CN110661750A - Mail sender identity detection method, system, equipment and storage medium - Google Patents
Mail sender identity detection method, system, equipment and storage medium Download PDFInfo
- Publication number
- CN110661750A CN110661750A CN201810690914.3A CN201810690914A CN110661750A CN 110661750 A CN110661750 A CN 110661750A CN 201810690914 A CN201810690914 A CN 201810690914A CN 110661750 A CN110661750 A CN 110661750A
- Authority
- CN
- China
- Prior art keywords
- sender
- content
- identity
- mail address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/21—Monitoring or handling of messages
- H04L51/212—Monitoring or handling of messages using filtering or selective blocking
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/42—Mailbox-related aspects, e.g. synchronisation of mailboxes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/48—Message addressing, e.g. address format or anonymous messages, aliases
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application discloses a method, a system, equipment and a storage medium for detecting the identity of a mail sender, wherein the method comprises the following steps: extracting characteristic information related to the sender information from the mail content; and analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail. When the identity of the mail sender is detected, the characteristic information related to the information of the sender is extracted from the mail content, and then the characteristic information is analyzed, so that the authenticity information of the identity of the mail sender can be determined. That is, the method and the device can detect the mail sender in a simple and efficient mode.
Description
Technical Field
The invention relates to the technical field of mail detection, in particular to a method, a system, equipment and a storage medium for detecting the identity of a mail sender.
Background
In daily business activities, a great deal of mail messaging activities exist, and mails are important media for people to communicate. Due to the lack of the safety of the mail protocol, a great deal of phishing fraud mails are spread, wherein the mails of forged senders are difficult to identify quickly due to high counterfeiting degree, and the method is one of the main problems faced by the current phishing fraud mails.
The biggest characteristic of faking a sender's mail is that human eyes cannot easily identify whether the sender is real or not by observing the sender's information. The current mainstream detection scheme is an authentication method based on policies such as SPF (Sender Policy Framework), but such authentication Policy methods are not popular enough in China at present, are mainly provided by some large-scale mail service providers, and require a mail receiver to verify information such as SPF.
Considering the current scenario that an enterprise deploys a mail server, many security authentication policies may not be completely opened, or the configuration is not correct enough, so that an attack of a fake sender is easy to succeed. Therefore, the existing detection method for the counterfeit sender needs complicated strategies and configuration processes, and is not beneficial to popularization of the detection technology for the counterfeit sender, so that how to detect the mail sender in a simple and efficient manner is a problem to be solved at present.
Disclosure of Invention
In view of the above, the present invention provides a method, a system, a device and a storage medium for detecting an identity of a sender of a mail, which can detect the sender of the mail in a simple and efficient manner. The specific scheme is as follows:
in a first aspect, the invention discloses a method for detecting the identity of a mail sender, which comprises the following steps:
extracting characteristic information related to the sender information from the mail content;
and analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail.
Optionally, the extracting feature information related to the sender information from the mail content includes:
extracting an envelope sender mail address and a content sender mail address from mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
and determining the authenticity information of the mail sender identity by judging whether the mail address of the envelope sender is consistent with the mail address of the content sender.
Optionally, the extracting feature information related to the sender information from the mail content includes:
extracting a content sender mail address and a mail reply person mail address from the mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
and determining the authenticity information of the identity of the sender of the mail by judging whether the mail address of the content sender is consistent with the mail address of the mail responder.
Optionally, the extracting feature information related to the sender information from the mail content includes:
extracting a content sender display name and a content sender mail address from mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
extracting a mail address corresponding to the display name of the content sender from the organization address book to obtain a target mail address;
and determining the authenticity information of the mail sender identity by judging whether the mail address of the content sender is consistent with the target mail address.
Optionally, the extracting feature information related to the sender information from the mail content includes:
extracting a content sender mail address from the mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
extracting the SMTP domain name of the mail address of the content sender to obtain a target SMTP domain name;
and calculating the similarity between the target SMTP domain name and the SMTP domain name in the preset SMTP domain name library by using a preset character string similarity calculation method, and determining the authenticity information of the identity of the sender of the mail according to the calculated similarity.
Optionally, the calculating, by using a preset string similarity algorithm, a similarity between the target SMTP domain name and an SMTP domain name in a preset SMTP domain name library includes:
and calculating the similarity between the target SMTP domain name and the SMTP domain name in the preset SMTP domain name library by using a shortest editing distance algorithm.
Optionally, the extracting feature information related to the sender information from the mail content includes:
extracting an envelope sender mail address, a content sender mail address, a mail reply sender mail address and a content sender display name from mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
judging whether the mail address of the envelope sender is consistent with the mail address of the content sender to obtain a first judgment result;
judging whether the mail address of the content sender is consistent with the mail address of the mail replying person to obtain a second judgment result;
extracting a mail address corresponding to the display name of the content sender from the organization address book to obtain a target mail address, and judging whether the mail address of the content sender is consistent with the target mail address to obtain a third judgment result;
extracting an SMTP domain name of the mail address of the content sender to obtain a target SMTP domain name, calculating the similarity between the target SMTP domain name and the SMTP domain name in a preset SMTP domain name library by using a preset character string similarity calculation method, judging whether the calculated similarity is greater than or equal to a preset similarity threshold value or not, and obtaining a fourth judgment result;
and integrating the first judgment result, the second judgment result, the third judgment result and the fourth judgment result to determine the authenticity information of the identity of the sender of the mail.
In a second aspect, the present invention discloses a mail sender identity detection system, which comprises:
the information extraction module is used for extracting characteristic information related to the information of the sender from the mail content;
and the information analysis module is used for analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail.
In a third aspect, the invention discloses an identity detection device for a mail sender, which comprises a processor and a memory; when the processor executes the computer program stored in the memory, the disclosed mail sender identity detection method is realized.
In a fourth aspect, the present invention discloses a computer readable storage medium for storing a computer program, which when executed by a processor implements the method for detecting the identity of a sender of a mail disclosed above.
Therefore, when the identity of the mail sender is detected, the characteristic information related to the information of the sender is extracted from the mail content, and then the characteristic information is analyzed, so that the authenticity information of the identity of the mail sender can be determined. That is, the present invention can detect the mail sender in a concise and efficient manner.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of a method for detecting the identity of a sender of a mail, which is disclosed by the present invention;
FIG. 2 is a diagram illustrating the source code content of a specific mail;
FIG. 3 is a flow chart of a specific mail sender identity detection method disclosed in the present invention;
FIG. 4 is a flowchart of a specific method for detecting the identity of a sender of a mail, according to the present invention;
FIG. 5 is a flowchart of a specific method for detecting the identity of a sender of a mail, according to the present invention;
FIG. 6 is a block diagram illustrating a specific process for detecting the identity of a sender of a mail, in accordance with the present invention;
FIG. 7 is a flowchart of a specific method for detecting the identity of a sender of a mail, according to the present invention;
FIG. 8 is a block diagram illustrating a specific process for detecting the identity of a sender of an email in accordance with the present invention;
FIG. 9 is a flowchart of a specific method for detecting the identity of a sender of a mail, according to the present invention;
fig. 10 is a schematic structural diagram of a mail sender identity detection system disclosed in the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention discloses a mail sender identity detection method, which is shown in figure 1 and comprises the following steps:
step S11: characteristic information related to the sender information is extracted from the mail content.
In this embodiment, the feature information related to the sender information may be specifically extracted from the source code content corresponding to the mail, that is, the mail content in step S11 in this embodiment specifically refers to the mail source code content. In the mail source code content, the characteristic information related to the sender information may specifically include, but is not limited to, an envelope sender mail address, a content sender mail address, a mail reply mail address, and a content sender display name. As shown in fig. 2, a specific mail source code content diagram is shown in fig. 2, and source code positions corresponding to an envelope sender mail address, a content sender mail address, a mail reply mail address and a content sender display name are identified in the diagram.
Of course, in the case that the user has opened the mail, the present embodiment may also use the window content capture tool to capture the feature information related to the sender information from the mail content display window.
Step S12: and analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail.
Based on the characteristic information related to the sender information extracted in the above step S11, the authenticity information of the sender identity of the mail can be analyzed. It can be understood that, in order to ensure that the authenticity information obtained in the step S12 has a high degree of reliability, this embodiment may perform analysis by using a plurality of kinds of characteristic information, for example, may perform comprehensive analysis on four kinds of characteristic information, such as the mail address of the envelope sender, the mail address of the content sender, the mail address of the mail replying person, and the display name of the content sender, which are disclosed above, so as to be beneficial to ensuring that the finally obtained authenticity information has high reliability. Of course, under the condition that the reliability requirement on the authenticity analysis result is not very high and only the existence of the possibility of counterfeiting of the identity of the sender of the current mail needs to be simply known, the embodiment can also analyze three, two or even one of the four kinds of characteristic information, so that the detection speed can be effectively improved.
Therefore, when the identity of the mail sender is detected, the embodiment of the invention extracts the characteristic information related to the information of the sender from the mail content, and then analyzes the characteristic information, so that the authenticity information of the identity of the mail sender can be determined. That is, the embodiment of the present invention can detect the mail sender in a simple and efficient manner.
Referring to fig. 3, an embodiment of the present invention discloses a specific method for detecting an identity of a sender of a mail, including:
step S21: and extracting the mail address of the envelope sender and the mail address of the content sender from the mail content.
Specifically, the present embodiment may extract the mail address of the envelope sender and the mail address of the content sender from the mail source code content.
Step S22: and determining the authenticity information of the mail sender identity by judging whether the mail address of the envelope sender is consistent with the mail address of the content sender.
In this embodiment, the authenticity information of the identity of the mail sender is determined by comparing the mail address of the envelope sender with the mail address of the content sender. Specifically, in this embodiment, the mail address of the envelope sender and the mail address of the content sender may be first converted into corresponding lower case characters, so as to obtain two corresponding character strings, and then, whether the two character strings are the same is determined through comparison and analysis, if not, it means that the current mail account has a possibility of being forged, that is, the identity of the current mail sender has a possibility of being forged, and if so, it means that the identity of the current mail sender is real and reliable.
Referring to fig. 4, an embodiment of the present invention discloses a specific method for detecting an identity of a sender of a mail, including:
step S31: and extracting the mail address of the content sender and the mail address of the mail replying person from the mail content.
Specifically, the embodiment may extract the content sender email address and the email reply email address from the email source code content.
Step S32: and determining the authenticity information of the identity of the sender of the mail by judging whether the mail address of the content sender is consistent with the mail address of the mail responder.
In this embodiment, the authenticity information of the identity of the sender of the mail is determined by comparing the mail address of the content sender with the mail address of the mail replying person. Specifically, in this embodiment, the content sender email address and the email reply sender email address may be first converted into corresponding lower case characters, so as to obtain two corresponding character strings, and then, whether the two character strings are the same is determined through comparison and analysis, if not, it is indicated that the recipient of the reply email is different from the content sender of the initial email, which means that there is a possibility of counterfeiting the current email account, that is, there is a possibility of counterfeiting the identity of the current email sender.
Referring to fig. 5, an embodiment of the present invention discloses a specific method for detecting an identity of a sender of a mail, including:
step S41: and extracting the display name of the content sender and the mail address of the content sender from the mail content.
Specifically, the present embodiment may extract the display name of the content sender and the mail address of the content sender from the mail source code content.
Step S42: and extracting the mail address corresponding to the display name of the content sender from the organization address book to obtain a target mail address.
It is understood that the above organization address book refers to a legal mail address book inside an organization such as a school, a business, etc., and names of different senders and corresponding legal mail addresses are recorded in the organization address book.
Step S43: and determining the authenticity information of the mail sender identity by judging whether the mail address of the content sender is consistent with the target mail address.
In this embodiment, the authenticity information of the identity of the mail sender is determined by comparing the mail address of the content sender with the mail address extracted from the organization address book according to the display name of the content sender. Specifically, in this embodiment, after the mail address corresponding to the display name of the content sender is extracted from the organization address book, the mail address and the mail address of the content sender are respectively converted into corresponding lower case characters to obtain two corresponding character strings, and then whether the two character strings are the same or not is determined through comparison and analysis, and if not, it means that the identity of the current mail sender has a possibility of being forged. As shown in fig. 6, the display name of the content sender and the organization address book are used to obtain the target mail address, and then the target mail address is compared with the mail address of the content sender to output the corresponding comparison result, and the authenticity information of the identity of the mail sender can be determined according to the comparison result.
Referring to fig. 7, the embodiment of the present invention discloses a specific method for detecting the identity of a sender of a mail, including:
step S51: the content sender mail address is extracted from the mail content.
Specifically, the embodiment may extract the content sender email address from the email source code content.
Step S42: and extracting an SMTP domain name (SMTP, Simple Mail Transfer Protocol) of the Mail address of the content sender to obtain a target SMTP domain name.
Step S53: and calculating the similarity between the target SMTP domain name and the SMTP domain name in the preset SMTP domain name library by using a preset character string similarity calculation method, and determining the authenticity information of the identity of the sender of the mail according to the calculated similarity.
In this embodiment, after the content sender email address is extracted, the corresponding SMTP domain name may be further extracted from the content sender email address, and then the similarity between the SMTP domain name and the SMTP domain name in the preset SMTP domain name library is calculated, so as to determine the authenticity information of the email sender identity through comparison of the similarity, and if the comparison result of the similarity shows that the two SMTP domain names are different, it means that there is a possibility that the identity of the current email sender is forged. It is understood that the preset domain name library refers to a database for recording legal SMTP domain names commonly used for daily mail services, and the database may include one or more legal SMTP domain names.
As shown in fig. 8, assuming that the mail address of the content sender is specifically test @ mail 1.com, and the SMTP domain name in the preset SMTP domain name library is "mail.com", the SMTP domain name "mail 1. com" is extracted from the mail address, and then the extracted SMTP domain name "mail 1. com" is compared with the SMTP domain name "mail.com" in the preset SMTP domain name library for similarity, so as to determine the authenticity information of the mail sender identity. For example, when the calculated similarity value is smaller than a preset similarity threshold, it may be determined that the identity of the sender of the current email is possible to be forged, the preset similarity threshold may be specifically set according to an actual situation, and in order to improve reliability of an authenticity analysis result, the preset similarity threshold may be set to 100% in this embodiment.
In addition, in this embodiment, the calculating, by using a preset string similarity algorithm, a similarity between the target SMTP domain name and an SMTP domain name in a preset SMTP domain name library may specifically include: and calculating the similarity between the target SMTP domain name and the SMTP domain name in the preset SMTP domain name library by using a shortest editing distance algorithm. Of course, in addition to calculating the similarity by using the shortest edit distance algorithm, the similarity may also be calculated by using other character string similarity calculation methods in the present embodiment, which are not listed here.
Referring to fig. 9, an embodiment of the present invention discloses a specific method for detecting an identity of a sender of a mail, including:
step S61: and extracting the mail address of the envelope sender, the mail address of the content sender, the mail address of the mail reply sender and the display name of the content sender from the mail content.
Specifically, the present embodiment may extract the mail address of the envelope sender, the mail address of the content sender, the mail address of the mail replying person, and the display name of the content sender from the mail source code content.
Step S62: and judging whether the mail address of the envelope sender is consistent with the mail address of the content sender to obtain a first judgment result.
Step S63: and judging whether the mail address of the content sender is consistent with the mail address of the mail replying person, and obtaining a second judgment result. Step S64: and extracting a mail address corresponding to the display name of the content sender from the organization address book to obtain a target mail address, and judging whether the mail address of the content sender is consistent with the target mail address to obtain a third judgment result.
Step S65: extracting the SMTP domain name of the mail address of the content sender to obtain a target SMTP domain name, calculating the similarity between the target SMTP domain name and the SMTP domain name in a preset SMTP domain name library by using a preset character string similarity calculation method, judging whether the calculated similarity is greater than or equal to a preset similarity threshold value, and obtaining a fourth judgment result.
Step S66: and integrating the first judgment result, the second judgment result, the third judgment result and the fourth judgment result to determine the authenticity information of the identity of the sender of the mail.
It can be seen that, in this embodiment, before determining the authenticity information of the identity of the sender of the mail, four judgment processes are performed by using the mail address of the sender of the envelope, the mail address of the sender of the content, the mail address of the reply sender of the mail and the display name of the sender of the content, the first judgment process is used to judge whether the mail address of the sender of the content is consistent with the mail address of the reply of the mail, the second judgment process is used to judge whether the mail address of the sender of the content is consistent with the mail address of the reply of the mail, the third judgment process is used to judge whether the mail address of the sender of the content is consistent with the mail address of the reply of the destination, and the fourth judgment process is used to judge whether the calculated similarity is greater than or equal to the preset similarity threshold, because the authenticity information of the identity of the sender of the mail corresponding to each judgment process has different degrees, therefore, in order to ensure that the obtained authenticity information in this embodiment has a high degree of reliability, in this embodiment, the four determination results are selected to be subjected to comprehensive analysis to determine the authenticity information of the identity of the sender of the mail, and when the four determination results are subjected to comprehensive analysis, a corresponding weight coefficient may be assigned to each determination result according to the degree of reliability of the authenticity information corresponding to each determination result, and if the weight coefficient of a certain determination result is larger, it indicates that the determination result has a larger influence in the whole comprehensive analysis process.
It is understood that, besides the true-false information related to the identity of the sender of the mail can be obtained based on the extraction of one kind of characteristic information, two kinds of characteristic information and four kinds of characteristic information related to the sender information from the mail content as disclosed in the foregoing embodiments, it is of course also possible to derive authenticity information relating to the identity of the sender of the mail, based on three characteristic information thereof, for example, authenticity information relating to the identity of the sender of the mail may be inferred based on the envelope sender email address, the content sender email address and the content sender display name, or the authenticity information related to the identity of the mail sender can be inferred based on the mail address of the content sender, the display name of the content sender and the mail address of the mail replying person, or the authenticity information related to the identity of the mail sender can be inferred based on the mail address of the envelope sender, the mail address of the content sender and the mail address of the mail replying person.
Correspondingly, the embodiment of the present invention further discloses an email sender identity detection system, as shown in fig. 10, the system includes:
the information extraction module 11 is used for extracting characteristic information related to the information of the sender from the mail content;
and the information analysis module 12 is used for analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail.
For more specific working processes of the modules, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
Furthermore, the invention also discloses an identity detection device for the mail sender, which comprises a processor and a memory; when the processor executes the computer program stored in the memory, the method for detecting the identity of the sender of the mail disclosed in the foregoing embodiments is implemented.
For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
Furthermore, the present invention also discloses a computer readable storage medium for storing a computer program, wherein the computer program is executed by a processor to implement the method for detecting the identity of a sender of a mail disclosed in the foregoing embodiments.
For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The method, system, device and storage medium for detecting the identity of a sender of a mail provided by the invention are described in detail, a specific example is applied in the text to explain the principle and the implementation of the invention, and the description of the above embodiment is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (10)
1. A mail sender identity detection method is characterized by comprising the following steps:
extracting characteristic information related to the sender information from the mail content;
and analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail.
2. The method of mail sender identity detection according to claim 1,
the method for extracting the characteristic information related to the sender information from the mail content comprises the following steps:
extracting an envelope sender mail address and a content sender mail address from mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
and determining the authenticity information of the mail sender identity by judging whether the mail address of the envelope sender is consistent with the mail address of the content sender.
3. The method of mail sender identity detection according to claim 1,
the method for extracting the characteristic information related to the sender information from the mail content comprises the following steps:
extracting a content sender mail address and a mail reply person mail address from the mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
and determining the authenticity information of the identity of the sender of the mail by judging whether the mail address of the content sender is consistent with the mail address of the mail responder.
4. The method of mail sender identity detection according to claim 1,
the method for extracting the characteristic information related to the sender information from the mail content comprises the following steps:
extracting a content sender display name and a content sender mail address from mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
extracting a mail address corresponding to the display name of the content sender from the organization address book to obtain a target mail address;
and determining the authenticity information of the mail sender identity by judging whether the mail address of the content sender is consistent with the target mail address.
5. The method of mail sender identity detection according to claim 1,
the method for extracting the characteristic information related to the sender information from the mail content comprises the following steps:
extracting a content sender mail address from the mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
extracting the SMTP domain name of the mail address of the content sender to obtain a target SMTP domain name;
and calculating the similarity between the target SMTP domain name and the SMTP domain name in the preset SMTP domain name library by using a preset character string similarity calculation method, and determining the authenticity information of the identity of the sender of the mail according to the calculated similarity.
6. The method as claimed in claim 5, wherein said calculating the similarity between the target SMTP domain name and the SMTP domain name in the SMTP domain name library by using a preset string similarity algorithm comprises:
and calculating the similarity between the target SMTP domain name and the SMTP domain name in the preset SMTP domain name library by using a shortest editing distance algorithm.
7. The method of mail sender identity detection according to claim 1,
the method for extracting the characteristic information related to the sender information from the mail content comprises the following steps:
extracting an envelope sender mail address, a content sender mail address, a mail reply sender mail address and a content sender display name from mail content;
correspondingly, the analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail comprises:
judging whether the mail address of the envelope sender is consistent with the mail address of the content sender to obtain a first judgment result;
judging whether the mail address of the content sender is consistent with the mail address of the mail replying person to obtain a second judgment result;
extracting a mail address corresponding to the display name of the content sender from the organization address book to obtain a target mail address, and judging whether the mail address of the content sender is consistent with the target mail address to obtain a third judgment result;
extracting an SMTP domain name of the mail address of the content sender to obtain a target SMTP domain name, calculating the similarity between the target SMTP domain name and the SMTP domain name in a preset SMTP domain name library by using a preset character string similarity calculation method, judging whether the calculated similarity is greater than or equal to a preset similarity threshold value or not, and obtaining a fourth judgment result;
and integrating the first judgment result, the second judgment result, the third judgment result and the fourth judgment result to determine the authenticity information of the identity of the sender of the mail.
8. A mail sender identity detection system, comprising:
the information extraction module is used for extracting characteristic information related to the information of the sender from the mail content;
and the information analysis module is used for analyzing the characteristic information to obtain the authenticity information of the identity of the sender of the mail.
9. An identity detection device for a mail sender is characterized by comprising a processor and a memory; wherein the processor, when executing the computer program stored in the memory, implements the mail sender identity detection method according to any of claims 1 to 7.
10. A computer-readable storage medium for storing a computer program which, when executed by a processor, implements the method of mail sender identity detection according to any of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810690914.3A CN110661750B (en) | 2018-06-28 | 2018-06-28 | Mail sender identity detection method, system, equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810690914.3A CN110661750B (en) | 2018-06-28 | 2018-06-28 | Mail sender identity detection method, system, equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110661750A true CN110661750A (en) | 2020-01-07 |
CN110661750B CN110661750B (en) | 2022-09-30 |
Family
ID=69027465
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810690914.3A Active CN110661750B (en) | 2018-06-28 | 2018-06-28 | Mail sender identity detection method, system, equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110661750B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113381983A (en) * | 2021-05-19 | 2021-09-10 | 清华大学 | Method and device for identifying counterfeit e-mail |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102413070A (en) * | 2011-11-24 | 2012-04-11 | 匡晓明 | Junk mail preventing method for setting rules by addressor |
CN103716335A (en) * | 2014-01-12 | 2014-04-09 | 绵阳师范学院 | Detecting and filtering method of spam mail based on counterfeit sender |
CN103812826A (en) * | 2012-11-08 | 2014-05-21 | 中国电信股份有限公司 | Identification method, identification system, and filter system of spam mail |
CN105323153A (en) * | 2015-11-18 | 2016-02-10 | Tcl集团股份有限公司 | Spam mail filtering method and device |
CN106992926A (en) * | 2017-06-13 | 2017-07-28 | 深信服科技股份有限公司 | A kind of method and system for forging mail-detection |
US9740858B1 (en) * | 2015-07-14 | 2017-08-22 | Trend Micro Incorporated | System and method for identifying forged emails |
CN107154926A (en) * | 2017-03-22 | 2017-09-12 | 国家计算机网络与信息安全管理中心 | A kind of recognition methods and system for forging the fishing mail of sender |
CN107819664A (en) * | 2016-09-12 | 2018-03-20 | 阿里巴巴集团控股有限公司 | A kind of recognition methods of spam, device and electronic equipment |
-
2018
- 2018-06-28 CN CN201810690914.3A patent/CN110661750B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102413070A (en) * | 2011-11-24 | 2012-04-11 | 匡晓明 | Junk mail preventing method for setting rules by addressor |
CN103812826A (en) * | 2012-11-08 | 2014-05-21 | 中国电信股份有限公司 | Identification method, identification system, and filter system of spam mail |
CN103716335A (en) * | 2014-01-12 | 2014-04-09 | 绵阳师范学院 | Detecting and filtering method of spam mail based on counterfeit sender |
US9740858B1 (en) * | 2015-07-14 | 2017-08-22 | Trend Micro Incorporated | System and method for identifying forged emails |
CN105323153A (en) * | 2015-11-18 | 2016-02-10 | Tcl集团股份有限公司 | Spam mail filtering method and device |
CN107819664A (en) * | 2016-09-12 | 2018-03-20 | 阿里巴巴集团控股有限公司 | A kind of recognition methods of spam, device and electronic equipment |
CN107154926A (en) * | 2017-03-22 | 2017-09-12 | 国家计算机网络与信息安全管理中心 | A kind of recognition methods and system for forging the fishing mail of sender |
CN106992926A (en) * | 2017-06-13 | 2017-07-28 | 深信服科技股份有限公司 | A kind of method and system for forging mail-detection |
Non-Patent Citations (2)
Title |
---|
李璇: "基于行为识别的垃圾邮件过来技术的研究与应用", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
陈彬: "垃圾邮件的特征选择及检测方法研究", 《中国博士学位论文全文数据库 信息科技辑》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113381983A (en) * | 2021-05-19 | 2021-09-10 | 清华大学 | Method and device for identifying counterfeit e-mail |
CN113381983B (en) * | 2021-05-19 | 2023-09-22 | 清华大学 | Method and device for identifying fake e-mail |
Also Published As
Publication number | Publication date |
---|---|
CN110661750B (en) | 2022-09-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108418777A (en) | A kind of fishing mail detection method, apparatus and system | |
CN101674264B (en) | Spam detection device and method based on user relationship mining and credit evaluation | |
US8661545B2 (en) | Classifying a message based on fraud indicators | |
CN106549902B (en) | Method and device for identifying suspicious users | |
CN111143175A (en) | Risk behavior detection method, device, equipment and computer storage medium | |
CN110519150B (en) | Mail detection method, device, equipment, system and computer readable storage medium | |
CN109328448A (en) | Spam Classification system based on network flow data | |
CN106453061A (en) | Method and system for recognizing internet fraud behavior | |
CN111865925A (en) | Network traffic based fraud group identification method, controller and medium | |
CN109039874B (en) | Mail auditing method and device based on behavior analysis | |
Irani et al. | Evolutionary study of phishing | |
CN109039875B (en) | Phishing mail detection method and system based on link characteristic analysis | |
Jameel et al. | Detection of phishing emails using feed forward neural network | |
CN103490979B (en) | electronic mail identification method and system | |
CN113630397A (en) | E-mail security control method, client and system | |
CN114036264B (en) | Email authorship attribution identification method based on small sample learning | |
CN110661750B (en) | Mail sender identity detection method, system, equipment and storage medium | |
CN109474611A (en) | It is a kind of that detection technique is protected based on multifactor E mail safety | |
CN111861733B (en) | Fraud prevention and control system and method based on address fuzzy matching | |
CN115603926A (en) | Phishing mail identification method, system, device and storage medium | |
CN107453973B (en) | Method and device for discriminating identity characteristics of e-mail sender | |
CN108965350B (en) | Mail auditing method, device and computer readable storage medium | |
Mohammed et al. | Phishing Detection Using Machine Learning Algorithms | |
Banu et al. | Detecting phishing attacks using natural language processing and machine learning | |
CN113852625B (en) | Weak password monitoring method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |