JP2010146029A - Mail address leakage detecting system and method, and mail address management server and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a system for judging the correlation between a registration site where a mail address is registered and the sender of received email to detect a leakage of the mail address. <P>SOLUTION: A mail receiving means 301, when receiving mail from an outside source, judges if the received mail address is not the original mail address of the user, but is addressed to a specific service providing site server 04. An address pair information processing means 302 receives a notification of the mail header and information on the received mail address, extracts information on the mail sender from the mail header, generates reception address pair information in combination with information on the mail recipient, and transfers it to a mail address information management/processing means 201. The mail address information management/processing means 201 judges the correlation between the site where the user has registered the mail address and the sender of the received mail after storing the received reception address pair information in an address site pair information database. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an e-mail address leakage detection system and method, an e-mail address management server, and a program, and more particularly, to an e-mail address leakage detection system and method, an e-mail address management server, Regarding the program.

  An example of a conventional mail address leakage detection system is described in Patent Document 1. The e-mail address leakage detection system described in Patent Document 1 includes a transmission source terminal, a transmission source mail server, a reception destination mail server, and a reception source terminal, and operates as follows.

  The transmission source terminal provides a user name variable part for the user name in the mail address, and generates a value of the user name variable part for each communication partner. Then, the mail address of the user name variable part and the user name fixing part is used as a dedicated mail address, and the transmission source mail server is requested to send the mail. The transmission source mail server transmits mail to the reception destination mail server. The receiving mail server determines whether the sending mail address matches the dedicated mail address when the mail arrives. If they match, the receiving mail server stores the mail in the mail spool as being acceptable, and the receiving terminal reads the mail from the mail spool in the receiving mail server. If they do not match, the receiving mail server determines that the mail has been sent from a communication partner other than the specific communication partner using a mail address having a user name variable part dedicated to the specific communication partner. Receiving is rejected and the number of incoming illegal mails is counted.

JP 2003-196216 A

  However, in the background art described above, there is a problem that it is difficult to analyze whether the information is leaked in individual units or in units of those sites.

  The reason for this is that there is a lack of measures to verify the relationship between the registered site and the sender of the received email, and the user can only verify the relationship between the registered site and the sender of the received email individually. Because.

  An object of the present invention is to provide a mail address leakage detection system and method, a mail address management server, and a program that solve the above-described conventional problems.

  A first mail address leakage detection system according to the present invention is a mail address leakage detection system including a terminal device, a mail receiving server, a mail address management server, and a service providing site server, wherein the terminal device includes the service providing site. Means for requesting the e-mail address management server to pay out an e-mail address for a server (referred to as a registration site), and transmitting information on the service providing site server (referred to as registration site information) to the e-mail address management server; Means for registering the paid-out mail address in the registration site, wherein the mail address management server pays out the requested mail address and sends it to the terminal device, and receives mail from the mail receiving server. Receiving the address and email sender site information, A means for accumulating the mail sender site information when the received mail address and the paid out mail address are matched, and the registered site information received from the terminal device and the stored mail sender site information And a means for determining that a mail address registered in the registered site is leaked if there is a correlation, wherein the mail receiving server receives and receives mail from an external site. And means for extracting a received mail address and mail sender site information from the mail and transmitting the extracted mail address and mail sender site information to the mail address management server.

  A second mail address leak detection system according to the present invention is a mail address leak detection system including a terminal device, a mail receiving server, a mail address management server, and a service providing site server, wherein the terminal device includes the mail address management. Means for transmitting registration site information and a user's original e-mail address to the server and requesting delivery of an e-mail address for the service providing site server; and e-mail address issued from the e-mail address management server as the service providing site server The mail address management server includes a means for paying out a mail address for the service providing site server requested from the terminal device, the registration site information received from the terminal device, and the user. Original email address and previous Means for registering a pair with the paid-out mail address in the first database as address site pair information, and means for sending the original mail address of the user received from the terminal device and the paid-out mail address to the mail receiving server And means for updating the first database with the received address pair information received from the mail receiving server, and referring to the updated first database to obtain a correlation value between the registered site information and the mail sender site information. A correlation determination unit that calculates and determines that there is a correlation if the calculated correlation value is equal to or greater than a predetermined value, and determines that an email address registered in the registered site is leaked; and the registered site information And a notification of the detection result when it is detected that there is a correlation between The service providing site server includes a means for receiving the registered mail address from the terminal device and registering it in a storage unit, and the mail receiving server receives the user from the mail address management server. Means for receiving the original e-mail address and the issued e-mail address and registering them in the second database; receiving e-mail from an external site; extracting received e-mail address and e-mail sender site information from the received e-mail; Means for transmitting the extracted pair of the received mail address and the mail sender site information to the mail address management server as received address pair information.

  In the third e-mail address leak detection system according to the present invention, in the second e-mail address leak detection system, the means for updating the first database has the mail sender site information already registered in the first database. If the mail sender site information is not registered in the first database, the mail sender site information is registered in the first database and the mail sender site information counter is incremented. The counter of the mail sender site information is set to “1”, and the correlation determination unit calculates the correlation value by summing up the counters of the mail sender site information.

  According to a fourth e-mail address leak detection system of the present invention, in the second or third e-mail address leak detection system, the service providing site server transmits a personal information registration page for registering personal information to the terminal device. The terminal device includes means for inserting the paid-out mail address into the personal information registration page.

  A first mail address leak detection method of the present invention is a mail address leak detection method of a mail address leak detection system including a terminal device, a mail receiving server, a mail address management server, and a service providing site server, wherein the terminal device Requests the e-mail address management server to pay out an e-mail address for the service providing site server (referred to as a registered site), and sends information on the service providing site server (referred to as registered site information) to the e-mail address management server. The mail address management server pays out the requested mail address and transmits it to the terminal device, and the terminal device registers the paid mail address in the registration site, and the mail receiving server. Receive emails from external sites and from received emails The e-mail address and e-mail sender site information are extracted and transmitted to the e-mail address management server, and the e-mail address management server receives the received e-mail address and e-mail sender site information from the e-mail receiving server, The received e-mail address and the paid-out e-mail address are collated, and if they match, the e-mail sender site information is accumulated, the registered site information received from the terminal device, and the accumulated e-mail sender site information, If there is a correlation, it is determined that a mail address registered in the registration site is leaked.

  A second mail address leak detection method of the present invention is a mail address leak detection method of a mail address leak detection system including a terminal device, a mail receiving server, a mail address management server, and a service providing site server, wherein the terminal device Sends the service providing site server information (referred to as registration site information) and the user's original mail address to the mail address management server, and pays out the mail address for the service providing site server (referred to as registration site). The mail address management server issues a mail address for the registered site requested from the terminal device, and receives the mail address of the user originally received from the terminal device and the mail address that has been paid out. Sent to the server and received the email The server registers the original email address of the user and the paid-out email address received from the email address management server in a second database, and the email address management server includes the registration site information received from the terminal device and A pair of the user's original email address and the paid-out email address is registered in the first database as address site pair information, and the terminal device transmits the paid-out email address to the registered site, and the service The providing site server registers the paid-out mail address received from the terminal device in the storage unit, and the mail receiving server receives the mail from the external site, and receives the received mail address and the mail sender from the received mail. Extract site information and extract the received mail A pair of the address and the mail sender site information is transmitted to the mail address management server as received address pair information, and the mail address management server uses the received address pair information received from the mail receiving server to store the first database. The correlation value between the registered site information and the mail sender site information is calculated by referring to the updated first database, and if the calculated correlation value is equal to or greater than a predetermined value, the correlation is If it is determined that there is a correlation between the registered site information and the mail sender site information, it is determined that the e-mail address registered in the registered site is leaked. It is characterized by notifying.

  The third e-mail address leak detection method of the present invention is the second e-mail address leak detection method, wherein the e-mail address management server, when the e-mail sender site information is already registered in the first database. The mail sender site information counter is incremented, and if the mail sender site information is not registered in the first database, the mail sender site information is registered in the first database and the mail sender is registered. The site information counter is set to “1”, and the mail sender site information counter is summed to calculate a correlation value.

  According to a fourth e-mail address leak detection method of the present invention, in the second or third e-mail address leak detection method, the service providing site server transmits a personal information registration page for registering personal information to the terminal device, The terminal device inserts the paid-out mail address into the personal information registration page.

  A first mail address management server of the present invention is a mail address management server of a mail address leakage detection system including a terminal device, a mail receiving server, and a service providing site server, and pays out a requested mail address to the terminal A means for transmitting to the device; and the received mail address and the mail sender site information are received from the mail receiving server, the received mail address and the paid-out mail address are collated, and if they match, the mail sender A means for accumulating site information and a correlation between the information of the service providing site server received from the terminal device and the accumulated mail sender site information are determined, and if there is a correlation, the terminal device Means for determining that the e-mail address registered in the providing site server is leaked; It includes, characterized in that.

  A second mail address management server of the present invention is a mail address management server of a mail address leakage detection system including a terminal device, a mail receiving server, and a service providing site server, and the service provision requested from the terminal device Means for paying out an e-mail address for a site server (referred to as a registered site), information on the service providing site server received from the terminal device (referred to as registered site information), the original e-mail address of the user, and the paid-out mail Means for registering a pair with an address in the first database as address site pair information; means for transmitting the original mail address of the user received from the terminal device and the paid-out mail address to the mail receiving server; Receive mail address from mail receiving server Means for receiving the mail sender site information and updating the first database, referring to the updated first database, calculating a correlation value between the registered site information and the mail sender site information, Correlation determining means for determining that there is a correlation if the calculated correlation value is equal to or greater than a predetermined value, and determining that the e-mail address registered in the registered site is leaked; and the registered site information and the e-mail And means for notifying a detection result when it is detected that there is a correlation with the sender site information.

  In the third mail address management server of the present invention, in the second mail address management server, the means for updating the first database is when the mail sender site information is already registered in the first database. Increments a counter of the mail sender site information, and if the mail sender site information is not registered in the first database, the mail sender site information is registered in the first database and the mail is transmitted. And the correlation determination means calculates the correlation value by summing up the counters of the mail sender site information.

  A first program of the present invention is a program of a mail address management server of a mail address leakage detection system including a terminal device, a mail receiving server, and a service providing site server, wherein the terminal device pays out a requested mail address. Receiving the received mail address and the mail sender site information from the mail receiving server, collating the received mail address with the paid-out mail address, and if they match, the mail sender site The process of accumulating information and the correlation between the service providing site server information received from the terminal device and the accumulated mail sender site information are determined, and if there is a correlation, the terminal device provides the service provision A process for determining that the e-mail address registered in the site server is leaked, Characterized in that cause I.

  A second program of the present invention is a program of a mail address management server of a mail address leakage detection system including a terminal device, a mail receiving server, and a service providing site server, wherein the service providing site requested from the terminal device Processing for paying out an e-mail address for a server (referred to as a registration site), information on the service providing site server received from the terminal device (referred to as registration site information), the original mail address of the user, and the pay-out mail address A process of registering a pair with the address site pair information in the first database, a process of transmitting the original mail address of the user received from the terminal device and the paid-out mail address to the mail receiving server, and the mail Receive email address and message from the receiving server Processing for receiving the sender site information and updating the first database, referring to the updated first database, calculating a correlation value between the registered site information and the mail sender site information, and calculating If the correlation value is greater than or equal to a predetermined value, it is determined that there is a correlation, and a correlation determination process for determining that a mail address registered in the registered site is leaked, the registered site information and the mail transmission And a process of notifying a detection result when it is detected that there is a correlation with the user site information.

  The third program of the present invention, in the second program, when the mail sender site information is already registered in the first database, increments a counter of the mail sender site information, and sends the mail When the sender site information is not registered in the first database, the mail sender site information is registered in the first database, and the counter of the mail sender site information is set to “1”; And a process of calculating a correlation value by summing up counters of mail sender site information.

  The present invention has an effect that it is possible to detect early the possibility that personal information including an e-mail address has passed from a registered site to a third party.

  This is because the correlation between the site information (registered site information) in which personal information including the mail address is registered and the sender information (sender site information) of the received mail is determined.

  First, features of the present invention will be described.

  When registering personal information including e-mail addresses for service providers on the Internet such as commercial sites and questionnaire sites, it cooperates with client programs (such as Web browsers) that users use to register such information Issue a different email address for each registered site. Then, the information of the mail address issued together with the site information of the registration destination is managed. Then, the sender information of the incoming mail addressed to the issued mail address is centrally managed, and the correlation between the registration destination site information and the mail sender site information is statistically examined to detect the leakage of personal information. It is characterized by that.

  Next, the best mode for carrying out the present invention will be described in detail with reference to the drawings.

  First, the configuration of the best mode for carrying out the present invention will be described.

Referring to FIG. 1, the embodiment of the present invention includes a terminal device 01, a mail address management server 02, a mail receiving server 03, and a service providing site server 04.
Moreover, the other site server which is not illustrated is included.

  The terminal device 01 is an information processing device that operates under program control. The terminal device 01 transmits the information (referred to as registration site information) of the service providing site server 04 that registers the paid-out mail address and the user's original mail address to the mail address management server 02 to send the service providing site server 04 ( Means for requesting delivery of an e-mail address for a registration site), and means for sending the e-mail address issued from the e-mail address management server 02 to the service providing site server 04.

  This will be described in more detail below.

  The terminal device 01 accesses the service providing site server 04 and displays a registration page provided by the service providing site server 04. Further, the terminal device 01 has a client program 101 that provides an input interface to an information input field on the displayed page, and operates the client program 101.

  The client program 101 can incorporate a plug-in to which a user interface can be added, and includes a page information holding function 111, a mail address registration area 112, and a mail address acquisition / registration plug-in 113.

  The page information holding function 111 has a function of holding the displayed page information.

  The mail address registration area 112 is an area for storing the acquired mail address.

  The mail address acquisition / registration plug-in 113 displays the mail address registration area 112 if it exists in the held page. Then, in accordance with a user instruction, the site information of the page currently displayed by the client program 101 is acquired from the page information holding function 111, the information is transmitted to the mail address information management / processing unit 201, and the acquired mail address Is stored in the mail address registration area 112.

  Referring to FIG. 2, the mail address acquisition / registration plug-in 113 includes a plug-in user interface 120, a mail address registration control function 121, a registered site information acquisition function 122, a management server connection management function 123, and a management server communication. And a control function 124.

  The plug-in user interface 120 provides the client program 101 with an additional user interface for acquiring a mail address, and calls the mail address registration control function 121 based on a request for acquiring a new address of the user by the added user interface. And the corresponding email address is entered in the email address registration area 112.

  The e-mail address registration control function 121 calls the management server communication control function 124 based on an instruction from the plug-in user interface 120, and displays the e-mail address registration destination page and site information acquired from the registered site information acquisition function 122 as e-mail addresses. The corresponding mail address is acquired by transmitting to the management server 02.

  The registered site information acquisition function 122 acquires information about the currently displayed page and the site providing the page from the page information holding function 111.

  The management server connection management function 123 manages an authentication method and authentication information necessary for communicating with the mail address management server 02.

  The management server communication control function 124 communicates with the mail address management server 02 using the management server connection management function 123.

  It should be noted that the access to the site and the page display function itself in the client program 101 are irrelevant to the essence of the present invention, and thus description thereof is omitted.

  The mail address management server 02 is an information processing device that operates under program control, and includes a mail address information management / processing unit 201 and a processing result notification unit 202.

  The mail address information management / processing unit 201 generates a new mail address and manages the generated mail address based on a request from the client program 101. Further, based on information notified from the address pair information processing means 302, statistical processing relating to the generated mail address is performed. Referring to FIG. 3, the mail address information management / processing unit 201 includes a mail reception server communication control unit 211, a new mail address payout unit 212, a plug-in communication control unit 213, and an address / site pair information management unit 214. Address site pair information correlation determining means 215, address site pair information database 216, and plug-in connection managing means 217.

  The mail receiving server communication control unit 211 registers a new mail address (paid out mail address) in the mail receiving server 03. Also, receiving address pair information is received from the mail receiving server 03.

  The new mail address payout means 212 pays out an arbitrary new mail address that does not overlap with an existing mail address. The new e-mail address paid out here has a meaning as a discarded e-mail address. An abandoned e-mail address is an e-mail address that is usually paid out separately from an address that is normally paid out by a provider or an address used by a company. Generally, it is “discarded” when it is no longer needed or when it becomes annoying as SPAM arrives in large quantities.

  The plug-in communication control means 213 calls the address / site pair information management means 214 by using the registered site information connected and received from the management server communication control function 124 at the request of the client program 101 and corresponding mail address ( (Paid out mail address) is acquired and returned to the management server communication control function 124.

The address / site pair information management means 214 has the following functions.
[Function 214-1] Based on the request of the plug-in communication control means 213, the new mail address issuing means 212 is called to acquire a new mail address. Then, the mail receiving server communication control unit 211 is called to perform setting so that mail can be received at the acquired mail address (paid out mail address), and registered with the registered site information in the address site pair information database 216, A function of returning the acquired email address (paid out email address) to the plug-in communication control means 213.
[Function 214-2] In response to the notification from the address pair information processing unit 302 of the mail receiving server 03, the received address pair information of the received mail received by the mail receiving server communication control unit 211 is acquired. Then, the acquired received address pair information is stored in the address site pair information database 216. A function of calling the address site pair information correlation determination unit 215 every predetermined number of times or every predetermined period after accumulation and notifying the result to the processing result notification function unit.

  The address site pair information correlation determining means 215 uses the address site pair information database 216 to determine the correlation between the mail address and the site that sent the mail, and returns the result to the address / site pair information managing means 214. To do. The address site pair information correlation determining unit 215 calculates a correlation value between the email address and the email transmission site, and between the email address and the email transmission site when the calculated correlation value is equal to or greater than a predetermined value. Means for determining that there is a correlation and determining that the mail address registered in the registered site is leaked to another site. The correlation here refers to a so-called statistical correlation in which some kind of causal relationship or a relationship that is considered to be highly related is seen in the data mathematically. For example, when a mail address is registered in the site A, it is considered that there is a correlation when a predetermined number or more of mails arrive from other sites with the mail address registered for the site A. In addition, for example, when a plurality of users register e-mail addresses on site A, e-mails have arrived at some e-mail addresses registered for site A from another site B. Think. In this case, for example, a condition is defined in advance, for example, when the percentage of this part exceeds 80%, and it is considered that there is a correlation when this condition is satisfied. Further, for example, a method of determining based on the result of statistical processing that the ratio is rapidly increased at a specific timing when the ratio is further seen at a certain time interval may be used. Furthermore, the final determination of outflow is a method in which, for example, a weighted sum is taken with respect to the correlation determination between the plurality of data, and if there is a correlation value with a value equal to or greater than a certain condition, it is considered that there is a correlation. But you can. In the example described above, if there is a correlation between the data, it is considered that a plurality of user information or mail addresses registered in the site A have leaked to other sites.

  The address site pair information database 216 accumulates and holds pairs of issued (paid out) mail addresses and registered site information in which the mail addresses are registered. Further, the result of statistical processing of the received address pair information notified from the mail receiving server 03 is accumulated and held in a format that can be referred to by the address / site pair information managing means 214 and the address site pair information correlation determining means 215. The address site pair information database 216 includes a user's original mail address, registered site information, paid-out mail address, registered domain information, registration time, sender site information and its numerical counter, and sender domain information. And its numeric counter.

  The plug-in connection management unit 217 receives control from the plug-in communication control unit 213, authenticates the user and program on the plug-in side, and manages connection source user information and communication from the plug-in. In the authentication of the user and the program here, it is authenticated that the plug-in program of the client operating on the user side is correct and that the user who uses the plug-in program is the correct user. For example, authentication is performed by comparing user information, password, plug-in module information, and information managed by the plug-in connection management unit 217 (registered in advance). Do.

  The processing result notifying unit 202 notifies the processing result to the outside based on the output of the mail address information management / processing unit 201.

  The mail receiving server 03 is an information processing apparatus that operates under program control, and includes mail receiving means 301 and address pair information processing means 302.

  The mail receiving unit 301 receives mail and notifies mail reception information. Referring to FIG. 4, the mail receiving unit 301 includes a received mail information notifying unit 311, a mail receiving / saving unit 312, additional registration address user map data 313, and a mail address registration update control unit 314. .

  The received mail information notifying unit 311 passes the header information of the received mail received from the mail receiving / saving unit 312 to the address pair information processing unit 302. The header information includes a recipient mail address, a sender mail address, and information related to the mail sender.

  The mail receiving / storing unit 312 receives mail from the outside, and based on the additional registered address user map data 313, the mail is stored in the original mail address storage destination or the storage destination divided for each individual mail address. The received mail information notifying means 311 is notified of the header information of the stored mail.

  The additional registration address user map data 313 is a database that holds a pair of an additional registration mail address (paid out mail address) and a user's original mail address.

  The e-mail address registration update control unit 314 receives information on the additional e-mail address from the e-mail address information management / processing unit 201, and sets a set of the additional e-mail address (paid out e-mail address) and the original e-mail address of the user. It is registered in the additional registration address user map data 313.

  The address pair information processing unit 302 processes the information notified from the mail receiving unit 301 and notifies the mail address management server 02 of the information. Referring to FIG. 4, the address pair information processing unit 302 includes an address pair information generation unit 321, an address pair generation control unit 322, and an address pair information notification unit 323.

  The address pair information generation unit 321 extracts the sender / receiver's email address, the sender's IP address information, unique header information, and the like from the email header, and sends the email recipient information (for example, the recipient email address) and the email. A pair with sender information (for example, sender mail address) is generated as receiving address pair information.

  The address pair generation control unit 322 uses the mail header information notified from the received mail information notification unit 311 to call the address pair information generation unit 321 to generate reception address pair information, and the address pair information notification unit 323. Call.

  The address pair information notifying unit 323 notifies the mail address information managing / processing unit 201 of the generated received address pair information.

  The service providing site server 04 is an information processing apparatus that operates under program control. The service providing site server 04 provides from the terminal device 01 a means for providing the terminal device 01 with a personal information registration page 401 for registering personal information including the paid-out email address, and the personal information including the paid-out email address. Means for receiving and registering in a storage unit (not shown), and means for sending an e-mail addressed to the paid-out e-mail address. The service providing site server 04 is also referred to as a registered site. The service providing site server 04 is a general Web server having a page for registering personal information including an e-mail address, and is generally known, so a detailed description of the configuration of the server is omitted.

  The other site server is an information processing apparatus that operates under program control, and includes means for transmitting and receiving mail. The other site server is a general server and is generally known, and thus detailed description of the configuration of the server is omitted.

  Next, the operation of the best mode for carrying out the present invention will be described in detail with reference to the drawings.

  In the present invention, the operation of the service providing site server 04 and the function of the client program 101 on the terminal device 01 displaying the page on the service providing site server 04 are operations of a general Web server and Web browser. Therefore, explanation here is omitted.

  The operation of the system in the present invention is mainly divided into two phases. One is an operation in paying out and registering an e-mail address, and the other is an operation in receiving an e-mail. Here, they will be described individually.

  Further, the processing at the time of an error such as an error during authentication, communication, or registration failure in the database is not the essence of the present invention, and thus the description thereof is omitted here.

  Further, it is assumed that the address site pair information database is as shown in FIG. 13A, and the additional registered address user map data is as shown in FIG. 14A.

  First, the operation at the time of paying out and registering an e-mail address will be described.

  A service providing site server 04 that requires registration of user information including an e-mail address using the client program 101 on the terminal device 01 in order for one of the users using this service to receive some service. The above personal information registration page 401 is accessed. Information on the personal information registration page 401 is held in the page information holding function 111. Further, it is assumed that the mail address registration area 112 is already displayed in the display area on the client program 101.

  In addition, it is assumed that the client program 101 can already call the plug-in user interface 120 by a keyboard shortcut or a pull-down menu by the mail address acquisition / registration plug-in 113.

  At this time, in order to register the mail address in the mail address registration area 112, when the user moves the cursor to the mail address registration area 112 and calls the plug-in user interface 120 of the mail address acquisition / registration plug-in 113, the following processing is performed. Executed.

  (Step 1-1) The plug-in user interface 120 calls the mail address registration control function 121.

  (Step 1-2) The called e-mail address registration control function 121 calls the registered site information acquisition function 122.

(Step 1-3) The registered site information obtaining function 122 accesses the page information holding function 111, and the page currently displayed by the client program 101 and the site where the user intends to register the e-mail address and the site information (hereinafter referred to as the following) , It is referred to as site-related information, or also referred to as registration site information), and handed over to the mail address registration control function 121. The site-related information includes the following information as an example.
-URL of the page where user information is to be registered
-If there is a signature on the page where user information is to be registered, the signature information, and if SSL is used, the site operator information and user information included in the certificate are included in the page where the user information is to be registered. Link information such as contact address included and other information other than the above, page information that the page information holding function 111 holds information that is considered to be effective in identifying the site operator (for example, the email address of the registered site) Extract from and use. In this example, the registered site information is “xyz”.

  (Step 1-4) The mail address registration control function 121 that has acquired the site related information from the registered site information acquisition function 122 next calls the management server communication control function 124 to manage and process the mail address information of the mail address management server 02. Attempt to connect with means 201.

  (Step 1-5) The called management server communication control function 124 calls the management server connection management function 123 to acquire authentication information and connection procedure necessary for connection with the mail address information management / processing means 201, and Attempts to connect to the in-communication control means 213. The communication protocol and authentication method used here are not specified, but generally a session is established by SSL (Secure Sockets Layer). These authentication information and connection procedure are registered in advance in the management server connection management function 123, for example. Authentication information (for example, user name and password) may be set in advance at the time of environment setting after installation of the plug-in module or after installation. Graphical User Interface) may be generated and input by user interaction. In addition, the connection procedure is unique or open with a low-layer communication protocol between the server and the client, such as a procedure for authenticating the other client and user, such as IPSec (Security Architecture for Internet Protocol) or SSL. Connection procedures as well as application specific connection procedures.

  (Step 1-6) Upon receiving the connection request from the management server communication control function 124, the plug-in communication control unit 213 authenticates the connection request using the plug-in connection management unit 217 and acquires information on the connection source user. At the same time, if authentication is established, a communication session (hereinafter referred to as a plug-in session) is established, and information on the session (information on the connection source user (for example, the original mail address of the user) and the connection is established. The terminal IP address, etc., hereinafter referred to as plug-in session information) is temporarily stored. In this example, the user's original mail address is “aaaaa”.

  (Step 1-7) When the plug-in session is established in Step 1-6, the management server communication control function 124 returns the information to the mail address registration control function 121.

  (Step 1-8) The mail address registration control function 121 notifies the management server communication control function 124 of site related information.

  (Step 1-9) The management server communication control function 124 transfers the site related information to the plug-in communication control means 213 through the established plug-in session.

  (Step 1-10) The plug-in communication control means 213 uses the address related information transferred from the management server communication control function 124 and the plug-in session information temporarily held in the above step 1-6 Delivered to the site pair information management means 214.

  (Step 1-11) The address / site pair information management means 214 passes control to the new mail address issuing means 212.

  (Step 1-12) The new mail address issuing means 212 to which control is given pays out a new mail address that does not overlap with the existing mail address. In the present invention, a method for generating an address that does not overlap with an existing mail address is not described in detail, but is assumed to be realized using a general user management database or the like. In this example, the issued mail address is “xxxaaa”.

  (Step 1-13) The address / site pair information management means 214 that has acquired a new e-mail address (paid out e-mail address) uses the plug-in session information handed over in Step 1-10 to send the user's original e-mail. Retrieve the address. Then, in order to set mail reception to the mail receiving server 03 together with the new mail address (paid out mail address), the two mail address information is delivered to the mail receiving server communication control means 211.

  (Step 1-14) The mail receiving server communication control means 211 is connected to the mail address registration update control means 314 on the mail receiving server 03, and transfers the two mail address information delivered in step 1-13. Note that the establishment of the communication session here does not need to be divided for each user, and thus is not referred to as a plug-in session. Although it is assumed that a session such as SSL using general client authentication is used, the protocol and authentication method are arbitrary.

  (Step 1-15) The mail address registration update control means 314 registers the two passed mail addresses in the additional registration address user map data 313, and returns registration completion to the mail receiving server communication control means 211. Here, the additional registration address user map data 313 is as shown in FIG.

  (Step 1-16) The mail receiving server communication control means 211 notified of the registration completion notifies the address / site pair information management means 214 of the registration completion.

  (Step 1-17) The address / site pair information management means 214 notified of the completion of registration uses the site-related information and plug-in session information delivered in Step 1-10 above, the user's original mail address, new The e-mail address (paid out e-mail address) and information on the site where the user intends to register a new e-mail address (registered site information) are collected and created as address / site pair information. Then, the created address / site pair information is registered in the address site pair information database 216, and after the registration is completed, a new mail address (paid out mail address) is returned to the plug-in communication control means 213. When registering the address / site pair information in the address site pair information database 216, additional information such as registration time and numerical counter is separately registered. Here, the address site pair information database 216 is as shown in FIG.

  (Step 1-18) The plug-in communication control means 213 that has returned the new mail address returns the new mail address to the management server communication control function 124 through the plug-in session.

  (Step 1-19) Upon receiving the new mail address, the management server communication control function 124 disconnects the plug-in session and returns the received new mail address to the mail address registration control function 121.

  (Step 1-20) Upon receiving the new mail address, the mail address registration control function 121 similarly returns the new mail address to the plug-in user interface 120.

  (Step 1-21) Upon receiving the new mail address, the plug-in user interface 120 puts the received new mail address (paid out mail address) in the mail address registration area 112 displayed by the client program 101. insert.

  Through the above processing, a unique mail address for the user to register in the personal information registration page 401 on the service providing site server 04 is paid out.

  Note that there may be a problem that a mail address payout request is continuously executed a plurality of times due to a user operation mistake on the page of the same site. As a countermeasure, a duplicate check or the like in the address / site pair information management unit 214 or the like is necessary. However, since these are not the essence in the present invention, a description of the processing related to the fault tolerance is omitted. .

  Next, an operation at the time of receiving a mail addressed to the paid-out mail address will be described.

  First, an outline will be described.

  The address pair information processing unit 302 creates reception address pair information for all mails corresponding to the additional registration address registered in the additional registration address user map data 313 and registers it in the address site pair information database 216. These are determined by the address site pair information correlation determination means 215.

  Hereinafter, this will be described in detail. Note that the address site pair information database 216 is as shown in FIG.

  The mail received from the outside is first accepted by the mail receiving / saving means 312 of the mail receiving server 03, and the following processing is executed.

  (Step 2-1) When receiving mail from outside, the mail receiving / storing unit 312 refers to the additional registered address user map data 313, and the received mail address is not the original mail address of the user but a specific service providing site. It can be determined whether or not it is issued for the server 04. If it is not for a specific site, the mail is stored in the user's mail spool (original mail server operation).

(Step 2-2) If the received e-mail address is issued to the specific service providing site server 04 in the above step 2-1, the received e-mail address is compared with the issued e-mail address. If they match, the received mail information notifying means 311 is notified of the corresponding mail body and the address information (received mail address) of the mail recipient, and the mail is stored in the mail spool according to the setting.
The mail storage method is not directly related to the essence of the present invention, and any method may be used, but the following method is an example.
[Method Example 1] When the user is set to receive all e-mails for a specific site at the user's original e-mail address, the e-mail is stored in the user's original e-mail spool.
[Method Example 2] When a user receives a mail for a specific site at the user's original mail address, but the setting is to receive only the save destination in separate folders, the individual addresses assigned for each mail address Save to mail spool.
[Method Example 3] When the user is set to receive e-mails for a specific site as individual user addresses, all of them are stored in the mail spool as individual users.

  (Step 2-3) The received mail information notifying means 311 that is notified of the received mail body and the information of the mail address that received it extracts only the mail header from the mail body and combines it with the received mail address information. The address pair generation control unit 322 of the address pair information processing unit 302 is notified.

  (Step 2-4) The address pair generation control means 322 notified of the mail header and the received mail address information extracts information about the mail sender (referred to as sender site information, for example, the sender mail address) from the mail header. The received address pair information is generated together with the information of the mail recipient (referred to as recipient site information, for example, received mail address), and notified to the address pair information notifying unit 323. In this example, in the case of Example a, the sender site information is “ppp”. In the case of example b, the sender site information is “qqq”.

  (Step 2-5) The address pair information notifying unit 323 notified of the received address pair information transfers the information to the mail receiving server communication control unit 211.

  (Step 2-6) The mail receiving server communication control means 211 notified of the received address pair information passes control to the address / site pair information managing means 214 and hands over the received received address pair information.

  (Step 2-7) The address / site pair information management means 214 to which control is given from the mail reception server communication control means 211 stores the received address pair information in the address site pair information database 216, Control is passed to the information correlation determination means 215. However, this transfer of control is not always performed by the transfer of control from the mail receiving server communication control unit 211, but waits for a statistically significant number of samples to be accumulated. Control shall be passed every period.

(Step 2-8) Address site pair information correlation determination means 215 to which control has been given is the site where the user registered the mail address (registered site information) and the sender information of the received mail (sender site information) The correlation with is determined.
An example of the determination processing method is shown below.
In this description, data handled for convenience is defined as follows.
[Definition 1] MailA [1 to n] (n mail addresses are assigned to n sites) as the mail address (paid out mail address) registered by the site mail address registration by the user in step 1-17 above. The registered site information is assumed to be SiteA [1-n] (similarly, it is assumed that the site corresponding to MailA [1-n] is registered).
[Definition 2] The address site pair information database 216 has a link from MailA [x] (x is an arbitrary numerical value from 1 to n) to SiteA [x].
[Definition 3] The registered domain information obtained by extracting the domain part from SiteA [x] registered above is defined as DomainA [x].
[Definition 4] The address site pair information database 216 adds related domains and mail address information to each site and domain information associated with the user's mail address registered in step 1-17. Has the function to set. It also has a function to add and set multiple numerical counters corresponding to the added related domains and email addresses. A configuration example of the address site pair information database 216 is shown in FIG.
[Definition 5] Of the received address pair information notified in Step 2-6 above, the recipient email address is MailR, the sender email address is MailS, and the sender's IP address extracted from the header information and the IP address. The domain information of the host name to be reversed is DomainS.

(Step 2-8-1) First, a process of updating the address site pair information database 216 is performed.
This process is executed every time the process of step 2-7 is performed.

  (Step 2-8-1-1) From MailA [1-n], search mail address MailA [m] that matches the received mail address MailR, and extract paired SiteA [m] and DomainA [m] (m is an index that satisfies the condition). In this example, the received mail address is “xxxaaa”. Since the received e-mail address “xxxaaa” matches the issued e-mail address “xxxaaa”, the registered site information “xyz” corresponding to the issued e-mail address “xxxaaa” is extracted.

  (Step 2-8-1-2) The mail address SiteA [m] .MailS [0 to n] associated with SiteA [m] is searched for one that matches MailS.

  (Step 2-8-1-3) If there is no e-mail address (sender site information, for example, sender e-mail address) that matches in Step 2-8-1-2, SiteA [m] .MailS [n + 1 ], MailS is registered and the counter of SiteA [m] .MailS [n + 1] is set to “1”. In this example, in the case of Example b, since there is no sender site information related to the extracted registered site information “xyz” that matches “qqq”, “qqq” is registered as the sender site information, and “qqq Set the numeric counter of “1” to “1”. The address site pair information database 216 is as shown in FIG. In the case of Example b, it is indicated that the mail address “xxxaaa” issued for the registered site information “xyz” is used by the sender site information “qqq”.

  (Step 2-8-1-4) If the mail address SiteA [m] .MailS [l] matching in Step 2-8-1-2 above exists, the counter for SiteA [m] .MailS [l] Increment. In this example, in the case of Example a, since there is a piece of sender site information related to the extracted registered site information “xyz” that matches “ppp”, the numerical counter of “ppp” is incremented. The address site pair information database 216 is as shown in FIG. In the case of example a, it is indicated that the mail address “xxxaaa” issued for the registered site information “xyz” is used by the sender site information “ppp”.

  (Step 2-8-1-5) Similarly, the domain SiteA [m] .DomainS [0 to n] associated with SiteA [m] is searched for a match with DomainS, and the above Step 2-8 Perform the same process as -1-3 and step 2-8-1-4.

(Step 2-8-2) Next, the updated site / domain counter is checked from the updated address site pair information database 216, and correlation is determined.
In this process, the process in step 2-7 is executed a predetermined number of times or every predetermined time.

(Step 2-8-2-1) The updated SiteA [m] .MailS [l] value is acquired from the address site pair information database 216. If the value is a certain number or more, SiteA [m ] And MailS [l] are considered correlated. For example, if the fixed number is “10”, in this example, it is determined that there is a correlation between the registered site information and the sender site information in both cases of example a and b.
If it is determined that there is a correlation, it is determined that the information registered in the registration site is leaked.

  (Step 2-8-2-2) The updated SiteA [m] .DomainS [l] value is acquired from the address site pair information database 216. If the value is a certain number or more, SiteA [m ] And DomainS [l] are considered correlated. If there is a correlation, it is determined that the information registered in the registration site is leaked.

  (Step 2-8-2-3) Reset the count (return to “0”).

  In the above example, the correlation is simply determined by the number of counts. In addition, for example, instead of incrementing the counter, when registering the received address pair information in the address site pair information database 216, all the registration times are recorded, and the mail count number for each fixed time is tabulated. A change amount (differential value) may be calculated, and if there is a change amount greater than a certain amount, it may be considered that there is a correlation.

  (Step 2-9) When the address site pair information correlation determining means 215 detects that the registered site and the transmission address of the received mail have a correlation in Step 2-8, the detected result is converted into the address / site pair information. The management unit 214 is notified.

  (Step 2-10) After the address / site pair information management unit 214 receives the result notification of the above step 2-9, if the determination result is correlated, the processing result notification unit 202 is notified of the correlation result information. .

  (Step 2-11) Upon receiving the result notification in Step 2-10, the processing result notifying means 202 notifies the result by external log output or mail or message.

  As described above, according to the present invention, the relationship between the sender of mail arriving at a plurality of users registered in the mail receiving server 03 and the registered site where the user registered the mail address is detected. Thus, for example, it is possible to find a tendency that the combination of a specific registered site and a transmission source address (sender site information) is rapidly increasing in a short time. It is possible to effectively detect the outflow of the mail address from the registered site to the mail sender, which is difficult to determine at the individual level.

  In addition, when registering personal information including an e-mail address on a registration site, the e-mail address to be used is automatically issued. As a result, when registering personal information including an email address on a specific registration site, when registering a new email address on the registration site when the user does not want to use the email address normally used The troublesome procedure is no longer necessary.

  Next, the effect of the present invention will be described.

  The first effect is that it is possible to detect early the possibility that personal information including an e-mail address has passed from a registered site to a third party.

  The reason is that the correlation between the registration site where the personal information including the mail address is registered and the sender (sender site) of the received mail is determined.

  The second effect is that the troublesomeness of issuing a new mail address in the case of using a plurality of mail addresses can be eliminated.

  The reason is that information necessary for new issuance of e-mail addresses is registered in the plug-in module on the client side, connected to an e-mail address management server that issues e-mail addresses on demand, and the necessary e-mail address issuance procedure is automatically performed. It is because it was made to do in.

  According to the present invention, the leakage of personal information is detected at an early stage, the use of personal information by a business operator who does not originally consent to the passing of personal information is detected at an early stage, and the information is provided to the user. It can be applied to a purpose of stopping the use of personal information traded in

  In addition, by applying the domain part and mail address part of the present invention to mobile phone numbers and the like, and applying the mail receiving server side to an answering machine, etc., not only mail addresses but also phone numbers can be leaked. Detection is possible at an early stage.

It is a block diagram which shows the structure of embodiment of this invention. 4 is a block diagram showing a configuration of a mail address acquisition / registration plug-in 113. FIG. 3 is a block diagram showing a configuration of a mail address information management / processing function 201. FIG. It is a block diagram which shows the structure of a mail receiving server. It is a figure which shows the flow at the time of payment / registration of an e-mail address. It is a figure which shows the flow (continuation) at the time of payment / registration of an e-mail address. It is a figure which shows the flow (continuation) at the time of payment / registration of an e-mail address. It is a figure which shows the flow at the time of the mail reception addressed to the paid-out mail address. It is a figure which shows the flow (continuation) at the time of the mail reception addressed to the paid-out mail address. It is a figure which shows the flow which determines a correlation. It is a figure which shows the detailed flow of the process which updates an address site pair information database. It is a figure which shows the detailed flow of the process which performs correlation determination. It is a figure explaining transition of an address site pair information database. It is a figure explaining the additional registration address user map data. It is a figure explaining an address site pair information database.

Explanation of symbols

01 terminal device 02 mail address management server 03 mail receiving server 04 service providing site server 101 client program 111 page information holding function 112 mail address registration area 113 mail address acquisition / registration plug-in 120 plug-in user interface 121 mail address registration control function 122 Registration site information acquisition function 123 Management server connection management function 124 Management server communication control function 201 Mail address information management / processing means 202 Processing result notification means 211 Mail receiving server communication control means 212 New mail address issuing means 213 Plug-in communication control means 214 Address / site pair information management means 215 Address site pair information correlation judgment means 216 Address site pair information database 2 7 Plug-in connection management means 301 Mail receiving means 302 Address pair information processing means 311 Received mail information notifying means 312 Mail receiving / storing means 313 Additional registered address user map data 314 Mail address registration update control means 321 Address pair information generating means 322 address Pair generation control means 323 Address pair information notification means 401 Personal information registration page

Claims (14)

A mail address leak detection system including a terminal device, a mail receiving server, a mail address management server, and a service providing site server,
The terminal device
Requests the e-mail address management server to send out an e-mail address for the service providing site server (referred to as a registered site), and sends the service providing site server information (referred to as registered site information) to the e-mail address management server. Means to
Means for registering the paid-out e-mail address in the registration site,
The email address management server
Means for paying out the requested email address and transmitting it to the terminal device;
Means for receiving a received mail address and mail sender site information from the mail receiving server, collating the received mail address with the paid-out mail address, and storing the mail sender site information if they match; ,
Means for determining a correlation between the registered site information received from the terminal device and the accumulated mail sender site information, and determining that a mail address registered in the registered site is leaked if there is a correlation; Including,
The mail receiving server is
Including means for receiving an email from an external site, extracting the received email address and email sender site information from the received email and sending the email to the email address management server;
An e-mail address leak detection system. A mail address leak detection system including a terminal device, a mail receiving server, a mail address management server, and a service providing site server,
The terminal device
Means for requesting payment of an email address for the service providing site server by transmitting registration site information and a user's original email address to the email address management server;
Means for transmitting an e-mail address issued from the e-mail address management server to the service providing site server,
The email address management server
Means for paying out an e-mail address for the service providing site server requested from the terminal device;
Means for registering a pair of the registered site information received from the terminal device, the original email address of the user and the paid-out email address in the first database as address site pair information;
Means for transmitting the original mail address of the user received from the terminal device and the paid-out mail address to the mail receiving server;
Means for updating the first database with the received address pair information received from the mail receiving server;
Referring to the updated first database, the correlation value between the registered site information and the mail sender site information is calculated. If the calculated correlation value is equal to or greater than a predetermined value, it is determined that there is a correlation. Correlation determining means for determining that an e-mail address registered on the registration site is leaked;
Means for notifying a detection result when it is detected that there is a correlation between the registered site information and the mail sender site information;
The service providing site server is
Means for receiving the registered e-mail address from the terminal device and registering it in a storage unit;
The mail receiving server is
Means for receiving the original mail address of the user and the paid-out mail address from the mail address management server and registering them in a second database;
Receiving a mail from an external site, extracting a received mail address and mail sender site information from the received mail, and using the extracted pair of the received mail address and the mail sender site information as received address pair information Means for transmitting to the address management server,
An e-mail address leak detection system. The means for updating the first database comprises:
When the mail sender site information is already registered in the first database, the mail sender site information counter is incremented, and when the mail sender site information is not registered in the first database. Register the mail sender site information in the first database and set the counter of the mail sender site information to “1”;
The correlation determination means includes
Calculating a correlation value by summing up the counters of the mail sender site information;
The e-mail address leak detection system according to claim 2. The service providing site server is
Means for transmitting a personal information registration page for registering personal information to the terminal device;
The terminal device
Means for inserting the paid-out email address into the personal information registration page;
The e-mail address leak detection system according to claim 2 or 3, A mail address leak detection method of a mail address leak detection system including a terminal device, a mail receiving server, a mail address management server, and a service providing site server,
The terminal device
Requests the e-mail address management server to send out an e-mail address for the service providing site server (referred to as a registered site), and sends the service providing site server information (referred to as registered site information) to the e-mail address management server. And
The email address management server
Send out the requested email address and send it to the terminal device,
The terminal device
Register the paid email address on the registration site,
The mail receiving server is
Receive email from an external site, extract the received email address and email sender site information from the received email and send it to the email address management server,
The email address management server
Receiving the received mail address and the mail sender site information from the mail receiving server, collating the received mail address with the paid-out mail address, and storing the mail sender site information if they match,
Determining the correlation between the registered site information received from the terminal device and the stored mail sender site information, and determining that there is a leak, the email address registered in the registered site if there is a correlation;
An e-mail address leak detection method characterized by the above. A mail address leak detection method of a mail address leak detection system including a terminal device, a mail receiving server, a mail address management server, and a service providing site server,
The terminal device
The service providing site server information (referred to as registration site information) and the user's original mail address are transmitted to the mail address management server to request the delivery of the mail address for the service providing site server (referred to as registration site). ,
The email address management server
Pay out the email address for the registered site requested from the terminal device,
The user's original mail address received from the terminal device and the paid-out mail address are transmitted to the mail receiving server,
The mail receiving server is
Register the original email address of the user received from the email address management server and the paid-out email address in the second database;
The email address management server
Registering the registered site information received from the terminal device and the user's original email address and the paid-out email address in the first database as address site pair information,
The terminal device
Send the paid email address to the registration site,
The service providing site server is
Register the paid-out email address received from the terminal device in the storage unit,
The mail receiving server is
Receiving a mail from an external site, extracting a received mail address and mail sender site information from the received mail, and using the extracted pair of the received mail address and the mail sender site information as received address pair information Sent to the address management server,
The email address management server
Updating the first database with the received address pair information received from the mail receiving server;
Referring to the updated first database, a correlation value between the registered site information and the mail sender site information is calculated, and it is determined that there is a correlation if the calculated correlation value is equal to or greater than a predetermined value. And determine that the email address registered on the registration site is leaked,
Notifying the detection result when it is detected that there is a correlation between the registered site information and the mail sender site information;
An e-mail address leak detection method characterized by the above. The email address management server
When the mail sender site information is already registered in the first database, the mail sender site information counter is incremented, and when the mail sender site information is not registered in the first database. Register the mail sender site information in the first database and set the counter of the mail sender site information to “1”;
Calculating a correlation value by summing up the counters of the mail sender site information;
The e-mail address leak detection method according to claim 6. The service providing site server is
Sending a personal information registration page for registering personal information to the terminal device;
The terminal device
Insert the paid email address into the personal information registration page;
The e-mail address leak detection method according to claim 6 or 7, A mail address management server of a mail address leakage detection system including a terminal device, a mail receiving server, and a service providing site server,
Means for paying out the requested email address and transmitting it to the terminal device;
Means for receiving a received mail address and mail sender site information from the mail receiving server, collating the received mail address with the paid-out mail address, and storing the mail sender site information if they match; ,
The correlation between the service providing site server information received from the terminal device and the stored mail sender site information is determined, and if there is a correlation, the mail address registered in the service providing site server by the terminal device Means for determining that the leak has occurred,
A mail address management server characterized by that. A mail address management server of a mail address leakage detection system including a terminal device, a mail receiving server, and a service providing site server,
Means for paying out an e-mail address for the service providing site server (referred to as a registration site) requested from the terminal device;
Means for registering in the first database a pair of the service providing site server information received from the terminal device (referred to as registration site information), the original email address of the user and the paid-out email address as address site pair information; ,
Means for transmitting the original mail address of the user received from the terminal device and the paid-out mail address to the mail receiving server;
Means for receiving a received mail address and mail sender site information from the mail receiving server and updating the first database;
Referring to the updated first database, the correlation value between the registered site information and the mail sender site information is calculated. If the calculated correlation value is equal to or greater than a predetermined value, it is determined that there is a correlation. Correlation determining means for determining that an e-mail address registered on the registration site is leaked;
Means for notifying a detection result when it is detected that there is a correlation between the registered site information and the mail sender site information,
A mail address management server characterized by that. The means for updating the first database comprises:
When the mail sender site information is already registered in the first database, the mail sender site information counter is incremented, and when the mail sender site information is not registered in the first database. Register the mail sender site information in the first database and set the counter of the mail sender site information to “1”;
The correlation determination means includes
Calculating a correlation value by summing up the counters of the mail sender site information;
The mail address management server according to claim 10. A mail address management server program of a mail address leakage detection system including a terminal device, a mail receiving server, and a service providing site server,
A process of paying out the requested email address and sending it to the terminal device;
A process of receiving the received mail address and the mail sender site information from the mail receiving server, collating the received mail address with the paid-out mail address, and storing the mail sender site information if they match ,
The correlation between the service providing site server information received from the terminal device and the stored mail sender site information is determined, and if there is a correlation, the mail address registered in the service providing site server by the terminal device The process of determining that is leaked,
A program characterized by having A mail address management server program of a mail address leakage detection system including a terminal device, a mail receiving server, and a service providing site server,
A process of paying out an e-mail address for the service providing site server (referred to as a registration site) requested from the terminal device;
A process of registering in the first database a pair of the service providing site server information received from the terminal device (referred to as registration site information), the user's original email address and the paid-out email address as address site pair information; ,
A process of transmitting the original mail address of the user received from the terminal device and the paid-out mail address to the mail receiving server;
Receiving the received mail address and mail sender site information from the mail receiving server and updating the first database;
Referring to the updated first database, the correlation value between the registered site information and the mail sender site information is calculated. If the calculated correlation value is equal to or greater than a predetermined value, it is determined that there is a correlation. A correlation determination process for determining that an email address registered in the registration site is leaked;
A process for notifying a detection result when it is detected that there is a correlation between the registered site information and the mail sender site information;
A program characterized by having When the mail sender site information is already registered in the first database, the mail sender site information counter is incremented, and when the mail sender site information is not registered in the first database. Registering the mail sender site information in the first database and setting the counter of the mail sender site information to “1”;
A process of calculating a correlation value by summing up the counters of the mail sender site information;
14. The program according to claim 13, wherein the program is executed.

Images