CN1780266A - Method for analyzing and controlling e-mails - Google Patents
Method for analyzing and controlling e-mails Download PDFInfo
- Publication number
- CN1780266A CN1780266A CNA200410096045XA CN200410096045A CN1780266A CN 1780266 A CN1780266 A CN 1780266A CN A200410096045X A CNA200410096045X A CN A200410096045XA CN 200410096045 A CN200410096045 A CN 200410096045A CN 1780266 A CN1780266 A CN 1780266A
- Authority
- CN
- China
- Prior art keywords
- policy
- behavior
- parsing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The envelope information and title information of email is used to preset a group of email policy. When agent receives the email, the email policy is compared with the content of email to examine if the content of email conforms to email policy. If the email is decided as a garbage mail by email policy, the mail will be rejected. If the mail is decided as a free checking mail by email policy, it will be transmitted.
Description
Technical field
The present invention relates to a kind of method of handling Email, refer to a kind of method of resolving mail behavior control Email especially.
Background technology
The corporate mail information security issue is from virus, hacker, spam wildness till now, the overwhelming majority mail by filtration check, virus scan is value added with the anti-blocking software company of spam, all be to build in the computing and analytical technology basis of huge database, by the Mail Contents that compiles a large amount of rubbish, numerical value weighted calculation and intelligence inspiration method reach the anti-blocking function of spam in addition.Yet the shortcoming of located by prior art be its classification assert too subjective, for example pornographic, make a good deal of money, medicine, commerce etc., indecisive, may judge by accident, and Mail Contents scanning is filtered and caused system resource to expend with communication efficiency to reduce.
Be to resist spam, various countries make laws in succession, and through international common recognition, mail is roughly divided into spam and advertisement matter, thus talk about spam anti-blocking before, we must distinguish spam and advertisement matter earlier.With the U.S. is example, Can-Spam legislation spam down refer to anonymous, forge, distribute indiscriminately or illegal conduct transmission Emails such as (transition information or hide Info etc.), it adopts the possible cause of these gimmicks as follows: can't trace the source 1.; 2. change contact method; 3. allow receiver think colleague or friend by mistake; 4. allow receiver based on curious and see letter etc., because of unknown origin or can't successfully refuse, so need have special technique to come identification and reject.And advertisement matter refers to post the part person obtains the receiver address through specific channel, transmits Email with normal publicity pattern, and receiver can be reviewed the source place and have the right to cancel subscriptions through official channel.
Known Spam filtering obstruct technology is broadly divided into information filtering, numerical computations and three kinds of technology of inspiration technology.The way of information filtering provides in the person that posts the part, receiver, mail purport, Mail Contents, extension name, file name and the archives literary composition etc. and filters and intercept, and sees through the blacklist collection mode, comes anti-blocking spam; But have that list collect to be difficult for, list set up time-consuming, stop shortcomings such as rate is not high, blacklist erroneous judgement.The way of numerical computations is to be based upon in the computing and analytical technology basis of huge database, and by the Mail Contents that compiles a large amount of rubbish, the numerical value weight computation method reaches the effect of anti-blocking spam in addition; Yet its have classification assert too subjective (for example pornographic, make a good deal of money, medicine, commerce etc.), indecisive, may judge by accident, Mail Contents scanning filters and causes system resource to expend and shortcoming such as communication efficiency reduction.The inspiration technology is then similar with aforementioned numerical computation method, it also builds on the computing Mail Contents that compile a large amount of rubbish next with analysis of huge database, except with Mail Contents in addition the numerical value weighted calculation, also added simultaneously intelligence inspiration method, therefore except shortcoming with numerical computation method, when database was big more, then False Rate was high more.
Summary of the invention
Main purpose of the present invention is to provide a kind of method of resolving mail behavior control Email, and it can reach the purpose of control mail turnover.
Another object of the present invention is to provide a kind of method of resolving mail behavior control Email, it can effectively reach the anti-blocking effect of spam.
A further object of the present invention is to provide a kind of method of resolving mail behavior control Email, and it not only accurately controls mail, and saves network bandwidth, system resource and hard drive space.
Another purpose of the present invention is to provide a kind of method of resolving mail behavior control Email, and it can save operation costs.
To achieve these goals, technical solution of the present invention is: a kind of method of resolving mail behavior control Email comprises the following steps: to set a different set of mail policy according to the envelope information and the heading message of mail; When proxy server (Agent) when receiving Email, the mail policy compares the mail transmission data of this Email one by one, verifies whether the behavior of this Email meets the mail policy, and takes to stop or transmit action according to the checking result.
Above-mentioned mail policy is to be used for judging whether Email is spam, when proxy server is received Email, the method of verifying this Email comprises the following steps: that the mail policy compares the mail transmission data of this Email one by one, whether the behavior of verifying this Email meets this group mail policy, meet and be spam, and then stop this Email; Do not meet and then transmit this Email.
This group mail policy is gate inhibition's policy of the inspection-free mail behavior of definition, proxy server is when receiving Email, the method of verifying this Email comprises the following steps: that the mail policy compares the mail transmission data of this Email one by one, whether the behavior of verifying this Email meets this group mail policy, meet that to represent this Email be inspection-free mail, and then transmit this Email; Otherwise stop this Email.
The person of sending of inspection-free mail comprises the domain name of parent company, subsidiary, Very Important Person, contact manufacturer, subscribing e-paper and fixing IP person.
In the mail policy step that sets, comprise the checking criterion of setting each mail policy, the checking criterion is selected to meet, do not meet and skip over and does not contrast one of them.
This mail transmission data includes envelope information and the heading message under this Email.
The method whether the checking Email meets the spam behavior of mail policy specifically comprises the following steps:
(a) when proxy server is received Email, the first mail policy is carried out true and false checking to the mail transmission data of this Email, judges whether it meets the first mail policy, then carries out step (b) if meet, and then carries out step (c) if not;
(b) allow this Email to send out; And
(c) continue the conduct of reviewing this Email with the second mail policy, judge whether it meets this second mail policy, if then carry out step (b), then continue the conduct of reviewing this Email if not by next mail policy, to the last the mail policy uses until exhausted, and when this Email did not still meet last mail policy, then proxy server stopped this Email.
Each mail policy comprises one group of rule, when utilizing one of them mail policy that the mail transmission data of this Email is verified, comprises the following steps:
(a) by first rule mail transmission data of this Email is carried out true and false checking, judge whether it meets first rule,, then carry out step (c) if not if then carry out step (b);
(b) continue the mail transmission data of this Email is carried out true and false checking by second rule, judge whether it meets second rule, then carry out step (c) if not, if then continue the conduct that next rule is reviewed this Email, rule to the last uses until exhausted, and the checking result according to employed last rule determines whether this Email meets this mail policy, if then allow this E-mail conveyance to go out, then carries out step (c) if not; And
(c) continue the conduct that next mail policy is reviewed this Email, judge whether it meets this next mail policy, and repeat above-mentioned (a) and (b) step.
The checking criterion of each rule of checking Email for meet, do not meet and skip over noncontrastive one of them, and this checking criterion is located in the step of mail policy.
The mail policy judges whether Email has abnormal behaviour, and abnormal behaviour comprises anonymity, forges, distributes indiscriminately and illegal or its combination.
Anonymous behavior comprise be selected from that heading message is failed to understand, the person's main frame of posting the part with reply one of them behavior at least that the different and answer mailbox main frame of mailbox main frame is the group that forms of network service provider (ISP) main frame.
It is external network domain but the person address of posting the part is forged into incorrect one of them behavior of domain name server (DNS) in internal host and net territory that the forgery behavior includes the source place main frame.
It is unusual and change is frequent that the behavior of distributing indiscriminately includes the mode of sending.
Illegal act comprises the behavior of return address for the lease main frame.
The content of mail and add file are as the setting content of mail policy.
Proxy server is Mail Transfer Agent device (MTA).
Mail Transfer Agent device (MTA) is a router.
The group that envelope information is selected from post part person's account number, receiver account number, receiver host address, the person's host address of posting the part, return address, domain name server (DNS) and ELECTRONIC POSTMARK are formed at least one of them.
The supplier of ELECTRONIC POSTMARK be selected from group that transmitting end server, local side server and networking network ISP (ISP) server form at least one of them.
The processing mode that stops this Email is selected from this Email of rejection, deletes one of them mode of this Email.
When this Email of rejection, return an error code and error messages simultaneously.
After adopting such scheme, the present invention utilizes the mail characteristic and the transmission principle of Email, " the mail envelope " of one Email resolved with the true-false value of mail transmission data such as " mail header ", and through back forecasting repeatedly, whether the behavior that goes out mail with accurate induction and deduction is allowed by the mail policy of presetting, and then reaches turnover of control Email and the anti-blocking effect of spam.So the present invention not only can accurately control mail, effective anti-blocking spam improves network security, and can save network bandwidth, system resource and hard drive space, to reach the effect of promoting mail communication efficient and saving operation costs.
Description of drawings
Fig. 1 resolves the method schematic diagram of mail behavior control Email for the present invention;
Detailed process schematic diagram when Fig. 2 verifies Email for one group of rule of the present invention in utilizing a mail policy;
Fig. 3 is the flow chart of the present invention with default mail policy checking Email.
Figure number explanation: 10 mail policies, 12 rules
Embodiment
The present invention is at Mail Transfer Agent device (Mail transfer agent, MTA) execution phase, utilize default mail policy to verify the true-false value of the mail transmission data of an Email, see through the parsing of mail transmission data such as mail envelope and mail header, initiatively judge the behavior behavior whether compliance with system allowed of this Email, and then reach mail turnover control and the anti-blocking purpose of spam.
The Email that one envelope is complete is called mail text (Mail text).Generally speaking, the mail text comprises mail envelope (Mail envelop), mail header (Mail header) and Mail Contents (Mail content).The Email that one envelope is complete will have through Mail Transfer Agent device (Mail transfer agent at server and client, MTA) and mail user agent device (Mail useragent, MUA) process of Chu Liing, this is the basic transmission mode of Email.The present invention utilizes the mail characteristic and the transmission principle of this Email, " the mail envelope " of one Email resolved with the true-false value of mail transmission data such as " mail header ", and through back forecasting repeatedly, go out hundreds of mail behavior type with accurate induction and deduction, and then reach the turnover and the anti-blocking effect of spam of control Email.
Because the present invention can use the mail policy that the envelope information of an Email is set the management mail, so before explanation method of the present invention, the content of the necessary envelope of explanation earlier information.Information such as the envelope information of Email is generally post part person's account number, receiver account number, receiver host address, the person's host address of posting the part, return address, domain name server (DNS) and ELECTRONIC POSTMARK; Wherein, Email after proxy servers such as transmitting end server, local side server or networking network ISP (ISP) server transmit, each the proxy server of the process ELECTRONIC POSTMARK of can on this Email, annotating.
Fig. 1 resolves the method schematic diagram of mail behavior control Email for the present invention, comprise the following steps: at first, utilize the information such as envelope information, heading message, content and add file of mail to preestablish out a different set of mail policy 10, and each mail policy 10 comprise one group of rule 12.As shown in Figure 2, the setting of each policy 10 includes [envelope posts the part person], [envelope receiver] and [mail header] three sigma rule 12, and the setting of above-mentioned three sigma rule 12 must meet simultaneously, and system just can carry out.About rule 12 setting, the user can specify to meet, do not meet and skip over and not contrast one of them, that is the user can specify [envelope posts the part person] or [envelope receiver], do not fill in then expression all; Also can select contrast or skip over [mail header], and the relevance of 12 of strictly all ruleses be [with], must all meet those settings and just be considered as establishment condition, system just can carry out to take suitable action.Similarly, when these mail policies 10 of setting, can specify on demand to meet, do not meet and skip over not contrast one of them.
After configuring mail policy 10 and rule 12 thereof, when proxy server (Agent) is received an Email, mail policy 10 compares the mail transmission data of this Email one by one, the mail transmission data that is contrasted refers to include this Email affiliated envelope information and heading message, or even content and add file, according to predefined mail policy 10 and rule 12 thereof, verify that whether this Email trip is for meeting these mail policies 10, and foundation is verified the action that the result takes corresponding stopping/transmits.
Wherein, mail policy 10 and rule 12 thereof can be defined as the behavior of spam or the behavior of inspection-free mail by setting person, thereby judge whether Email is spam, or judge whether Email is inspection-free courteous reception or treatment mail.Be defined as the behavior of spam when mail policy 10 and regular 12, when then this moment, proxy server was verified this Email receiving Email, comprise the following steps: one by one the mail transmission data of this Email to be compared by mail policy 10, whether meet the mail policy with the behavior of verifying this Email, if, then representing this Email is spam, and then stops this Email; If not, then transmit this Email.
On the contrary, when mail policy 10 and regular 12 is defined as the behavior of inspection-free mail, after then this moment, proxy server compared its mail transmission data with these mail policies 10 one by one receiving Email, if the behavior of this Email meets mail policy 10, then representing this Email is inspection-free mail, so transmit this Email; If do not meet, then stop this Email.Setting according to inspection-free mail, can set the inspection-free courteous reception or treatment object of the gate inhibition of enterprise policy, the person of sending of inspection-free mail can be the domain name of parent company, subsidiary, Very Important Person, contact manufacturer, subscribing e-paper or fixing IP person, perhaps for enterprise allows inner member in enterprise's external access mail (for example: in the employee family, subcontractor, special point stationed abroad etc.), the inspection-free courteous reception or treatment object of all genus enterprises is prior-release then.
Because the action that proxy server is taked presents adverse consequences according to the setting content of mail policy, that is when the behavior of mail policy emulation spam, then when meeting policy, stop mail, and when the inspection-free mail behavior of mail policy emulation, clearance mail when meeting policy then, its operation principle is identical, thus below only describe in detail at the control flow of spam, then repeat no more about the emulation of inspection-free mail.
Wherein, the example that is controlled to be with spam, when whether this Email of checking meets mail policy 10, its detailed steps as shown in Figure 3, when proxy server was received Email, the first mail policy was carried out true and false checking to the mail transmission data of Email, to judge whether it meets this first mail policy, if meet and then carry out step S12, promptly allow this Email to send out, then do not carry out step S14 if meet.
In step S14, whether the conduct that the proxy server continuation is reviewed Email with the second mail policy meets this second mail policy to judge it, then allows this Email to send out if meet, and promptly carries out step S12; If do not meet, then carry out step S16, continue the conduct that next mail policy is reviewed this Email, to the last a mail policy uses until exhausted; When using last mail policy, shown in step S18, when verifying this Email with last mail policy, if this Email meets this mail policy, then carry out step S12,, can confirm that then this Email is not really for being allowed to conveyer if this Email does not still meet the rule of this mail policy, then go on foot S20 this moment, and proxy server takes suitable action that this Email is not transmitted.
Wherein, when not transmitting Email, the processing mode of this moment can be rejected Email and return an error code and error messages, or directly deletes this Email, and this processing mode that does not transmit Email also can promptly be specified when default mail policy.
In addition, in the flow process of Fig. 3, when wherein a mail policy was verified the mail transmission data of Email in utilization, its detailed step can be consulted shown in Figure 2, is described as follows now:
(a) at first, the mail transmission data of Email is carried out true and false checking, whether meet this first rule,, then carry out step (c) if not if then carry out step (b) to judge it with first rule;
(b) continue the mail transmission data of this Email is carried out true and false checking with second rule, to judge whether it meets this second rule, then carry out step (c) if not, if then continue the conduct that next rule is reviewed this Email, to the last a rule uses until exhausted, and the checking result according to employed last rule determines whether this Email meets this mail policy, then allows this Email to send out if meet, and does not then carry out step (c) if meet; And
(c) continue the conduct that the rule in next mail policy is reviewed this Email, to judge whether it meets this mail policy, if meet, then allow this E-mail conveyance to go out, if do not meet, then next mail policy conduct of continuing to review this Email, to the last a mail policy uses until exhausted.
Therefore, the present invention controls by the comprehensive important information of grasping Email, as long as correct mail behavior and the processing mode thereof set just can effectively reach the purpose of controlling Email.
Since spam with anonymous, forge, distribute indiscriminately or illegally (transition information or hide Info etc.) wait conduct transmission Email, being different from advertisement matter can review the source place and have the right to cancel subscriptions through official channel, if the person that can confirm to post the part painstakingly with anonymous, forge, distribute indiscriminately or illegally conduct such as (transition information or hide Info) transmit Email, can identification its be the possible spam person of distributing indiscriminately.
Whether above-mentioned mail policy can be spam in order to judge this Email, and basis for estimation is for to judge whether this Email has abnormal behaviour, that this abnormal behaviour is generally is anonymous, forge, distribute indiscriminately or behavior such as illegal, if after the empirical tests, find that this Email has abnormal behaviour, then decidable its be spam.For instance, to have heading message not clear in anonymous behavior; The person's main frame of posting the part is different with answer mailbox main frame; Or answer mailbox main frame is behaviors such as network service provider (ISP) main frame.Its source place main frame of forgery behavior is an external network domain, and the person address is forged into internal host but post the part; Or the behaviors such as domain name server (DNS) is incorrect in net territory.Distribute indiscriminately behavior its to send mode unusual and change is frequent.The return address of illegal act is lease main frame person.
Wherein, parsing about anonymous behavior, method of the present invention is except can differentiating the above-mentioned anonymous behavior of enumerating, also can differentiate machine, hacker or the artificial Email that sends, for example differentiate the Email that postmaster (Postmaster), mail core (mailerdemon) or mail tabulation server (Listserver) etc. are sent.
The present invention resolves the method for mail behavior control Email and implements in proxy server usually, normal user is Mail Transfer Agent device (MTA), in Mail Transfer Agent device (MTA) execution phase, utilize default spam behavior emulation, via grasping " mail envelope " and information such as " mail header ", and the true-false value of recalling parsing mail transmission data, being able to correct verification goes out the behavior and whether meets " spam behavior ", wherein, Mail Transfer Agent device (MTA) can be a router.
So far, the spirit that the present invention resolves the method for mail behavior control Email has illustrated and has finished, following spy verifies explanation method of the present invention in detail with three concrete examples, is familiar with that this operator can obtain enough knowledge with reference to the description of example and enforcement according to this.
Example one: mail turnover control---specific internal user only can transmit Email and give the specific internal user.
| Eligible | ◎ meets zero and does not meet above-mentioned policy person, carries out according to following processing mode. |
| Processing mode | The ◎ rejection, passback error code and error messages zero deletion mail do not return error code and error messages zero and directly transmit |
Example two: spam is anti-blocking---and anonymous behavior illustrates, and person's main frame is different with answer mailbox main frame to post the part.
Example three: spam is anti-blocking---and the forgery behavior illustrates, and the source place main frame is an external network domain, and the person address is forged into internal host to post the part
Therefore, the present invention utilizes the mail characteristic and the transmission principle of Email, " the mail envelope " of one Email resolved with the true-false value of mail transmission data such as " mail header ", and through back forecasting repeatedly, whether the behavior that goes out mail with accurate induction and deduction is allowed by the mail policy of presetting, and then reaches turnover of control Email and the anti-blocking effect of spam.So the present invention not only can accurately control mail, effective anti-blocking spam improves network security, and can save network bandwidth, system resource and hard drive space, to reach the effect of promoting mail communication efficient and saving operation costs.
The above embodiment illustrates characteristics of the present invention, its purpose is familiar with this operator and can be understood content of the present invention and implement according to this making, and non-limiting claim of the present invention, so all other do not break away from equivalence modification or the modification that disclosed spirit is finished, and must be included in the claim of the following stated.
Claims (21)
1. resolve the method that Email is controlled in the mail behavior for one kind, it is characterized in that: this method comprises the following steps: to set a different set of mail policy according to the envelope information of mail and heading message; When proxy server (Agent) when receiving Email, the mail policy compares the mail transmission data of this Email one by one, verifies whether the behavior of this Email meets the mail policy, and takes the action that stops/transmit according to the checking result.
2. the method for parsing mail behavior control Email as claimed in claim 1, it is characterized in that: the mail policy is to be used for judging whether Email is that spam is, when proxy server is received Email, the method of verifying this Email comprises the following steps: that the mail policy compares the mail transmission data of this Email one by one, whether the behavior of verifying this Email meets this group mail policy, meet and be spam, and then stop this Email; Do not meet and then transmit this Email.
3. the method for parsing mail behavior control Email as claimed in claim 1, it is characterized in that: this group mail policy is gate inhibition's policy of the inspection-free mail behavior of definition, proxy server verifies that the method for this Email comprises the following steps: that the mail policy compares the mail transmission data of this Email one by one when receiving Email; Whether the behavior of verifying this Email meets this group mail policy, meets that to represent this Email be inspection-free mail, and then transmits this Email; Otherwise stop this Email.
4. the method for parsing mail behavior as claimed in claim 3 control Email is characterized in that: the person of sending of this inspection-free mail comprises the domain name of parent company, subsidiary, Very Important Person, contact manufacturer, subscribing e-paper and fixing IP person.
5. the method for parsing mail behavior control Email as claimed in claim 1, it is characterized in that: in the mail policy step that sets, comprise the checking criterion of setting each mail policy, the checking criterion is selected to meet, do not meet and skip over and does not contrast one of them.
6. the method for parsing mail behavior control Email as claimed in claim 1, it is characterized in that: this mail transmission data includes envelope information and the heading message under this Email.
7. the method for parsing mail behavior control Email as claimed in claim 2 is characterized in that: the method whether the checking Email meets the spam behavior of mail policy specifically comprises the following steps:
(a) when proxy server is received Email, the first mail policy is carried out true and false checking to the mail transmission data of this Email, judges whether it meets the first mail policy, then carries out step (b) if meet, and then carries out step (c) if not;
(b) allow this Email to send out; And
(c) continue the conduct of reviewing this Email with the second mail policy, judge whether it meets this second mail policy, if then carry out step (b), then continue the conduct of reviewing this Email if not by next mail policy, to the last the mail policy uses until exhausted, and when this Email did not still meet last mail policy, then proxy server stopped this Email.
8. the method for parsing mail behavior control Email as claimed in claim 2, it is characterized in that: each mail policy comprises one group of rule, when utilizing one of them mail policy that the mail transmission data of this Email is verified, comprise the following steps:
(a) by first rule mail transmission data of this Email is carried out true and false checking, judge whether it meets first rule,, then carry out step (c) if not if then carry out step (b);
(b) continue the mail transmission data of this Email is carried out true and false checking by second rule, judge whether it meets second rule, then carry out step (c) if not, if then continue the conduct that next rule is reviewed this Email, rule to the last uses until exhausted, and the checking result according to employed last rule determines whether this Email meets this mail policy, if then allow this E-mail conveyance to go out, then carries out step (c) if not; And
(c) continue the conduct that next mail policy is reviewed this Email, judge whether it meets this next mail policy, and repeat above-mentioned (a) and (b) step.
9. the method for parsing mail behavior control Email as claimed in claim 8, it is characterized in that: the checking criterion of each rule of checking Email for meet, do not meet and skip over noncontrastive one of them, and this checking criterion is located in the step of mail policy.
10. the method for parsing mail behavior control Email as claimed in claim 1, it is characterized in that: the mail policy judges whether Email has abnormal behaviour, abnormal behaviour comprises anonymity, forges, distributes indiscriminately and illegal or its combination.
11. the method for parsing mail behavior as claimed in claim 10 control Email is characterized in that: this anonymity behavior comprise be selected from that heading message is failed to understand, the person's main frame of posting the part with reply one of them behavior at least that the different and answer mailbox main frame of mailbox main frame is the group that forms of network service provider (ISP) main frame.
12. the method for parsing mail behavior as claimed in claim 10 control Email is characterized in that: it is external network domain but the person address of posting the part is forged into incorrect one of them behavior of domain name server (DNS) in internal host and net territory that this forgery behavior includes the source place main frame.
13. the method for parsing mail behavior control Email as claimed in claim 10 is characterized in that: this behavior of distributing indiscriminately comprises that the mode of sending is unusual and change is frequent.
14. the method for parsing mail behavior control Email as claimed in claim 10 is characterized in that: this illegal act comprises the behavior of return address for the lease main frame.
15. the method for parsing mail behavior control Email as claimed in claim 1, it is characterized in that: the content of mail and add file are as the setting content of mail policy.
16. the method for parsing mail behavior control Email as claimed in claim 1, it is characterized in that: this proxy server is Mail Transfer Agent device (MTA).
17. the method for parsing mail behavior control Email as claimed in claim 16, it is characterized in that: this Mail Transfer Agent device (MTA) is a router.
18. the method for parsing mail behavior as claimed in claim 1 control Email is characterized in that: the group that this envelope information is selected from post part person's account number, receiver account number, receiver host address, the person's host address of posting the part, return address, domain name server (DNS) and ELECTRONIC POSTMARK are formed at least one of them.
19. the method for parsing mail behavior as claimed in claim 18 control Email is characterized in that: the supplier of this ELECTRONIC POSTMARK be selected from group that transmitting end server, local side server and networking network ISP (ISP) server form at least one of them.
20. the method for parsing mail behavior control Email as claimed in claim 1 is characterized in that: the processing mode that stops this Email is selected from this Email of rejection, deletes one of them mode of this Email.
The method of 21 parsing mail behavior control Emails as claimed in claim 20 is characterized in that: when this Email of rejection, return an error code and error messages simultaneously.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA200410096045XA CN1780266A (en) | 2004-11-26 | 2004-11-26 | Method for analyzing and controlling e-mails |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA200410096045XA CN1780266A (en) | 2004-11-26 | 2004-11-26 | Method for analyzing and controlling e-mails |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1780266A true CN1780266A (en) | 2006-05-31 |
Family
ID=36770381
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA200410096045XA Pending CN1780266A (en) | 2004-11-26 | 2004-11-26 | Method for analyzing and controlling e-mails |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1780266A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102804213A (en) * | 2009-06-26 | 2012-11-28 | 微软公司 | Real-time spam look-up system |
| CN105306342A (en) * | 2015-09-29 | 2016-02-03 | 武汉钢铁(集团)公司 | Method and system for processing information errors of non-standard mail system |
| CN113609479A (en) * | 2021-08-06 | 2021-11-05 | 北京天融信网络安全技术有限公司 | File detection method and device, electronic equipment and readable storage medium |
-
2004
- 2004-11-26 CN CNA200410096045XA patent/CN1780266A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102804213A (en) * | 2009-06-26 | 2012-11-28 | 微软公司 | Real-time spam look-up system |
| CN102804213B (en) * | 2009-06-26 | 2016-05-25 | 微软技术许可有限责任公司 | Real-time spam seeking system |
| CN105306342A (en) * | 2015-09-29 | 2016-02-03 | 武汉钢铁(集团)公司 | Method and system for processing information errors of non-standard mail system |
| CN113609479A (en) * | 2021-08-06 | 2021-11-05 | 北京天融信网络安全技术有限公司 | File detection method and device, electronic equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8874662B2 (en) | Method and apparatus for controlling unsolicited messages in a messaging network using an authoritative domain name server | |
| EP1484893B1 (en) | Origination/destination features and lists for spam prevention | |
| JP4593926B2 (en) | Email management service | |
| CN101730903B (en) | Multi-dimensional reputation scoring | |
| US8108477B2 (en) | Message classification using legitimate contact points | |
| US8285804B2 (en) | Declassifying of suspicious messages | |
| CN101030972A (en) | Electronic information and data tracking system | |
| US8301703B2 (en) | Systems and methods for alerting administrators about suspect communications | |
| CN1819563A (en) | System and method for treating electronic messages | |
| US20070050461A1 (en) | Zero-minute virus and spam detection | |
| CN101030856A (en) | Method for verifying SMS and transmitting reliability classification based on cipher technology mark | |
| JP2005518173A5 (en) | ||
| DE202012013734U1 (en) | System for filtering spam messages based on user reputation | |
| CN1415099A (en) | System and method for blocking harmful information online, and computer readable medium therefor | |
| US20060259551A1 (en) | Detection of unsolicited electronic messages | |
| CA2513967A1 (en) | Feedback loop for spam prevention | |
| CN101056306A (en) | Network device and its access control method | |
| CN1175621C (en) | Method of detecting and monitoring malicious user host machine attack | |
| CN108011805A (en) | Method, apparatus, intermediate server and the car networking system of message screening | |
| CN1722710A (en) | E-mail management system and method | |
| CN101316172B (en) | Exception mail detection system and method | |
| CN1696949A (en) | Method of anti garbage E-Mails for receiving/transmitting server, and system of anti garbage E-mails | |
| CN1780266A (en) | Method for analyzing and controlling e-mails | |
| CN1271816C (en) | Network protocol layer user identifying method for packet filter | |
| CN102231874A (en) | Short message processing method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1090490 Country of ref document: HK |
|
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20060531 |
|
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: WD Ref document number: 1090490 Country of ref document: HK |