CN110661750A - Mail sender identity detection method, system, equipment and storage medium - Google Patents

Mail sender identity detection method, system, equipment and storage medium Download PDF

Info

Publication number
CN110661750A
CN110661750A CN201810690914.3A CN201810690914A CN110661750A CN 110661750 A CN110661750 A CN 110661750A CN 201810690914 A CN201810690914 A CN 201810690914A CN 110661750 A CN110661750 A CN 110661750A
Authority
CN
China
Prior art keywords
sender
mail
content
identity
mail address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810690914.3A
Other languages
Chinese (zh)
Other versions
CN110661750B (en
Inventor
郭开
陈瑞钦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sangfor Technologies Co Ltd
Original Assignee
Sangfor Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sangfor Technologies Co Ltd filed Critical Sangfor Technologies Co Ltd
Priority to CN201810690914.3A priority Critical patent/CN110661750B/en
Publication of CN110661750A publication Critical patent/CN110661750A/en
Application granted granted Critical
Publication of CN110661750B publication Critical patent/CN110661750B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/212Monitoring or handling of messages using filtering or selective blocking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/42Mailbox-related aspects, e.g. synchronisation of mailboxes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/48Message addressing, e.g. address format or anonymous messages, aliases

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application discloses a method, a system, equipment and a storage medium for detecting the identity of a mail sender, wherein the method comprises the following steps: extracting characteristic information related to the sender information from the mail content; and analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail. When the identity of the mail sender is detected, the characteristic information related to the information of the sender is extracted from the mail content, and then the characteristic information is analyzed, so that the authenticity information of the identity of the mail sender can be determined. That is, the method and the device can detect the mail sender in a simple and efficient mode.

Description

Mail sender identity detection method, system, equipment and storage medium
Technical Field
The invention relates to the technical field of mail detection, in particular to a method, a system, equipment and a storage medium for detecting the identity of a mail sender.
Background
In daily business activities, a great deal of mail messaging activities exist, and mails are important media for people to communicate. Due to the lack of the safety of the mail protocol, a great deal of phishing fraud mails are spread, wherein the mails of forged senders are difficult to identify quickly due to high counterfeiting degree, and the method is one of the main problems faced by the current phishing fraud mails.
The biggest characteristic of faking a sender's mail is that human eyes cannot easily identify whether the sender is real or not by observing the sender's information. The current mainstream detection scheme is an authentication method based on policies such as SPF (Sender Policy Framework), but such authentication Policy methods are not popular enough in China at present, are mainly provided by some large-scale mail service providers, and require a mail receiver to verify information such as SPF.
Considering the current scenario that an enterprise deploys a mail server, many security authentication policies may not be completely opened, or the configuration is not correct enough, so that an attack of a fake sender is easy to succeed. Therefore, the existing detection method for the counterfeit sender needs complicated strategies and configuration processes, and is not beneficial to popularization of the detection technology for the counterfeit sender, so that how to detect the mail sender in a simple and efficient manner is a problem to be solved at present.
Disclosure of Invention
In view of the above, the present invention provides a method, a system, a device and a storage medium for detecting an identity of a sender of a mail, which can detect the sender of the mail in a simple and efficient manner. The specific scheme is as follows:
in a first aspect, the invention discloses a method for detecting the identity of a mail sender, which comprises the following steps:
extracting characteristic information related to the sender information from the mail content;
and analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail.
Optionally, the extracting feature information related to the sender information from the mail content includes:
extracting an envelope sender mail address and a content sender mail address from mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
and determining the authenticity information of the mail sender identity by judging whether the mail address of the envelope sender is consistent with the mail address of the content sender.
Optionally, the extracting feature information related to the sender information from the mail content includes:
extracting a content sender mail address and a mail reply person mail address from the mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
and determining the authenticity information of the identity of the sender of the mail by judging whether the mail address of the content sender is consistent with the mail address of the mail responder.
Optionally, the extracting feature information related to the sender information from the mail content includes:
extracting a content sender display name and a content sender mail address from mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
extracting a mail address corresponding to the display name of the content sender from the organization address book to obtain a target mail address;
and determining the authenticity information of the mail sender identity by judging whether the mail address of the content sender is consistent with the target mail address.
Optionally, the extracting feature information related to the sender information from the mail content includes:
extracting a content sender mail address from the mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
extracting the SMTP domain name of the mail address of the content sender to obtain a target SMTP domain name;
and calculating the similarity between the target SMTP domain name and the SMTP domain name in the preset SMTP domain name library by using a preset character string similarity calculation method, and determining the authenticity information of the identity of the sender of the mail according to the calculated similarity.
Optionally, the calculating, by using a preset string similarity algorithm, a similarity between the target SMTP domain name and an SMTP domain name in a preset SMTP domain name library includes:
and calculating the similarity between the target SMTP domain name and the SMTP domain name in the preset SMTP domain name library by using a shortest editing distance algorithm.
Optionally, the extracting feature information related to the sender information from the mail content includes:
extracting an envelope sender mail address, a content sender mail address, a mail reply sender mail address and a content sender display name from mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
judging whether the mail address of the envelope sender is consistent with the mail address of the content sender to obtain a first judgment result;
judging whether the mail address of the content sender is consistent with the mail address of the mail replying person to obtain a second judgment result;
extracting a mail address corresponding to the display name of the content sender from the organization address book to obtain a target mail address, and judging whether the mail address of the content sender is consistent with the target mail address to obtain a third judgment result;
extracting an SMTP domain name of the mail address of the content sender to obtain a target SMTP domain name, calculating the similarity between the target SMTP domain name and the SMTP domain name in a preset SMTP domain name library by using a preset character string similarity calculation method, judging whether the calculated similarity is greater than or equal to a preset similarity threshold value or not, and obtaining a fourth judgment result;
and integrating the first judgment result, the second judgment result, the third judgment result and the fourth judgment result to determine the authenticity information of the identity of the sender of the mail.
In a second aspect, the present invention discloses a mail sender identity detection system, which comprises:
the information extraction module is used for extracting characteristic information related to the information of the sender from the mail content;
and the information analysis module is used for analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail.
In a third aspect, the invention discloses an identity detection device for a mail sender, which comprises a processor and a memory; when the processor executes the computer program stored in the memory, the disclosed mail sender identity detection method is realized.
In a fourth aspect, the present invention discloses a computer readable storage medium for storing a computer program, which when executed by a processor implements the method for detecting the identity of a sender of a mail disclosed above.
Therefore, when the identity of the mail sender is detected, the characteristic information related to the information of the sender is extracted from the mail content, and then the characteristic information is analyzed, so that the authenticity information of the identity of the mail sender can be determined. That is, the present invention can detect the mail sender in a concise and efficient manner.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of a method for detecting the identity of a sender of a mail, which is disclosed by the present invention;
FIG. 2 is a diagram illustrating the source code content of a specific mail;
FIG. 3 is a flow chart of a specific mail sender identity detection method disclosed in the present invention;
FIG. 4 is a flowchart of a specific method for detecting the identity of a sender of a mail, according to the present invention;
FIG. 5 is a flowchart of a specific method for detecting the identity of a sender of a mail, according to the present invention;
FIG. 6 is a block diagram illustrating a specific process for detecting the identity of a sender of a mail, in accordance with the present invention;
FIG. 7 is a flowchart of a specific method for detecting the identity of a sender of a mail, according to the present invention;
FIG. 8 is a block diagram illustrating a specific process for detecting the identity of a sender of an email in accordance with the present invention;
FIG. 9 is a flowchart of a specific method for detecting the identity of a sender of a mail, according to the present invention;
fig. 10 is a schematic structural diagram of a mail sender identity detection system disclosed in the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention discloses a mail sender identity detection method, which is shown in figure 1 and comprises the following steps:
step S11: characteristic information related to the sender information is extracted from the mail content.
In this embodiment, the feature information related to the sender information may be specifically extracted from the source code content corresponding to the mail, that is, the mail content in step S11 in this embodiment specifically refers to the mail source code content. In the mail source code content, the characteristic information related to the sender information may specifically include, but is not limited to, an envelope sender mail address, a content sender mail address, a mail reply mail address, and a content sender display name. As shown in fig. 2, a specific mail source code content diagram is shown in fig. 2, and source code positions corresponding to an envelope sender mail address, a content sender mail address, a mail reply mail address and a content sender display name are identified in the diagram.
Of course, in the case that the user has opened the mail, the present embodiment may also use the window content capture tool to capture the feature information related to the sender information from the mail content display window.
Step S12: and analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail.
Based on the characteristic information related to the sender information extracted in the above step S11, the authenticity information of the sender identity of the mail can be analyzed. It can be understood that, in order to ensure that the authenticity information obtained in the step S12 has a high degree of reliability, this embodiment may perform analysis by using a plurality of kinds of characteristic information, for example, may perform comprehensive analysis on four kinds of characteristic information, such as the mail address of the envelope sender, the mail address of the content sender, the mail address of the mail replying person, and the display name of the content sender, which are disclosed above, so as to be beneficial to ensuring that the finally obtained authenticity information has high reliability. Of course, under the condition that the reliability requirement on the authenticity analysis result is not very high and only the existence of the possibility of counterfeiting of the identity of the sender of the current mail needs to be simply known, the embodiment can also analyze three, two or even one of the four kinds of characteristic information, so that the detection speed can be effectively improved.
Therefore, when the identity of the mail sender is detected, the embodiment of the invention extracts the characteristic information related to the information of the sender from the mail content, and then analyzes the characteristic information, so that the authenticity information of the identity of the mail sender can be determined. That is, the embodiment of the present invention can detect the mail sender in a simple and efficient manner.
Referring to fig. 3, an embodiment of the present invention discloses a specific method for detecting an identity of a sender of a mail, including:
step S21: and extracting the mail address of the envelope sender and the mail address of the content sender from the mail content.
Specifically, the present embodiment may extract the mail address of the envelope sender and the mail address of the content sender from the mail source code content.
Step S22: and determining the authenticity information of the mail sender identity by judging whether the mail address of the envelope sender is consistent with the mail address of the content sender.
In this embodiment, the authenticity information of the identity of the mail sender is determined by comparing the mail address of the envelope sender with the mail address of the content sender. Specifically, in this embodiment, the mail address of the envelope sender and the mail address of the content sender may be first converted into corresponding lower case characters, so as to obtain two corresponding character strings, and then, whether the two character strings are the same is determined through comparison and analysis, if not, it means that the current mail account has a possibility of being forged, that is, the identity of the current mail sender has a possibility of being forged, and if so, it means that the identity of the current mail sender is real and reliable.
Referring to fig. 4, an embodiment of the present invention discloses a specific method for detecting an identity of a sender of a mail, including:
step S31: and extracting the mail address of the content sender and the mail address of the mail replying person from the mail content.
Specifically, the embodiment may extract the content sender email address and the email reply email address from the email source code content.
Step S32: and determining the authenticity information of the identity of the sender of the mail by judging whether the mail address of the content sender is consistent with the mail address of the mail responder.
In this embodiment, the authenticity information of the identity of the sender of the mail is determined by comparing the mail address of the content sender with the mail address of the mail replying person. Specifically, in this embodiment, the content sender email address and the email reply sender email address may be first converted into corresponding lower case characters, so as to obtain two corresponding character strings, and then, whether the two character strings are the same is determined through comparison and analysis, if not, it is indicated that the recipient of the reply email is different from the content sender of the initial email, which means that there is a possibility of counterfeiting the current email account, that is, there is a possibility of counterfeiting the identity of the current email sender.
Referring to fig. 5, an embodiment of the present invention discloses a specific method for detecting an identity of a sender of a mail, including:
step S41: and extracting the display name of the content sender and the mail address of the content sender from the mail content.
Specifically, the present embodiment may extract the display name of the content sender and the mail address of the content sender from the mail source code content.
Step S42: and extracting the mail address corresponding to the display name of the content sender from the organization address book to obtain a target mail address.
It is understood that the above organization address book refers to a legal mail address book inside an organization such as a school, a business, etc., and names of different senders and corresponding legal mail addresses are recorded in the organization address book.
Step S43: and determining the authenticity information of the mail sender identity by judging whether the mail address of the content sender is consistent with the target mail address.
In this embodiment, the authenticity information of the identity of the mail sender is determined by comparing the mail address of the content sender with the mail address extracted from the organization address book according to the display name of the content sender. Specifically, in this embodiment, after the mail address corresponding to the display name of the content sender is extracted from the organization address book, the mail address and the mail address of the content sender are respectively converted into corresponding lower case characters to obtain two corresponding character strings, and then whether the two character strings are the same or not is determined through comparison and analysis, and if not, it means that the identity of the current mail sender has a possibility of being forged. As shown in fig. 6, the display name of the content sender and the organization address book are used to obtain the target mail address, and then the target mail address is compared with the mail address of the content sender to output the corresponding comparison result, and the authenticity information of the identity of the mail sender can be determined according to the comparison result.
Referring to fig. 7, the embodiment of the present invention discloses a specific method for detecting the identity of a sender of a mail, including:
step S51: the content sender mail address is extracted from the mail content.
Specifically, the embodiment may extract the content sender email address from the email source code content.
Step S42: and extracting an SMTP domain name (SMTP, Simple Mail Transfer Protocol) of the Mail address of the content sender to obtain a target SMTP domain name.
Step S53: and calculating the similarity between the target SMTP domain name and the SMTP domain name in the preset SMTP domain name library by using a preset character string similarity calculation method, and determining the authenticity information of the identity of the sender of the mail according to the calculated similarity.
In this embodiment, after the content sender email address is extracted, the corresponding SMTP domain name may be further extracted from the content sender email address, and then the similarity between the SMTP domain name and the SMTP domain name in the preset SMTP domain name library is calculated, so as to determine the authenticity information of the email sender identity through comparison of the similarity, and if the comparison result of the similarity shows that the two SMTP domain names are different, it means that there is a possibility that the identity of the current email sender is forged. It is understood that the preset domain name library refers to a database for recording legal SMTP domain names commonly used for daily mail services, and the database may include one or more legal SMTP domain names.
As shown in fig. 8, assuming that the mail address of the content sender is specifically test @ mail 1.com, and the SMTP domain name in the preset SMTP domain name library is "mail.com", the SMTP domain name "mail 1. com" is extracted from the mail address, and then the extracted SMTP domain name "mail 1. com" is compared with the SMTP domain name "mail.com" in the preset SMTP domain name library for similarity, so as to determine the authenticity information of the mail sender identity. For example, when the calculated similarity value is smaller than a preset similarity threshold, it may be determined that the identity of the sender of the current email is possible to be forged, the preset similarity threshold may be specifically set according to an actual situation, and in order to improve reliability of an authenticity analysis result, the preset similarity threshold may be set to 100% in this embodiment.
In addition, in this embodiment, the calculating, by using a preset string similarity algorithm, a similarity between the target SMTP domain name and an SMTP domain name in a preset SMTP domain name library may specifically include: and calculating the similarity between the target SMTP domain name and the SMTP domain name in the preset SMTP domain name library by using a shortest editing distance algorithm. Of course, in addition to calculating the similarity by using the shortest edit distance algorithm, the similarity may also be calculated by using other character string similarity calculation methods in the present embodiment, which are not listed here.
Referring to fig. 9, an embodiment of the present invention discloses a specific method for detecting an identity of a sender of a mail, including:
step S61: and extracting the mail address of the envelope sender, the mail address of the content sender, the mail address of the mail reply sender and the display name of the content sender from the mail content.
Specifically, the present embodiment may extract the mail address of the envelope sender, the mail address of the content sender, the mail address of the mail replying person, and the display name of the content sender from the mail source code content.
Step S62: and judging whether the mail address of the envelope sender is consistent with the mail address of the content sender to obtain a first judgment result.
Step S63: and judging whether the mail address of the content sender is consistent with the mail address of the mail replying person, and obtaining a second judgment result. Step S64: and extracting a mail address corresponding to the display name of the content sender from the organization address book to obtain a target mail address, and judging whether the mail address of the content sender is consistent with the target mail address to obtain a third judgment result.
Step S65: extracting the SMTP domain name of the mail address of the content sender to obtain a target SMTP domain name, calculating the similarity between the target SMTP domain name and the SMTP domain name in a preset SMTP domain name library by using a preset character string similarity calculation method, judging whether the calculated similarity is greater than or equal to a preset similarity threshold value, and obtaining a fourth judgment result.
Step S66: and integrating the first judgment result, the second judgment result, the third judgment result and the fourth judgment result to determine the authenticity information of the identity of the sender of the mail.
It can be seen that, in this embodiment, before determining the authenticity information of the identity of the sender of the mail, four judgment processes are performed by using the mail address of the sender of the envelope, the mail address of the sender of the content, the mail address of the reply sender of the mail and the display name of the sender of the content, the first judgment process is used to judge whether the mail address of the sender of the content is consistent with the mail address of the reply of the mail, the second judgment process is used to judge whether the mail address of the sender of the content is consistent with the mail address of the reply of the mail, the third judgment process is used to judge whether the mail address of the sender of the content is consistent with the mail address of the reply of the destination, and the fourth judgment process is used to judge whether the calculated similarity is greater than or equal to the preset similarity threshold, because the authenticity information of the identity of the sender of the mail corresponding to each judgment process has different degrees, therefore, in order to ensure that the obtained authenticity information in this embodiment has a high degree of reliability, in this embodiment, the four determination results are selected to be subjected to comprehensive analysis to determine the authenticity information of the identity of the sender of the mail, and when the four determination results are subjected to comprehensive analysis, a corresponding weight coefficient may be assigned to each determination result according to the degree of reliability of the authenticity information corresponding to each determination result, and if the weight coefficient of a certain determination result is larger, it indicates that the determination result has a larger influence in the whole comprehensive analysis process.
It is understood that, besides the true-false information related to the identity of the sender of the mail can be obtained based on the extraction of one kind of characteristic information, two kinds of characteristic information and four kinds of characteristic information related to the sender information from the mail content as disclosed in the foregoing embodiments, it is of course also possible to derive authenticity information relating to the identity of the sender of the mail, based on three characteristic information thereof, for example, authenticity information relating to the identity of the sender of the mail may be inferred based on the envelope sender email address, the content sender email address and the content sender display name, or the authenticity information related to the identity of the mail sender can be inferred based on the mail address of the content sender, the display name of the content sender and the mail address of the mail replying person, or the authenticity information related to the identity of the mail sender can be inferred based on the mail address of the envelope sender, the mail address of the content sender and the mail address of the mail replying person.
Correspondingly, the embodiment of the present invention further discloses an email sender identity detection system, as shown in fig. 10, the system includes:
the information extraction module 11 is used for extracting characteristic information related to the information of the sender from the mail content;
and the information analysis module 12 is used for analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail.
For more specific working processes of the modules, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
Furthermore, the invention also discloses an identity detection device for the mail sender, which comprises a processor and a memory; when the processor executes the computer program stored in the memory, the method for detecting the identity of the sender of the mail disclosed in the foregoing embodiments is implemented.
For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
Furthermore, the present invention also discloses a computer readable storage medium for storing a computer program, wherein the computer program is executed by a processor to implement the method for detecting the identity of a sender of a mail disclosed in the foregoing embodiments.
For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The method, system, device and storage medium for detecting the identity of a sender of a mail provided by the invention are described in detail, a specific example is applied in the text to explain the principle and the implementation of the invention, and the description of the above embodiment is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. A mail sender identity detection method is characterized by comprising the following steps:
extracting characteristic information related to the sender information from the mail content;
and analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail.
2. The method of mail sender identity detection according to claim 1,
the method for extracting the characteristic information related to the sender information from the mail content comprises the following steps:
extracting an envelope sender mail address and a content sender mail address from mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
and determining the authenticity information of the mail sender identity by judging whether the mail address of the envelope sender is consistent with the mail address of the content sender.
3. The method of mail sender identity detection according to claim 1,
the method for extracting the characteristic information related to the sender information from the mail content comprises the following steps:
extracting a content sender mail address and a mail reply person mail address from the mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
and determining the authenticity information of the identity of the sender of the mail by judging whether the mail address of the content sender is consistent with the mail address of the mail responder.
4. The method of mail sender identity detection according to claim 1,
the method for extracting the characteristic information related to the sender information from the mail content comprises the following steps:
extracting a content sender display name and a content sender mail address from mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
extracting a mail address corresponding to the display name of the content sender from the organization address book to obtain a target mail address;
and determining the authenticity information of the mail sender identity by judging whether the mail address of the content sender is consistent with the target mail address.
5. The method of mail sender identity detection according to claim 1,
the method for extracting the characteristic information related to the sender information from the mail content comprises the following steps:
extracting a content sender mail address from the mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
extracting the SMTP domain name of the mail address of the content sender to obtain a target SMTP domain name;
and calculating the similarity between the target SMTP domain name and the SMTP domain name in the preset SMTP domain name library by using a preset character string similarity calculation method, and determining the authenticity information of the identity of the sender of the mail according to the calculated similarity.
6. The method as claimed in claim 5, wherein said calculating the similarity between the target SMTP domain name and the SMTP domain name in the SMTP domain name library by using a preset string similarity algorithm comprises:
and calculating the similarity between the target SMTP domain name and the SMTP domain name in the preset SMTP domain name library by using a shortest editing distance algorithm.
7. The method of mail sender identity detection according to claim 1,
the method for extracting the characteristic information related to the sender information from the mail content comprises the following steps:
extracting an envelope sender mail address, a content sender mail address, a mail reply sender mail address and a content sender display name from mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
judging whether the mail address of the envelope sender is consistent with the mail address of the content sender to obtain a first judgment result;
judging whether the mail address of the content sender is consistent with the mail address of the mail replying person to obtain a second judgment result;
extracting a mail address corresponding to the display name of the content sender from the organization address book to obtain a target mail address, and judging whether the mail address of the content sender is consistent with the target mail address to obtain a third judgment result;
extracting an SMTP domain name of the mail address of the content sender to obtain a target SMTP domain name, calculating the similarity between the target SMTP domain name and the SMTP domain name in a preset SMTP domain name library by using a preset character string similarity calculation method, judging whether the calculated similarity is greater than or equal to a preset similarity threshold value or not, and obtaining a fourth judgment result;
and integrating the first judgment result, the second judgment result, the third judgment result and the fourth judgment result to determine the authenticity information of the identity of the sender of the mail.
8. A mail sender identity detection system, comprising:
the information extraction module is used for extracting characteristic information related to the information of the sender from the mail content;
and the information analysis module is used for analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail.
9. An identity detection device for a mail sender is characterized by comprising a processor and a memory; wherein the processor, when executing the computer program stored in the memory, implements the mail sender identity detection method according to any of claims 1 to 7.
10. A computer-readable storage medium for storing a computer program which, when executed by a processor, implements the method of mail sender identity detection according to any of claims 1 to 7.
CN201810690914.3A 2018-06-28 2018-06-28 Mail sender identity detection method, system, equipment and storage medium Active CN110661750B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810690914.3A CN110661750B (en) 2018-06-28 2018-06-28 Mail sender identity detection method, system, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810690914.3A CN110661750B (en) 2018-06-28 2018-06-28 Mail sender identity detection method, system, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN110661750A true CN110661750A (en) 2020-01-07
CN110661750B CN110661750B (en) 2022-09-30

Family

ID=69027465

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810690914.3A Active CN110661750B (en) 2018-06-28 2018-06-28 Mail sender identity detection method, system, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN110661750B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113381983A (en) * 2021-05-19 2021-09-10 清华大学 Method and device for identifying counterfeit e-mail

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413070A (en) * 2011-11-24 2012-04-11 匡晓明 Junk mail preventing method for setting rules by addressor
CN103716335A (en) * 2014-01-12 2014-04-09 绵阳师范学院 Detecting and filtering method of spam mail based on counterfeit sender
CN103812826A (en) * 2012-11-08 2014-05-21 中国电信股份有限公司 Identification method, identification system, and filter system of spam mail
CN105323153A (en) * 2015-11-18 2016-02-10 Tcl集团股份有限公司 Spam mail filtering method and device
CN106992926A (en) * 2017-06-13 2017-07-28 深信服科技股份有限公司 A kind of method and system for forging mail-detection
US9740858B1 (en) * 2015-07-14 2017-08-22 Trend Micro Incorporated System and method for identifying forged emails
CN107154926A (en) * 2017-03-22 2017-09-12 国家计算机网络与信息安全管理中心 A kind of recognition methods and system for forging the fishing mail of sender
CN107819664A (en) * 2016-09-12 2018-03-20 阿里巴巴集团控股有限公司 A kind of recognition methods of spam, device and electronic equipment

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413070A (en) * 2011-11-24 2012-04-11 匡晓明 Junk mail preventing method for setting rules by addressor
CN103812826A (en) * 2012-11-08 2014-05-21 中国电信股份有限公司 Identification method, identification system, and filter system of spam mail
CN103716335A (en) * 2014-01-12 2014-04-09 绵阳师范学院 Detecting and filtering method of spam mail based on counterfeit sender
US9740858B1 (en) * 2015-07-14 2017-08-22 Trend Micro Incorporated System and method for identifying forged emails
CN105323153A (en) * 2015-11-18 2016-02-10 Tcl集团股份有限公司 Spam mail filtering method and device
CN107819664A (en) * 2016-09-12 2018-03-20 阿里巴巴集团控股有限公司 A kind of recognition methods of spam, device and electronic equipment
CN107154926A (en) * 2017-03-22 2017-09-12 国家计算机网络与信息安全管理中心 A kind of recognition methods and system for forging the fishing mail of sender
CN106992926A (en) * 2017-06-13 2017-07-28 深信服科技股份有限公司 A kind of method and system for forging mail-detection

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
李璇: "基于行为识别的垃圾邮件过来技术的研究与应用", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
陈彬: "垃圾邮件的特征选择及检测方法研究", 《中国博士学位论文全文数据库 信息科技辑》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113381983A (en) * 2021-05-19 2021-09-10 清华大学 Method and device for identifying counterfeit e-mail
CN113381983B (en) * 2021-05-19 2023-09-22 清华大学 Method and device for identifying fake e-mail

Also Published As

Publication number Publication date
CN110661750B (en) 2022-09-30

Similar Documents

Publication Publication Date Title
CN101674264B (en) Spam detection device and method based on user relationship mining and credit evaluation
US8661545B2 (en) Classifying a message based on fraud indicators
CN106549902B (en) Method and device for identifying suspicious users
CN110519150B (en) Mail detection method, device, equipment, system and computer readable storage medium
CN111143175A (en) Risk behavior detection method, device, equipment and computer storage medium
CN109328448A (en) Spam Classification system based on network flow data
CN108418777A (en) A kind of fishing mail detection method, apparatus and system
CN111865925A (en) Network traffic based fraud group identification method, controller and medium
CN109039874B (en) Mail auditing method and device based on behavior analysis
Irani et al. Evolutionary study of phishing
Jameel et al. Detection of phishing emails using feed forward neural network
CN103490979B (en) electronic mail identification method and system
CN114036264B (en) Email authorship attribution identification method based on small sample learning
CN110661750B (en) Mail sender identity detection method, system, equipment and storage medium
CN109474611A (en) It is a kind of that detection technique is protected based on multifactor E mail safety
CN106973051A (en) Set up method, device, storage medium and the processor of detection Cyberthreat model
CN110061981A (en) A kind of attack detection method and device
CN111861733B (en) Fraud prevention and control system and method based on address fuzzy matching
CN107453973B (en) Method and device for discriminating identity characteristics of e-mail sender
Mohammed et al. Phishing Detection Using Machine Learning Algorithms
CN113852625B (en) Weak password monitoring method, device, equipment and storage medium
CN108965350A (en) A kind of mail auditing method, device and computer readable storage medium
Banu et al. Detecting phishing attacks using natural language processing and machine learning
CN112073362B (en) APT (advanced persistent threat) organization flow identification method based on flow characteristics
CN115603924A (en) Detection method and device for phishing mails, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant