GB2463532A - Email filtering based upon security information embedded in mail or provided through web based challenge response system - Google Patents

Email filtering based upon security information embedded in mail or provided through web based challenge response system Download PDF

Info

Publication number
GB2463532A
GB2463532A GB0817390A GB0817390A GB2463532A GB 2463532 A GB2463532 A GB 2463532A GB 0817390 A GB0817390 A GB 0817390A GB 0817390 A GB0817390 A GB 0817390A GB 2463532 A GB2463532 A GB 2463532A
Authority
GB
United Kingdom
Prior art keywords
mail
user
server
email
personal identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0817390A
Other versions
GB0817390D0 (en
Inventor
Euros Evans
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to GB0817390A priority Critical patent/GB2463532A/en
Publication of GB0817390D0 publication Critical patent/GB0817390D0/en
Publication of GB2463532A publication Critical patent/GB2463532A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/212Monitoring or handling of messages using filtering or selective blocking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/48Message addressing, e.g. address format or anonymous messages, aliases
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Abstract

Email filter for blocking spam and other unwanted mail only delivers messages from approved addresses. Addresses can be approved manually by the receiver or using a 'personal identifier'. The personal identifier can be included in the email address/subject lines and the filter checks for its presence in all mail from unapproved addresses. Alternatively email from unapproved addresses are directed to a web site to enter the personal identifier. The personal identifier can be a secret communicated to the sender, or it could be a CAPTCHA in the form of obfuscated text or question to be answered. If the personal identifier is proved the email is delivered and the sender address added to the approved list, otherwise the email is dropped by the server.

Description

Electronic mail system and method This invention relates to an electronic mail system and method. In particular, it relates to an electronic mail system and method that allows a user to control the mail that they will receive and reduce the number of unsolicited mail messages received.
Most users of Internet e-mail receive unsolicited e-mail messages (so-called, "spam"). These can be a problem due to their bulk alone and the time taken to deal with them, and potentially worse, they may expose people (children, in particular) to content that is wholly unsuitable.
Numerous schemes for reducing the number of unsolicited e-mail messages presented to a user have been proposed. These include systems of filtering based on the content of a message, "Baysian" systems that try to determine whether or not a message is wanted based on a large range of parameters, whitelisting and blacklisting of e-mail addresses or IP addresses, and challenge/response systems, amongst many others.
All of these systems have some problems. Systems that filter and analyse messages as subject to generating "false positives", where messages that are not, in fact, unsolicited are marked as such, an so go unseen by their intended recipient. Systems that rely upon whitelisting and blacklisting of arbitrary addresses require a lot of maintenance if their lists are to remain up-to-date and challenge/response systems have the potential to create endless loops of messages if two such systems attempt to communicate with one another.
An aim of this invention is to provide an electronic mail system and method that protects its users from unsolicited mail while overcoming, or at least ameliorating, the problems of known systems.
To this end, from a first aspect, the invention provides a mail server operative to receive an e-mail message from a remote host and deliver it to a destination of a recipient that is a subscribed user, the server being operative to determine whether the sender of the message is included in an accept list and is thereby authorised to send iriessages to the recipient, in which a sender can obtain authorisation to send messages to a recipient by communication to the server of a personal identifier chosen by the recipient.
This allows a subscribed user to provide a prospective contact with sufficient information to allow them to gain authorisation to send them messages.
Additionally, a prospective contact can be authorised by the subscribed user by adding their e-mail address manually to the accept list.
Embodiments of the invention may present web interface that can allow a prospective contact to add their identity to the accept list of a registered user, confirming their authorisation by entering the personal identifier. The web interface may include the personal identifier in an obfuscated form or provide information from which the personal identifier can be deduced.
Further embodiments may allow an operator of a web site to include code in one of their pages to allow a registered user to authorise the operator of a web site to send them e-mail messages by entering their personal identifier.
Yet further embodiments may allow the personal identifier to be included as a component of an e-mail address or within the subject-line of an e-mail message.
Typically, the personal identifier is a number.
The destination to which the message is delivered by the mail server may include one or more of a mail store (such as an mbox file according to IETF RFC 4115, a Maildir directory, or a proprietary mail storage system); a mail server (such as a POP3 or IMAP server); or another SMTP mail server.
From another aspect, the invention provides a computer software product that can be executed on a computing platform to provide a mail server according to the first aspect of the invention.
An embodiment of the invention will now be described in detail, by way of example, and with reference to the accompanying drawings, in which: Figure 1 is a highly schematic diagram of a system of sending an e-mail message through a server in accordance with an embodiment of the invention; and Figure 2 shows a web page that a prospective contact can user to establish e-mail communication with a user of an embodiment of the invention; This embodiment of the invention is implemented as a server software operating on a server computer 10 (the "system server") that is connected to the Internet 12. To receive messages using the server, a user is first enrolled with a new user account.
To a subscribed e-mail user, the system provides the same function as a conventional incoming mail server, whereby a user can access their received e-mail messages using a network mail client program that operates using POP3 or IMAP, or have their messages delivered to a local mail server using SMTP. The system may also implement a web interface through which a user can access his or her messages. This functionality may be provided by known mail transfer agent such as Dovecot, Courier POP/IMAP, etc. To the rest of the Internet, the system appears to function as a conventional SMTP server, and is operative to receive e-mail messages from other hosts using SMTP. However, the way in which these incoming messages are handled is not conventional and is specific to this invention.
Thus, when a remote computer user wishes to send an e-mail message to a user of the embodiment of the invention, the remote user uses a mail user agent on their computer 14 to create a message and send it over the Internet 12 (typically through a relay server) to the system server 10, which is listening for such messages on port 25.
Upon receipt of a message, the assumption that is made by the server software is that the message will not be delivered to the addressee. The server then checks to determine whether the message meets criteria that will override this assumption and thereby allow the message to be delivered to the addressee. If the checks establish that the message should be delivered, it is placed in the users mail store, from which it can be later accessed by the subscribed user through a mail user agent running on his or her computer 16. If the checks fail to establish that the message should be delivered, an error is returned to the sender, or the message is silently discarded, in accordance with the preferences of the operator of the system.
The first check performed by the server is to determine whether the sender of the message is in a list of allowed senders that is specific to the addressee. Senders can be added to the allowed list in several ways.
First, the user of the system can add an allowed senders address manually. This will typically be achieved through a web-based control panel provided to allow a user to maintain their mail account.
Second, at the option of user, every e-mail address to which he or she sends a message will be automatically added to the allowed list.
Third, to allow a new contact to send a message, a personal identifier (PIN) system is provided, which will now be described in more detail.
The purpose of the personal identifier is to allow a new contact to establish that he or she has received authorisation to send messages to the addressee. This can be done using several mechanisms, selected as the most appropriate for a particular task at hand.
First, the system provides a public web interface that can be used by individuals to establish contact. Assume that the system operates on a domain name pinmail.me, and that a user has registered using the name euros. The user tells a prospective contact to use a web browser to access a web page with an address http:Ilpinmail.me/euros. The contact is presented with a page similar to that shown in Figure 2.
To send a message, the contact enters their own e-mail address, a subject, and the text of their message, as with a conventional e-mail system. However, before the message can be sent, the user must enter a PIN in the entry field shown at 20. The PIN is an authorisation number selected by the registered user of the system, and it can be communicated to the prospective contact in several ways.
The first way to communicate the PIN is for the registered user to tell the prospective contact what it is. This is the most secure arrangement, because no indication of the PIN need be given in the contact website.
The alternative is to present information on the web page from which the PIN can be deduced by a human, but which is difficult for an automated system to determine. This may be a CAPTCHA, displayed in a field at 22, in which the digits of the PIN are presented in an obfuscated manner. Alternatively, it may be in the form of a question or statement that requires some intelligence to understand (e.g.: "My PIN is the year of the Battle of Hastings").
Once the PIN has been entered correctly, and the message sent, the sender's e-mail address can be automatica1y entered onto the allowed ist. The prospective contact can then use the registered user's e-mail address euros@pinmail.me in the same way as any other e-mail address.
The system for authorisation described above is not well-suited to situations in which the prospective contact is an automated system, such as is required when registering with an e-commerce web site. It is generally not possible to authorise communications from systems associated with the web site manually, because the sending address may not be known in advance.
Where the operator of the relevant web-site is cooperative, a segment of HTML code may be included in a relevant web page to display an input box into which a user can enter their PIN.
This information will be transmitted to the system server 10 using suitable encryption, together with the identity of the registered user and the address or addresses that should be added to the allowed list. It is important to note that the operator of the web-site does not gain access to the PIN during this process.
This mechanism works oniy where the owners of the web site co-operate with the operators of the system server 10. If the user wishes to authorise contact from other websites or automated e-mail systems such as mailing list daemons, another mechanism is required. In the example above, the user's e-mail address is euros@pinmail.me and assume that their PIN is 1234. The system server 10 can be configured to accept e-mail messages addressed to euros-1234@pinmaiLme and then optionally add the sender of such a message to the accept list. If the address is added to the accept list, then that sender can use the address euros@pinmail.me henceforth. Otherwise, the sender can continue to use the address/PIN combination, whereby their authorisation to send messages will be terminated automatically upon the PIN being changed. For greater security, the system server 10 can be configured to accept e-mail messages addressed to an address in the form euros-<code>@pinmail.us, where <code> is derived from the PIN in a cryptographically secure manner so that the user does not need to divulge their PIN to the site or system with which he or she is registering.
The system may also serve to authorise a sender where the PIN or the <code>, as described above, in included in the subject line of an e-mail message.
In typical cases, the PIN is required only to establish communication between a prospective contact and the registered user: it is not required to continue to communicate. Therefore, a user can change their PIN without disrupting previously authorised contacts. This allows a user to remove a contact froiri the accept list, and then change the PIN to prevent the contact from re-establishing their authorisation.
Since the server 10 fuiictioiis in much the saiiie way as a conventional SMTP server, it can generally serve as a direct replacement for an existing mail server.
GB0817390A 2008-09-23 2008-09-23 Email filtering based upon security information embedded in mail or provided through web based challenge response system Withdrawn GB2463532A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0817390A GB2463532A (en) 2008-09-23 2008-09-23 Email filtering based upon security information embedded in mail or provided through web based challenge response system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0817390A GB2463532A (en) 2008-09-23 2008-09-23 Email filtering based upon security information embedded in mail or provided through web based challenge response system

Publications (2)

Publication Number Publication Date
GB0817390D0 GB0817390D0 (en) 2008-10-29
GB2463532A true GB2463532A (en) 2010-03-24

Family

ID=39952044

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0817390A Withdrawn GB2463532A (en) 2008-09-23 2008-09-23 Email filtering based upon security information embedded in mail or provided through web based challenge response system

Country Status (1)

Country Link
GB (1) GB2463532A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2474661A (en) * 2009-10-21 2011-04-27 Euros Evans Electronic mail system and method
US10243900B2 (en) 2013-08-20 2019-03-26 Longsand Limited Using private tokens in electronic messages associated with a subscription-based messaging service

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040181581A1 (en) * 2003-03-11 2004-09-16 Michael Thomas Kosco Authentication method for preventing delivery of junk electronic mail
US20050015456A1 (en) * 2002-08-30 2005-01-20 Martinson John Robert System and method for eliminating unsolicited junk or spam electronic mail
WO2006051434A1 (en) * 2004-11-15 2006-05-18 Frits Lyneborg A method and system for preventing reception of unwanted electronic messages, such as spam-mails

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050015456A1 (en) * 2002-08-30 2005-01-20 Martinson John Robert System and method for eliminating unsolicited junk or spam electronic mail
US20040181581A1 (en) * 2003-03-11 2004-09-16 Michael Thomas Kosco Authentication method for preventing delivery of junk electronic mail
WO2006051434A1 (en) * 2004-11-15 2006-05-18 Frits Lyneborg A method and system for preventing reception of unwanted electronic messages, such as spam-mails

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2474661A (en) * 2009-10-21 2011-04-27 Euros Evans Electronic mail system and method
GB2474661B (en) * 2009-10-21 2013-09-11 Euros Evans Electronic mail system and method
US10243900B2 (en) 2013-08-20 2019-03-26 Longsand Limited Using private tokens in electronic messages associated with a subscription-based messaging service

Also Published As

Publication number Publication date
GB0817390D0 (en) 2008-10-29

Similar Documents

Publication Publication Date Title
US7487213B2 (en) Techniques for authenticating email
US7422115B2 (en) Techniques for to defeat phishing
US7413085B2 (en) Techniques for displaying emails listed in an email inbox
US20070100999A1 (en) Method, system and software for rendering e-mail messages
KR101853980B1 (en) Zone classification of electronic mail messages
US7546349B1 (en) Automatic generation of disposable e-mail addresses
US7197539B1 (en) Automated disablement of disposable e-mail addresses based on user actions
US20040054741A1 (en) System and method for automatically limiting unwanted and/or unsolicited communication through verification
US20060271629A1 (en) Distributed Challenge and Response Recognition System
US20030009698A1 (en) Spam avenger
US8090788B2 (en) Method and system for filtering electronic messages
US20050235041A1 (en) Public/Private/Invitation Email Address Based Secure Anti-Spam Email Protocol
US20080177843A1 (en) Inferring email action based on user input
AU2009299539B2 (en) Electronic communication control
US20070297408A1 (en) Message control system in a shared hosting environment
GB2463532A (en) Email filtering based upon security information embedded in mail or provided through web based challenge response system
Vorakulpipat et al. Polite sender: A resource-saving spam email countermeasure based on sender responsibilities and recipient justifications
US20120304256A1 (en) Electronic mail system and method
Falk et al. Creation and use of email feedback reports: An applicability statement for the abuse reporting format (arf)
Erickson et al. The Effectiveness of Whitelisting: a User-Study.
US10715475B2 (en) Dynamic electronic mail addressing
Valeeva SPAM AND ANTI-SPAM METHODS
JP2015222576A (en) Information processing device, e-mail browsing restriction method, computer program and information processing system
GB2405004A (en) Electronic message filtering
Levine et al. Signaling One-Click Functionality for List Email Headers

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)