JP2007281702A - Management/control method for electronic mail, - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a management/control method for electronic mails capable of surely blocking of a SPAM mail, while correctly performing management and control for the electronic mails, without reducing transmission efficiency for the electronic mails. <P>SOLUTION: A method for managing and controlling electronic mails comprises the steps of establishing a plurality of different mail policies beforehand using envelope data and header data of electronic mails; sequentially collating transmission data of a received electronic mail by an agent, based on the plurality of different mail policies; authenticating whether an action of the electronic mail corresponds to the plurality of different mail policies or not; and performing the actin of blocking/transmitting the electronic mail, based on the result of the authentication. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an e-mail management and control method, and more particularly to an e-mail management and control method performed by analyzing a mail act of sending and receiving e-mail.

  When a company attempts to obtain information using electronic mail, there are many problems ranging from viruses, hackers, etc. to spam mail traps. Of these problems, most spam emails are inspected for e-mails, provide anti-virus software, provide software that blocks spam emails, and information security service companies that provide updates to these software. Based on the huge amount of stored data, calculation and analysis techniques are added to this data, information related to spam mail is collected, data statistics and analysis are performed, and artificial intelligence is enlightened to block spam mail. Has achieved the effect.

However, the conventional technique has a drawback in that the classification is too subjective. That is, the classification of adult, financial technology, drug, business, etc. is subjective, lacks determinism, and may be misjudged. In addition, the mail content scanner may be costly and communication efficiency may be reduced.

In order to block spam mail, each country has enacted related laws and regulations one after another. According to common international recognition, email is divided into spam mail and advertising mail. Therefore, before discussing spam mail blocking, we must discuss the distinction between spam mail and advertising mail. Taking the United States as an example, the United States has enacted the Can-Spam Law, and anonymous, false name, indiscriminate, or illegal (such as fluctuating data or secret data) e-mail is spam mail. The cause of spam emails is probably as follows.
1. Unable to pursue the sender.
2. The contact method is variable.
3. Misunderstanding that the recipient is from a colleague or friend.
4). Have the recipient read the email with curiosity.

If the sender of the received e-mail is unknown or cannot be rejected, it must be recognized by a special technique and rejected.

An e-mail for advertisement refers to an e-mail that is sent by a sender who obtains the address of the recipient through a specific route and is normally published. The recipient can pursue the sender and has the right to cancel the subscription via a formal route.

  Conventional spam mail blocking technology can be broadly divided into three types: content filtering, numerical calculation, and enlightenment. As a method for filtering contents, a sender, a recipient, an e-mail header, an e-mail content, an extension, a file name, an e-mail body, and the like are filtered and blocked. That is, it is a method of collecting blacklists and blocking spam mails. Such a method has drawbacks such as that collection of the list is not easy, it takes time to create the list, the success rate of the block is not high, and an error is likely to occur in the determination from the black list.

The numerical calculation method achieves spam mail prevention by collecting and adding a large amount of “mail contents” of spam mail based on a huge amount of data calculation and analysis technology. However, such methods are subjective in classification (pornography, financial technology, drugs, business, etc.), are not deterministic, can make misjudgments, and email content scanners are expensive and reduce communication efficiency. There are drawbacks such as The method of enlightenment of technology is similar to the method of numerical calculation described above. A large amount of "mail content" of spam emails is collected by calculation and analysis of a huge amount of data, and the content of the email is added and at the same time an intellectual enlightenment method is added. Therefore, in addition to the disadvantages of the numerical calculation method, if the data is too large, the misunderstanding rate increases.

It is an object of the present invention to provide a management and control method for electronic mail that accurately controls and controls electronic mail and reliably blocks spam mail without reducing the communication efficiency of electronic mail.

Accordingly, the inventors of the present invention have conducted extensive research in view of the drawbacks found in the prior art, and as a result, a step of setting a plurality of different mail policies in advance using mail envelope data and header data, and , The agent (Agent) verifies the transmission data of the received e-mail one by one based on the plurality of different mail policies, and authenticates whether the action of the e-mail falls under the plurality of different mail policies; Including the step of performing the act of blocking / transmitting the e-mail based on the result of authentication. The present invention has been completed based on the knowledge that the problem can be solved by the e-mail management and control method. .

The present invention will be specifically described below.
The electronic mail management and control method according to claim 1 includes a step of presetting a plurality of different mail policies using mail envelope data and header data, and an electronic mail received by an agent. Mail transmission data is collated one by one based on the plurality of different mail policies to authenticate whether or not the action of the email corresponds to the plurality of different mail policies, and based on the result of the authentication, Performing the act of blocking / transmitting.

The electronic mail management and control method according to claim 2 is a method in which the mail policy in claim 1 determines whether or not the electronic mail to be authenticated is spam mail, and the electronic mail received by the agent The method for authenticating the mail includes a step of checking whether the received transmission data of the e-mail corresponds to the e-mail policy, and if the e-mail is a spam e-mail if the e-mail policy corresponds to the e-mail policy And blocking and transmitting the electronic mail when the mail policy is not satisfied as a result of the verification.

The e-mail management and control method according to claim 3 is a method in which the e-mail policy in claim 1 is a policy for managing transmission / reception of e-mails, and sets a check-free e-mail act, The method for authenticating the email received by the agent is a step of checking whether or not the received data of the received email corresponds to the mail policy, and if the result of the verification is the mail policy, the email is A step of transmitting as a check-unnecessary e-mail, and a step of blocking the e-mail if the result of the verification does not correspond to the e-mail policy.

The e-mail management and control method described in claim 4 provides the e-mail sender that the sender of e-mail that does not require checking in claim 1 is the headquarters, subsidiary, important customer, manufacturer with transaction, and subscription At least one of a group consisting of a domain name or a fixed IP.

The method for managing and controlling e-mail according to claim 5, wherein the step of setting the mail policy in claim 1 includes rule setting for authentication of each mail policy and the rule is in agreement, not in agreement, or It is selected from one of ignore without matching.

According to a sixth aspect of the present invention, the electronic mail transmission data in claim 1 includes envelope data and header data belonging to the electronic mail.

The e-mail management and control method described in claim 7 is a method for authenticating whether the transmission data of the received e-mail in claim 2 is a spam e-mail corresponding to the e-mail policy. ), (B), (c) steps,
In step (a), the authenticity of the transmission data of the e-mail is authenticated for the e-mail received by the agent according to the first mail policy, and it is determined whether or not the e-mail conforms to the first mail policy. If so, go to step (b), otherwise go to step (c),
In step (b), permitting the transmission of the e-mail;
In the step (c), according to the second mail policy, the route of the e-mail is continuously checked back to determine whether or not it matches the second mail policy. If it is determined that it does not match, authentication is performed by tracing back the email route according to the next mail policy, continuing to the last mail policy, and negative until the last mail policy is reached. If the email policy does not match, block the email.

According to an eighth aspect of the present invention, there is provided a method for managing and controlling e-mails, wherein each of a plurality of different mail policies in claim 2 includes a plurality of rules, and authentication performed on e-mail data received according to these mail policies is as follows. Including the steps of (a), (b), (c)
In step (a), authenticity of the transmission data of the e-mail is authenticated in accordance with the first rule, and it is determined whether or not it matches the first rule. If so, the process proceeds to step (b). If not, go to step (c),
In step (b), the authenticity of the transmission data of the e-mail is continuously authenticated in accordance with the second rule, and it is determined whether or not it matches the second rule. If the result does not match, authentication is performed by tracing back the route of the e-mail according to the next rule, continuing until the last rule is reached, and based on the authentication result of the last rule, It is determined whether or not the mail conforms to the mail policy. If it conforms, the transmission of the electronic mail is permitted and transmitted. If not, the process proceeds to the step (c).
In step (c), according to the rules in the next mail policy, the route of the e-mail is continuously traced to determine whether it matches the mail policy, and step (a) or (b) Repeat.

According to a ninth aspect of the present invention, there is provided a method for managing and controlling an electronic mail, wherein the plurality of rules in the eighth aspect are selected from one of a match, a non-match, or a ignore without matching, and the rules are a mail. Set in the policy setting step.

The method for managing and controlling electronic mail according to claim 10 is such that the mail policy in claim 1 determines whether or not the received electronic mail is due to an action different from normal, and an action different from normal is determined. At least one of the group consisting of acts such as anonymity, false name, abuse, and illegality.

The method for managing and controlling electronic mail according to claim 11 is such that the anonymous action in claim 10 is that the header data is unclear, the sender computer is different from the reply destination computer, or It includes at least one of the group consisting of acts such that the computer to which the reply is sent is an Internet server provider computer.

In the method for managing and controlling electronic mail according to claim 12, the false act in claim 10 is that the sender's address is for a computer in the domain while the sender computer is in an external domain. Or one of the acts such as the domain name server of the domain is incorrect.

According to a thirteenth aspect of the present invention, the method of managing and controlling e-mails includes that the act of bursting in the tenth aspect includes an abnormal transmission method and frequent fluctuations.

According to a fourteenth aspect of the present invention, there is provided an electronic mail management and control method in which the illegal action in the tenth aspect is that the address to be returned belongs to the rented computer.

According to a fifteenth aspect of the electronic mail management and control method, the mail policy according to the first aspect sets the contents of the policy in accordance with the contents of the electronic mail and the attached file.

In an electronic mail management and control method described in claim 16, the agent in claim 1 is a mail transfer agent (MTA).

In the electronic mail management and adjustment method described in claim 17, the mail transfer agent (MTA) in claim 16 is a router.

The electronic mail management and control method according to claim 18 is characterized in that the envelope data in claim 16 includes a sender account, a receiver account, a recipient address, a sender address, a reply address, a domain name, And a group of time stamps.

The electronic mail management and control method according to claim 19 is the electronic mail management and control method according to claim 16, wherein the time stamp in claim 16 is selected from a group consisting of a transmission server, a DSLAM (Digital Subscriber Line Access Multiplexer), or an Internet service provider (ISP) server. Provided from at least one.

In an electronic mail management and control method according to a twentieth aspect, the act of blocking the electronic mail according to the sixteenth aspect is selected from a processing method of refusing reception of the electronic mail or deleting the electronic mail.

According to a twenty-first aspect of the present invention, the electronic mail management and control method includes the processing method for rejecting the reception of the electronic mail according to the twentieth aspect, in which an error code and an error message are simultaneously returned.

  The e-mail management and control method according to the present invention accurately manages and controls e-mails, can efficiently block spam mails, enhances network security, network bandwidth, system resources, It has the advantages of saving the hard disk space, increasing the e-mail communication efficiency, and reducing the operation cost.

  According to the present invention, when a mail transfer / delivery server (hereinafter referred to as MTA) executes an e-mail process, a true / false value of e-mail transmission data is set based on a pre-set mail policy. By authenticating and analyzing transmission data such as envelopes and e-mail headers, it is actively determined whether or not the e-mail action is suitable for the system-accepted action, and management and control of e-mail transmission and reception Achieve the goal of blocking spam mail.

One complete e-mail is referred to as mail text. In general, a mail text includes a mail envelope, a mail header, and a mail content. One complete e-mail is processed by a mail collection / delivery server and a mail user agent (MUA) at the server and client ends. This process is a basic transmission mode of electronic mail. This invention uses the characteristics of e-mail and the principle of transmission, analyzes the authenticity of e-mail transmission data such as e-mail envelopes and headers, etc. Accurately deduct and deduct the type of action, achieve the control and control of email transmission and reception, and block spam mail

The present invention uses a mail policy which is set based on envelope data of electronic mail and manages mail. Therefore, before describing the method of the present invention, the contents of the envelope data must be described. The envelope data of an e-mail usually includes a sender account, a recipient account, a recipient address, a sender address, a reply address, a domain name (Domain Name Server, DNS), a time stamp, and the like. The e-mail is transmitted through an agent such as a transmission server, a DSLAM (Digital Subscriber Line Access Multiplexer), or an Internet service provider (ISP) server, and a time stamp is given to the e-mail every time it passes through each agent. .

FIG. 1 is an explanatory diagram showing an act of analyzing an electronic mail and a management and control method of the electronic mail according to the present invention. According to the drawing, first, a plurality of different email policies 10 are set in advance based on data such as email envelope data, header data, content, and attached files. Each email policy 10 includes a plurality of rules 12.

As disclosed in FIG. 2, the setting of each e-mail policy 10 includes three types of rules L12 of “sender”, “recipient”, and “mail header”. The settings of the three types of rules 12 must be matched at the same time. The system can be executed only after matching at the same time. Regarding the setting of the rule 12, the user can specify whether to match, not match, or to skip matching. That is, the user can designate the sender of the e-mail or the recipient of the e-mail. In addition, it is possible to select whether to check the mail header or to skip the check. The relationship between all the rules 12 is AND, and it is considered that the condition is satisfied only when all of these settings are met, and the system executes an appropriate action. Similarly, when the e-mail policy 10 is set, it is possible to specify one of matching, not matching, and skipping matching as necessary.

After the e-mail policy 10 and its rules 12 are set, when the agent receives an e-mail, the e-mail policy 10 collates the e-mail transmission data one by one based on the e-mail policy 10. The mail transmission data to be collated includes an envelope and header data belonging to the electronic mail, and sometimes includes a content and an attached file. These are determined by a preset email policy 10 and its rules 12. It is authenticated whether or not the action of the e-mail matches these e-mail policies 10, and the corresponding block / send operation is performed based on the authentication result.

  The e-mail policy 10 and its rules 12 can be set as a spam mail act or an inspection-free e-mail action by the person who sets them, and it is determined whether or not the e-mail is a spam mail. Or whether or not the e-mail is a mail that does not require checking. When the e-mail policy 10 and its rule 12 are defined as spam mail actions, when the agent receives an e-mail and authenticates the e-mail, the e-mail policy 10 is used to send the e-mail. A check is performed one by one, and the action of the e-mail matches the e-mail policy 10 or is authenticated. If it is authenticated, it represents that the e-mail is spam mail, and the e-mail is blocked. If they do not match, the e-mail is transmitted.

  On the contrary, when the email policy 10 and its rule 12 are set as an act of check-free email, the agent checks the email transmission data of the email according to the email policy 10 after receiving the email. If the action of the e-mail matches the e-mail policy 10, the e-mail is transmitted to indicate that the e-mail is a check-unnecessary mail. If it does not match, the electronic mail is blocked. By setting the check-free email, it is possible to set a check-free target according to the company security policy. For example, the headquarters, subsidiaries, important customers, manufacturers with transactions, domain names that provide e-mail magazines to subscribe to, or fixed IPs, or members of the company as authorized by the company Emails received from outside the company (for example, employees' homes, subcontract factories, special external contact points, etc.) can be cited, and the objects that the company does not need to check are preferentially transmitted.

  The actions collected by the agent have different results depending on the contents set in the e-mail policy. That is, if the email policy simulates spam email behavior, if it matches the policy, the email is blocked, and if the email policy simulates email behavior that does not need to be checked, If it matches, mail is passed. However, the principle of the workpiece is the same. Therefore, the spam mail management and control process will be described in detail below, and the simulation of check-free mail will not be described in detail.

  Taking spam mail management and control as an example, the steps for authenticating whether or not an e-mail conforms to the e-mail policy 10 are as disclosed in FIG. In other words, when the agent receives the e-mail, the authenticity of the mail transmission data of the e-mail is authenticated based on the first e-mail policy, and it is determined whether or not it matches the first e-mail policy. If they match, the process proceeds to step S12, and the transmission of the electronic mail is permitted. If not, the process proceeds to step S14.

In step S14, based on the second e-mail policy, the agent traces back the e-mail route, continues authentication, and determines whether or not the second e-mail policy is met. If it is encoded, the process proceeds to step S12 to permit transmission of the e-mail. If it does not match, the process proceeds to step S16, and the route of the e-mail is continuously traced back according to the e-mail policy until the last e-mail policy is reached.

In step S18, when the last e-mail policy is reached and the e-mail is authenticated, if the e-mail matches the last e-mail policy, the process proceeds to step S12, and the e-mail is still e-mail. If the policy rule is not met, it is confirmed that the e-mail cannot be permitted to be sent, and the process proceeds to step S20. In step S20, the agent collects an appropriate action so that the electronic mail is not transmitted.

The processing method in the case of not sending the e-mail rejects the reception of the e-mail and returns an error code and an error message or directly deletes the e-mail. A processing method in a case where an e-mail is not transmitted can be designated in advance when an e-mail policy is set.

Further, in the process disclosed in FIG. 3, the steps for authenticating the transmission data of the e-mail based on the mail policy will be described in detail below with reference to FIG.
(A) The authenticity of the transmission data of the e-mail is authenticated according to the first rule, and it is determined whether or not the first rule is met. If they match, the process proceeds to the next step (b), and if not, the process proceeds to step (c).
(B) According to the second rule, the authenticity of the transmission data of the e-mail is continuously authenticated to determine whether or not the second rule is met. If they match, the process proceeds to the next step (c). If they do not match, authentication is performed by tracing back the route of the electronic mail according to the next rule, and the process is continued until the last rule is reached. Further, based on the authentication result of the last rule, it is determined whether or not the e-mail matches the mail policy. If it matches, the transmission of the electronic mail is permitted and transmitted. If not, the process proceeds to step (c).
(C) According to the rules in the next mail policy, the electronic mail route is continuously traced to determine whether or not the mail policy is met. If it matches, the transmission of the electronic mail is permitted. If not, the electronic mail route is continuously traced back by the next mail policy, and continues until the last mail policy is applied.

Accordingly, the present invention manages and manages all and important data of an electronic mail, and efficiently manages the electronic mail by accurately setting the mail action and the processing method thereof. Can be achieved.

Spam mail is an e-mail that is sent by acts such as anonymous, false name, random occurrence, and illegal (data fluctuation or data concealment). In this respect, the right to go back the route, know the sender, and cancel the subscription via the official route is different from the advertisement mail. If the sender deliberately sends an e-mail with an act of anonymity, false name, abuse, or illegal (data change, data concealment, etc.), it should be recognized as spam mail Can do.

The mail policy described above is used to determine whether or not an electronic mail is a spam mail, and the determination is based on the determination whether or not the electronic mail is due to an action different from normal. Unusual acts are acts such as anonymity, misrepresentation, abuse, illegality, etc., and if it is recognized that the e-mail is due to an act that is different from normal by authentication, it is judged as spam mail To do. For example, the act of anonymizing includes an act in which the header data is unclear, the sender computer is different from the reply destination computer, or the reply destination computer is an Internet server provider computer. included. For example, the sender computer is in an external domain, but the sender's address is for the computer in the domain, or the domain name server of the domain is incorrect. Refers to action. The act of bursting means that the transmission method is abnormal and frequently fluctuates. An illegal act means that the address to be returned is that of the rented computer.

Regarding the analysis of anonymous behavior, the method of the present invention not only determines the above-mentioned anonymous behavior, but also determines whether it is a mechanically transmitted message, a message transmitted by a hacker, or a human-transmitted email. can do. For example, it is possible to determine whether the email is a postmaster (Postmaster), a mailer daemon (mailermon), or a list server (Listserver).

The e-mail management / control method using spam mail analysis according to the present invention is usually implemented in an agent. A mail mail collection / delivery server (MTA) is relatively frequently used. Simulate spam mail actions set in advance in the MTA execution stage to grasp information such as mail envelopes and mail headers, and analyze the authenticity of mail transmission data retroactively. Exactly verify whether this is true. The MTA may be a router.

In the following, three specific examples will be given and described in detail so as to prove the effect of the method of the present invention and to enable those skilled in the art to rely on the practice of the present invention.

A first example is a case where transmission / reception of electronic mail is managed and controlled, and only an internal specific user can transmit an electronic mail to an internal specific user. Table 1 shows the screen display.

A second example is when spam mail is blocked. In the case of anonymity, for example, the sender's host computer and the reply mailbox are different. Table 2 shows the screen display.

The third example is a case where spam mail is blocked, and the impersonation act is impersonation, for example, when the sending host computer is in the external Internet area and the sender's address is the internal host computer. ing. Table 3 shows the screen display.

The present invention analyzes the authenticity of email transmission data such as “envelope” and “header” of email using the characteristics of email and the principle of transmission, and repeatedly authenticates and authenticates the email. Whether it is permitted by a preset mail policy, or inductively deducting and deducting to manage and control e-mails, and achieve the effect of blocking spam mails. Therefore, the present invention can accurately manage and control e-mails and reliably block spam mails, not only increase network security, but also network bandwidth, system resources, and hard disks. Space can be saved, e-mail communication efficiency can be improved, and operation costs can be reduced.

The above is a preferred embodiment of the present invention and does not limit the scope of the present invention. Accordingly, any modifications or changes that can be made by those skilled in the art, which are made within the spirit of the present invention and have an equivalent effect on the present invention, are included in the claims of the present invention. Shall.

It is explanatory drawing which showed the management and control method of the electronic mail by this invention. It is explanatory drawing which showed the setting of the mail policy in this invention. 6 is a flowchart showing a step of authenticating an electronic mail according to a mail policy in the present invention.

Explanation of symbols

10 Mail policy 12 Rules

Claims (21)

Presetting different email policies using email envelope data and header data;
The agent (Agent) verifies the transmission data of the received e-mail one by one based on the plurality of different mail policies to authenticate whether or not the action of the e-mail corresponds to the plurality of different mail policies. And a step of performing an act of blocking / transmitting the electronic mail based on the result of the electronic mail management method. The mail policy is for determining whether or not an email to be authenticated is spam email, and the method for authenticating the email received by the agent is that the transmission data of the received email is the email policy. Step by step to check whether or not the email policy corresponds to the email policy, block the email as spam if the verification results in the email policy, and check if the email policy does not match the email policy. The e-mail management and control method according to claim 1, further comprising a step of transmitting e-mail. The mail policy is a policy for managing transmission / reception of electronic mail, and sets a mail action that does not need to be checked, and a method for authenticating the electronic mail received by the agent is received data of the received electronic mail. Is matched to the mail policy, and if the result of the matching is the mail policy, the step of transmitting the email as an unchecked email and the matching result of the email policy The electronic mail management and control method according to claim 1, further comprising a step of blocking the electronic mail if not. The sender of the e-mail that is not required to be checked is at least one of a group consisting of a head office, a subsidiary, an important customer, a manufacturer with a transaction, a domain name that provides a mail magazine to subscribe to, or a fixed IP. The e-mail management and control method according to claim 3. The step of setting the mail policy includes setting a rule for authentication of each mail policy, and the rule is selected from among matching, unmatching, or ignoring without matching. The e-mail management and control method according to claim 1. The e-mail management and control method according to claim 1, wherein the e-mail transmission data includes envelope data and header data belonging to the e-mail. A method for authenticating whether the received transmission data of the e-mail is spam mail corresponding to the mail policy includes the following steps (a), (b), and (c):
In step (a), the authenticity of the transmission data of the e-mail is authenticated for the e-mail received by the agent according to the first mail policy, and it is determined whether or not the e-mail conforms to the first mail policy. If so, go to step (b), otherwise go to step (c),
In step (b), permitting the transmission of the e-mail;
In the step (c), according to the second mail policy, the route of the e-mail is continuously checked back to determine whether or not it matches the second mail policy. If it is determined that it does not match, authentication is performed by tracing back the email route according to the next mail policy, continuing to the last mail policy, and negative until the last mail policy is reached. 3. The e-mail management and control method according to claim 2, wherein the e-mail is blocked when the e-mail policy is not met. Each of the plurality of different mail policies includes a plurality of rules, and authentication performed on the data of the email received according to the mail policies includes the following steps (a), (b), and (c):
In step (a), authenticity of the transmission data of the e-mail is authenticated in accordance with the first rule, and it is determined whether or not it matches the first rule. If so, the process proceeds to step (b). If not, go to step (c),
In step (b), the authenticity of the transmission data of the e-mail is continuously authenticated in accordance with the second rule, and it is determined whether or not it matches the second rule. If the result does not match, authentication is performed by tracing back the route of the e-mail according to the next rule, continuing until the last rule is reached, and based on the authentication result of the last rule, It is determined whether or not the mail conforms to the mail policy. If it conforms, the transmission of the electronic mail is permitted and transmitted. If not, the process proceeds to the step (c).
In step (c), according to the rules in the next mail policy, the route of the e-mail is continuously traced to determine whether it matches the mail policy, and step (a) or (b) The method of managing and controlling electronic mail according to claim 2, wherein: 9. The method of claim 8, wherein the plurality of rules are selected from one of matching, unmatching, or ignoring without matching, and the rules are set in a step of setting a mail policy. Management and control method of the described email. The mail policy is to determine whether or not the received e-mail is due to an unusual behavior, and the unusual behavior is within a group consisting of acts such as anonymity, false name, abuse, illegality, etc. The electronic mail management and control method according to claim 1, wherein the method is at least one. The group in which the anonymous action is such that the header data is unclear, the sender computer is different from the reply destination computer, or the reply destination computer is an Internet server provider computer The method for managing and controlling electronic mail according to claim 10, comprising at least one of the following. The act of impersonation may falsely name the sender's address as that of a computer in the domain while the source computer is in an external domain, or the domain name server of the domain is incorrect The method for managing and controlling electronic mail according to claim 10, comprising one of the actions. The method of managing and controlling electronic mail according to claim 10, wherein the act of bursting includes an abnormal transmission method and frequent fluctuations. 11. The e-mail management and control method according to claim 10, wherein the illegal act includes that the address to be returned is that of a rented computer. The e-mail management and control method according to claim 1, wherein the e-mail policy sets policy contents according to e-mail contents and attached files. 2. The method of managing and adjusting electronic mail using mail action analysis according to claim 1, wherein the agent is a mail transfer agent (MTA). The method according to claim 16, wherein the mail transfer agent (MTA) is a router. The envelope data is selected from the group consisting of a sender account, a recipient account, a recipient address, a sender address, a reply address, a domain name, and a time stamp. Email management and control methods described in 1. The electronic device according to claim 16, wherein the time stamp is provided from at least one of a group consisting of a transmission server, a DSLAM (Digital Subscriber Line Access Multiplexer), or an Internet service provider (ISP) server. Mail management and control method. The method for managing and controlling electronic mail according to claim 16, wherein the act of blocking the electronic mail is selected from a processing method for rejecting reception of the electronic mail or deleting the electronic mail. The method for managing and controlling electronic mail according to claim 20, wherein the processing method for rejecting reception of the electronic mail includes returning an error code and an error message at the same time.