of the present invention:
By the way that detection module is added in mail service device, the mail account of active detecting user logs in IP address Extremely whether the IP address ownership of inconsequent carries out judging that account has the possibility being hacked extremely, and issues alarm;
Also a certain amount of mail is sent to single target domain name or multiple target domain names within a certain period of time simultaneously to carry out It threshold decision and whether abnormal carries out judging mail account by the mail violation theme of the sending of setting, and issues abnormal announcement It is alert.It finds the problem in advance, handles exception mail account, avoid transmission/delivering mail server IP address by third-party rubbish Rubbish Mail Consortium is prohibited, and influences normal mail delivery, while also creating a good network for the mail service of user Environment.
Detailed description of the invention
Fig. 1 is that mail service of the invention actively discovers abnormal flow chart.
Specific embodiment
To further illustrate the technical scheme of the present invention below with reference to the accompanying drawings and specific embodiments.
A kind of mail service of the present embodiment actively discovers abnormal method, including mail service device and mail account Number, detection module is added in the mail service device, the detection module includes periodically to the IP of the mail account The quantity that address analyze and externally send within cycle time to the mail account mail is analyzed, according to the postal The analysis result and the mail account of the IP address of part account externally send the analysis of the quantity of mail as a result, judge whether to User issues mail service abnormality alarming.
Preferably, it includes recording the mail that the detection module, which periodically carries out analysis to the IP address of the mail account, The login time of account and the mail account log in the IP address of the mail server;
As shown in Figure 1, the detection module sets detection time threshold value, with the login time of the mail account of record For starting, the detection time threshold value is periodic regime, is carried out to the ownership place of the IP address of the mail account recorded Judgement, judges whether the ownership place of IP address belongs to the IP address ownership place that user often logs in, if it is not, then sending to user Mail service abnormality alarming.
User sets a detection time threshold value, such as sets detection time threshold value as one hour, one day, one week or one Month, and the IP address of the mail server is recorded by the detection module, the IP address of record is for the common IP of user Location judges the ownership place of IP address ownership place that user logs in each time and the common IP address recorded, look at be It is not the ownership place for belonging to common IP address, if it is not, then sending mail service abnormality alarming to user.Such as the common postal of user The ownership place of the IP address of part account is certain domestic city, and the detection time threshold value set is one hour, in one hour, mail The IP address of account is changed to external somewhere suddenly, this will detection trigger module to user send mail service abnormality alarming.
Preferably, the quantity that the detection module externally sends mail to the mail account within cycle time is divided Analysis includes the quantity and setting mail violation theme for recording the mail account and externally sending mail;
As shown in Figure 1, the detection module setting number of mail threshold value and post time threshold value, the detection module Judging in the post time threshold value, the mail account of record sends the quantity of mail to multiple target domain names, Whether it is more than the number of mail threshold value of setting, if so, analyzing transmitted Mail Contents, if disobey containing the mail Theme is advised, if so, sending mail service abnormality alarming to user.
Detection module sets a post time threshold value as the period, and it is small as one such as to set post time threshold value When, one day, one week or one month, and be set in post time threshold value, the number of mail threshold value that user sends, such as 30 envelopes are sent in one hour, detection module detected mail account in one hour, had sent 40 envelope postals to multiple target domain names Part has been more than 30 set envelopes, has just judged the Mail Contents of transmission, if Mail Contents contain mail violation theme, such as The themes term such as advertisement, and Mail Contents are similar, then send mail service abnormality alarming to user.
Preferably, the detection module judge the mail account whether setting the post time threshold value It is interior, the number of mail threshold value of setting is sent more than to same target domain name, if so, the Mail Contents that analysis is transmitted, Whether the mail violation theme is contained, if so, sending mail service abnormality alarming to user.
Detection module sets a post time threshold value as the period, and it is small as one such as to set post time threshold value When, one day, one week or one month, and be set in post time threshold value, the number of mail threshold value that user sends, such as 30 envelopes are sent in one hour, detection module detected mail account in one hour, had sent 40 envelopes to the same target domain name Mail has been more than 30 set envelopes, has just judged the Mail Contents of transmission, if Mail Contents contain mail violation theme, Such as advertisement theme term then sends mail service abnormality alarming to user.
Preferably, the login time of the mail account is after a login time threshold period, institute State the login time that detection module will remove mail account, and again the login of the following primary mail account when Between as starting.
After detecting IP address ownership place in the detection time threshold value of setting, the time logged in next time with user is made The ownership place of the IP address of mail account is had detected in one week for the starting of new detection cycle, such as user, and this is examined Survey is with the login time of Monday for starting, then detection finishes after a week, then the login time of Monday will be removed, and use next time Family login time is Tuesday, then originates using next Tuesday as new detection.
The technical principle of the invention is described above in combination with a specific embodiment.These descriptions are intended merely to explain of the invention Principle, and shall not be construed in any way as a limitation of the scope of protection of the invention.Based on the explanation herein, the technology of this field Personnel can associate with other specific embodiments of the invention without creative labor, these modes are fallen within Within protection scope of the present invention.

Claims (5)

1. a kind of mail service actively discovers abnormal method, including mail service device and mail account, it is characterised in that:
Detection module is added in the mail service device, the detection module includes periodically to the IP of the mail account The quantity that address analyze and externally send within cycle time to the mail account mail is analyzed, according to the postal The analysis result and the mail account of the IP address of part account externally send the analysis of the quantity of mail as a result, judge whether to User issues mail service abnormality alarming.
2. a kind of mail service actively discovers abnormal method according to claim 1, it is characterised in that:
It includes recording the login of the mail account that the detection module, which periodically carries out analysis to the IP address of the mail account, Time and the mail account log in the IP address of the mail server;
The detection module sets login time threshold value, is starting with the login time of the mail account of record, described to step on Record time threshold is periodic regime, is judged the ownership place of the IP address of the mail account recorded, with judging IP Whether the ownership place of location belongs to the IP address ownership place that user often logs in, if it is not, it is abnormal then to send mail service to user Alarm.
3. a kind of mail service actively discovers abnormal method according to claim 1, it is characterised in that:
It includes record that the quantity that the detection module externally sends mail to the mail account within cycle time, which carries out analysis, The mail account externally sends the quantity and setting mail violation theme of mail;
The detection module setting number of mail threshold value and post time threshold value, the detection module judge in the mail In sending time threshold value, the mail account of record sends the quantity of mail to multiple target domain names, if more than setting The number of mail threshold value, if so, the Mail Contents that analysis is transmitted, if containing the mail violation theme, if so, Mail service abnormality alarming is sent to user.
4. a kind of mail service actively discovers abnormal method according to claim 3, it is characterised in that:
The detection module judges the mail account whether in the post time threshold value of setting, to same target Domain name sends more than the number of mail threshold value of setting, if so, the Mail Contents that analysis is transmitted, if contain the postal Part violation theme, if so, sending mail service abnormality alarming to user.
5. a kind of mail service actively discovers abnormal method according to claim 2, it is characterised in that:
For the login time of the mail account after login time threshold period, the detection module will The login time of mail account is removed, and the login time of the following primary mail account is used as starting again.
CN201810602641.2A 2018-06-12 2018-06-12 A kind of mail service actively discovers abnormal method Pending CN108833258A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810602641.2A CN108833258A (en) 2018-06-12 2018-06-12 A kind of mail service actively discovers abnormal method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810602641.2A CN108833258A (en) 2018-06-12 2018-06-12 A kind of mail service actively discovers abnormal method

Publications (1)

Publication Number Publication Date
CN108833258A true CN108833258A (en) 2018-11-16

Family

ID=64144957

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810602641.2A Pending CN108833258A (en) 2018-06-12 2018-06-12 A kind of mail service actively discovers abnormal method

Country Status (1)

Country Link
CN (1) CN108833258A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109862029A (en) * 2019-03-01 2019-06-07 论客科技(广州)有限公司 A kind of method and system of the reply Brute Force behavior using big data analysis
CN110061981A (en) * 2018-12-13 2019-07-26 成都亚信网络安全产业技术研究院有限公司 A kind of attack detection method and device
CN110995643A (en) * 2019-10-10 2020-04-10 中国人民解放军国防科技大学 Abnormal user identification method based on mail data analysis

Citations (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030154394A1 (en) * 2002-02-13 2003-08-14 Levin Lawrence R. Computer virus control
CN1647061A (en) * 2002-02-19 2005-07-27 波斯蒂尼公司 E-mail management services
CN101170403A (en) * 2007-12-10 2008-04-30 柯美阳 Email SMS alarming system and its method
US20090113001A1 (en) * 2007-10-29 2009-04-30 Microsoft Corporation Pre-send evaluaton of e-mail communications
CN101540773A (en) * 2009-04-22 2009-09-23 成都市华为赛门铁克科技有限公司 Junk mail detection method and device thereof
CN102098235A (en) * 2011-01-18 2011-06-15 南京邮电大学 Fishing mail inspection method based on text characteristic analysis
US20120084367A1 (en) * 2010-10-01 2012-04-05 Clover Leaf Environmental Solutions, Inc. Generation and retrieval of report information
CN102663291A (en) * 2012-03-23 2012-09-12 奇智软件(北京)有限公司 Information prompting method and information prompting device for e-mails
CN103186830A (en) * 2011-12-31 2013-07-03 成都勤智数码科技股份有限公司 Work order generation method and device according to mail intelligent analysis
CN103532797A (en) * 2013-11-06 2014-01-22 网之易信息技术(北京)有限公司 Abnormity monitoring method and device for user registration
CN103716335A (en) * 2014-01-12 2014-04-09 绵阳师范学院 Detecting and filtering method of spam mail based on counterfeit sender
CN104009964A (en) * 2013-02-26 2014-08-27 腾讯科技(深圳)有限公司 Network link detection method and system
CN104506426A (en) * 2012-03-23 2015-04-08 北京奇虎科技有限公司 Information prompting method and device for E-mails
CN106656728A (en) * 2015-10-30 2017-05-10 国家电网公司 Mail detection and monitoring system
CN107018067A (en) * 2017-05-02 2017-08-04 深圳市安之天信息技术有限公司 A kind of malious email method for early warning monitored based on Botnet and system
CN107040494A (en) * 2015-07-29 2017-08-11 深圳市腾讯计算机系统有限公司 User account exception prevention method and system
CN107665301A (en) * 2016-07-28 2018-02-06 腾讯科技(深圳)有限公司 Verification method and device
US20180077192A1 (en) * 2015-05-29 2018-03-15 Alibaba Group Holding Limited Account theft risk identification
CN107968740A (en) * 2017-10-17 2018-04-27 广东睿江云计算股份有限公司 A kind of method and device of filtering spam mail

Patent Citations (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030154394A1 (en) * 2002-02-13 2003-08-14 Levin Lawrence R. Computer virus control
CN1647061A (en) * 2002-02-19 2005-07-27 波斯蒂尼公司 E-mail management services
US20090113001A1 (en) * 2007-10-29 2009-04-30 Microsoft Corporation Pre-send evaluaton of e-mail communications
CN101170403A (en) * 2007-12-10 2008-04-30 柯美阳 Email SMS alarming system and its method
CN101540773A (en) * 2009-04-22 2009-09-23 成都市华为赛门铁克科技有限公司 Junk mail detection method and device thereof
US20120084367A1 (en) * 2010-10-01 2012-04-05 Clover Leaf Environmental Solutions, Inc. Generation and retrieval of report information
CN102098235A (en) * 2011-01-18 2011-06-15 南京邮电大学 Fishing mail inspection method based on text characteristic analysis
CN103186830A (en) * 2011-12-31 2013-07-03 成都勤智数码科技股份有限公司 Work order generation method and device according to mail intelligent analysis
CN102663291A (en) * 2012-03-23 2012-09-12 奇智软件(北京)有限公司 Information prompting method and information prompting device for e-mails
CN104506426A (en) * 2012-03-23 2015-04-08 北京奇虎科技有限公司 Information prompting method and device for E-mails
CN104009964A (en) * 2013-02-26 2014-08-27 腾讯科技(深圳)有限公司 Network link detection method and system
CN103532797A (en) * 2013-11-06 2014-01-22 网之易信息技术(北京)有限公司 Abnormity monitoring method and device for user registration
CN103716335A (en) * 2014-01-12 2014-04-09 绵阳师范学院 Detecting and filtering method of spam mail based on counterfeit sender
US20180077192A1 (en) * 2015-05-29 2018-03-15 Alibaba Group Holding Limited Account theft risk identification
CN107040494A (en) * 2015-07-29 2017-08-11 深圳市腾讯计算机系统有限公司 User account exception prevention method and system
CN106656728A (en) * 2015-10-30 2017-05-10 国家电网公司 Mail detection and monitoring system
CN107665301A (en) * 2016-07-28 2018-02-06 腾讯科技(深圳)有限公司 Verification method and device
CN107018067A (en) * 2017-05-02 2017-08-04 深圳市安之天信息技术有限公司 A kind of malious email method for early warning monitored based on Botnet and system
CN107968740A (en) * 2017-10-17 2018-04-27 广东睿江云计算股份有限公司 A kind of method and device of filtering spam mail

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110061981A (en) * 2018-12-13 2019-07-26 成都亚信网络安全产业技术研究院有限公司 A kind of attack detection method and device
CN109862029A (en) * 2019-03-01 2019-06-07 论客科技(广州)有限公司 A kind of method and system of the reply Brute Force behavior using big data analysis
CN110995643A (en) * 2019-10-10 2020-04-10 中国人民解放军国防科技大学 Abnormal user identification method based on mail data analysis
CN110995643B (en) * 2019-10-10 2022-01-07 中国人民解放军国防科技大学 Abnormal user identification method based on mail data analysis

Similar Documents

Publication Publication Date Title
CN103198123B (en) For system and method based on user's prestige filtering spam email message
JP4694146B2 (en) Prevent outgoing spam
US10243989B1 (en) Systems and methods for inspecting emails for malicious content
US7711781B2 (en) Technique for detecting and blocking unwanted instant messages
US8117263B2 (en) Systems and methods for delivering time sensitive messages over a distributed network
US7117358B2 (en) Method and system for filtering communication
US7779080B2 (en) System for policing junk e-mail messages
US7389413B2 (en) Method and system for filtering communication
US8751581B2 (en) Selectively blocking instant messages according to a do not instant message list
US20070180031A1 (en) Email Opt-out Enforcement
RU2541123C1 (en) System and method of rating electronic messages to control spam
US20080082658A1 (en) Spam control systems and methods
US20070016641A1 (en) Identifying and blocking instant message spam
CN108833258A (en) A kind of mail service actively discovers abnormal method
US20070094722A1 (en) Detecting networks attacks
EP1635524A1 (en) A method and system for identifying and blocking spam email messages at an inspecting point
US20030229673A1 (en) Systems and methods for electronic conferencing over a distributed network
US20110173272A1 (en) Filtering of electonic mail messages destined for an internal network
US7620691B1 (en) Filtering electronic messages while permitting delivery of solicited electronics messages
JP2006521635A5 (en)
JP2004500761A (en) System to identify distributed content
WO2006033936A3 (en) Self-tuning statistical method and system for blocking spam
WO2003105009A1 (en) Sytems and methods for establishing electronic conferencing over a distributed network
US20090106065A1 (en) Process for automatically handling electronic requests for notification of unsolicited commercial email and other service disruptions
US20050044153A1 (en) Email processing system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181116

RJ01 Rejection of invention patent application after publication