KR100867940B1 - Method for Blocking Spam Mail - Google Patents

Abstract

The present invention relates to a spam mail blocking system and method for blocking the reception of spam mails sent randomly in bulk for advertisement, etc. transmitted through the Internet or wired or wireless communication network.

The spam mail blocking system and method according to the present invention not only effectively blocks spam mail by authenticating the sender of the e-mail through a response to the authentication mail, but also allows the authentication mail to be distinguished from the normal mail between the spam blocking systems. There is a remarkable effect that can prevent the transmission and reception repeatedly.

Spam mail; certification; SMTP; Authentication mail; Sender self-authentication; Ping pong; Roofing; Pending list

Description

How to block spam mail {Method for Blocking Spam Mail}

1 is a block diagram of a spam mail blocking system according to the present invention.

2 is a flowchart of a spam mail blocking process according to the present invention;

3 is a diagram illustrating a mail transmission and reception process in a general SMTP session.

4 and 5 are views for explaining a process of transmitting and receiving authentication mail according to the present invention.

6 is a block diagram of a spam mail blocking system using a blacklist according to the present invention.

7 is a flowchart of a spam mail blocking process using a blacklist according to the present invention.

*** Explanation of symbols on the main parts of the drawing ***

10: mail transmission and reception unit 20: temporary storage unit

30: list of authenticators 40: authentication processing unit

50: black list blocking unit 60: black list processing unit

70: blacklist 100: anti-spam system

200, 300: mail server 400: internet or wired or wireless communication network

The present invention relates to a spam mail blocking system and method, and more specifically, spam mail for blocking the reception of spam mails, which are randomly sent in bulk for advertisement, etc. transmitted through the Internet or wired or wireless communication network. A blocking system and method are disclosed.

E-mail is a means of transmitting messages through the Internet or wired and wireless networks, and its use is increasing rapidly. As the use of e-mail is becoming more common and its weight is increasing, spam mail using e-mail is rapidly increasing as a medium of advertising / marketing targeting an unspecified majority. Therefore, the recipient may not only spend a lot of time and effort to identify and delete unnecessary spam mails, but may also be exposed to malicious codes, causing unnecessary waste of network and system resources.

The conventional techniques for blocking such spam mails typically include searching and filtering whether a specific word or the like is included in the subject or content of an email based on a common characteristic of spam mails, and particularly spam reported. There is a way to blacklist domains or email addresses to block email sent from these domains or email addresses.

However, in the case of searching and filtering a specific word, it is difficult to effectively block the e-mail spam evolving because it is based on the information inferred from the spam mail received in the past, and in the case of the spam mail composed of images rather than texts There was a problem that proper filtering was difficult. In addition, there is a problem in filtering the e-mail containing a specific word, such as to filter out the normal e-mail containing these words. In addition, in the case of using the black list, there is a problem that the sender of spam mail cannot block when using various sender e-mail addresses or creating a virtual e-mail address.

Accordingly, there is an urgent need for an effective technology that can effectively block randomly transmitted spam mails.

The present invention has been presented to solve the above problems, and an object of the present invention is to authenticate an e-mail sender with a predetermined authentication mail, and to receive and process an e-mail sent by an authenticated sender to a receiver as a normal e-mail to an unspecified recipient. It is to provide a spam blocking system and method that can effectively block spam sent randomly.

In addition, another object of the present invention is to send an authentication mail to the sender of the e-mail authentication between the sender and the recipient's mail system by allowing the mail system to separately receive the normal e-mail (spam mail, normal mail) and authentication mail It is to provide a spam mail blocking system and method that can prevent only sending and receiving mail indefinitely.

In addition, another object of the present invention is to provide an anti-spam system and method for receiving and checking e-mail sent by the sender arbitrarily before receiving a response of the authentication mail sent to authenticate the sender of the e-mail. To provide.

In order to achieve the above object, the spam mail blocking system according to the present invention, located in the front end of the mail server for sending and receiving e-mail, authentication mail for authenticating the sender with the sender's e-mail address to send the e-mail A spam mail blocking system for transmitting the request message and authenticating the sender according to whether or not the sender responds to the authentication mail, and receiving / deleting the e-mail, wherein the e-mail is received and the authentication mail is transmitted. The e-mail is temporarily stored in a temporary storage unit for a set time and then deleted if the sender's response is not received within the set time. If the sender's response is received within the set time, the e-mail is temporarily stored. A mail transmitting / receiving unit for transmitting to the mail account of the receiver of the mail server; A blacklist for storing the sender's e-mail address or IP address which all the recipients registered in the mail server refuse to receive; A blacklist blocking unit positioned at a front end of the mail transmitting / receiving unit to block reception of an e-mail transmitted from an e-mail address or an IP address included in the black list among the received e-mails; An authenticator list for storing the sender's e-mail address authenticated through the authentication mail and an e-mail address of any sender registered by the receiver of the e-mail to receive the e-mail without the authentication; Search whether the sender's email address is included in the authenticator list, and if the sender's email address is not included in the authenticator list, send the authentication mail to the sender's email address, An authentication processing unit for authenticating the sender according to whether the sender accesses and responds through the authentication mail; A pending list which is a list linked to the temporary stored e-mail so that the recipient can arbitrarily select, receive and store the e-mail temporarily stored in the temporary storage unit; And an e-mail intermittently stored in the temporary storage unit for the set time in association with the temporary storage unit, the pending list, and the authenticator list, for which all recipients of the e-mail have not received through the pending list. The blacklist lists the sender's email address or IP address of the email with the same characteristics by comparing the characteristics including the sender's email address, the sending IP, the subject of the email, and the body of the email. And a blacklist processing unit which registers the blacklist and the authenticator list in real time and deletes an e-mail address of a sender commonly included in the blacklist and the authenticator list from the blacklist. This contact information includes a URL for the sender to access the authentication processing unit. Information, characterized in that it contains the ad links and unique key and a particular website.

Preferably, the authentication mail includes identification information for distinguishing the authentication mail from a general electronic mail in a header of the authentication mail, and the mail sender selects the email selected by the recipient from the pending list. Is transmitted to the mail account of the recipient of the mail server regardless of whether or not it responds to the authentication mail, and the authentication processing unit sends the sender's email address for the email selected by the recipient from the pending list. Add to the list of certifiers. Further, the authentication processing unit stores the unique key for the authentication mail and a corresponding key value for verifying the sender's response to the unique key, and accessing the sender and the unique key through the authentication mail. The sender's response to the key value is compared with the key value to authenticate the sender, or display a special character pattern graphically displayed on a web page linked with the access information, and receives the special character pattern from the caller. The caller may be authenticated or a question having a correct answer may be provided in a web page linked with the access information, and after receiving the correct answer from the caller, the caller may be authenticated according to whether the correct answer is made.

Further, in order to achieve the above another object, the spam mail blocking method according to the present invention, in the front end of the mail server A for sending and receiving e-mail, to authenticate the sender with the sender's e-mail address of sending the e-mail A spam mail blocking method for transmitting an authentication mail for transmitting the authentication mail and authenticating the sender according to whether the sender responds to the authentication mail and transmitting the electronic mail of the authenticated sender to the receiver, wherein all registered mails are registered in the mail server A. A first step of blocking reception of an e-mail sent from an e-mail address or an IP address included in a blacklist storing an e-mail address or an IP address of a sender which the recipient refused to receive; A second step of receiving an e-mail not blocked in the first step; A third step of retrieving the sender's e-mail address from a list of authenticators, the list of sender's e-mail addresses for which the transmission of the e-mail to the recipient has been authenticated and approved; A fourth step of transmitting the email to the mail account of the recipient of the mail server A, if the sender's email address is in the authenticator list; If the sender's e-mail address is not in the list of authenticators, the authentication mail includes access information including a URL for the sender to access a particular web page for authentication, a unique key and an advertisement linked to the particular website Generating and transmitting to the sender's e-mail address, and temporarily storing the e-mail in a temporary storage unit for a set time; When the sender's response to the authentication mail is received within the set time, the e-mail temporarily stored in the temporary storage unit is transferred to the mail account of the receiver of the mail server A, and the sender's e-mail address is sent. Adding to the list of authenticators a sixth step; A seventh step of deleting the e-mail temporarily stored in the temporary storage unit when the response of the sender to the authentication mail is not received within the set time; An eighth step of providing the recipient with a pending list which is a list linked with the e-mail so as to check the e-mail temporarily stored in the temporary storage unit; The e-mail selected by the recipient from the pending list is transmitted to the mail account of the recipient of the mail server A regardless of whether or not it responds to the authentication mail, and the e-mail address of the sender of the selected e-mail is authenticated. A ninth step of adding to the child list; The sender's e-mail address between e-mails which are not selected through the pending list by all recipients of the e-mails among the e-mails temporarily stored in the temporary storage for the set time in the fifth step. A tenth step of registering an e-mail address or an IP address of a sender of the e-mail having the same characteristic as each other by comparing each characteristic including an originating IP, a subject of the e-mail, and a body content of the e-mail; And an eleventh step of comparing the blacklist and the authenticator list in real time and deleting an email address of a sender commonly included in the blacklist and the authenticator list from the blacklist. The fifth to eighth steps are selectively performed, the sixth and seventh steps are selectively performed, and the eighth and ninth steps are performed with the fifth to seventh steps. The process may be performed regardless of the order, and the eleventh step may be performed regardless of the order of the first to tenth steps.

Preferably, the fifth step may include: a 5-1 step of transmitting a message requesting permission to transmit the authentication mail to a mail server B in which the sender's e-mail address is registered; A fifth step of receiving, by the mail server A, an identification code generated and transmitted by a mail server B according to a predetermined rule to verify transmission of the authentication mail; A fifth step of transmitting a response code generated by the predetermined rule and a pair of key values for the identification code to the mail server B; And a fifth step of receiving a message for authorizing the transmission of the authentication mail from the mail server B, wherein the fifth to fifth steps are for communicating with the mail server B. It is performed at the front end of the protocol for checking the sender's mail account among transport protocols.

Hereinafter, with reference to the accompanying drawings will be described in detail the advantages, features and preferred embodiments of the present invention.

1 is a block diagram of a spam mail blocking system according to the present invention. As shown in FIG. 1, each mail server 200 or 300 transmits and receives mutual e-mail through the Internet or wired / wireless communication network 400, and the spam blocking system 100 according to the present invention includes a mail server 200. It is located at the front end. The mail servers 200 and 300 are general mail servers for sending and receiving e-mails, and mail accounts of senders and recipients for sending and receiving e-mails are registered. 1 illustrates an embodiment in which a spam mail blocking system is provided only in the mail server 200. The mail server 300 is a mail server in which a mail account of an e-mail sender is registered, and the mail server 200 is a mail account of an e-mail recipient. Represents this registered mail server.

The spam blocking system 100 according to the present invention includes a mail transmission and reception unit 10 for transmitting and receiving an e-mail with the mail server 300, a temporary storage unit 20 for temporarily storing the received e-mail, and a spam blocking system 100 It includes an authenticator list (30) for storing a list of the sender authenticated by the; and authentication processing unit 40 for generating and transmitting an authentication mail to the sender to authenticate the sender. On the other hand, the transmission of the authentication mail may be performed by the mail transmission and reception unit 10, of course.

The mail transmitting and receiving unit 10 according to the present invention transmits and receives e-mails through the Internet or wired or wireless communication network (400). Therefore, the e-mail transmitted by the sender from the mail server 300 is received by the mail transmission / reception unit 10 and stored in the temporary storage unit 20. The temporary storage unit 20 temporarily stores the e-mail until the authentication is determined by the authentication processing unit 40, and classifies and stores the e-mail according to the recipient of the e-mail. In addition, the mail transmission / reception unit 10 transmits or deletes the corresponding e-mail to the mail server 200 according to whether the authentication processing unit 40 is authenticated. In detail, when authentication is completed by the authentication processing unit 40, the mail transmitting and receiving unit 10 extracts the corresponding e-mail from the temporary storage unit 20 and transmits the e-mail to the corresponding recipient e-mail address of the mail server 200. The e-mail transmitted to the mail server 200 is stored in a separate storage area (not shown) assigned to the corresponding recipient, so that the recipient can receive and check it. On the other hand, when authentication is not performed by the authentication processing unit 40, that is, when it is determined that the e-mail is spam mail, the mail transmission and reception unit 10 deletes the e-mail stored in the temporary storage unit 20.

The authenticator list 30 according to the present invention is a list of sender's e-mail addresses for which the transmission of the e-mail to the recipient is approved / authenticated. The sender's e-mail address included in the authenticator list 30 includes the sender's e-mail address that has been authenticated by the authentication processing unit 40, and the sender's e-mail address individually registered by the recipient.

The authentication processing unit 40 according to the present invention is a component that blocks spam mail transmitted from spammers by authenticating the sender of the electronic mail through the authentication mail. Specifically, the authentication processing unit 40 searches for the sender of the received e-mail in the authenticator list 30, and generates and transmits an authentication mail when the sender is not included in the authenticator list 30. The authentication mail includes access information such as a URL for the sender to access the authentication processing unit 40. In addition, the authentication processing unit 40 stores a unique key for the authentication mail and a key value corresponding thereto. The corresponding key value is a value for verifying the sender's response to the unique key, wherein the authentication processing unit transmits the unique key in the authentication mail and compares the sender's response with the corresponding key value to authenticate the sender. do. Preferably, the authentication mail includes a message describing the authentication according to the present invention and a message guiding the authentication process to be performed by the sender. More preferably, a predetermined advertisement is inserted into the authentication mail, where the inserted advertisement includes a link to a specific website of the advertiser. The specific authentication process of the authentication processor 40 using the unique key and the corresponding key value may be implemented in various forms. For example, the authentication processing unit 40 displays the special character pattern graphicly processed on the web page to which the caller accesses through the access information, that is, the web page linked to the access information, and requests input of the special character pattern in response. . The graphic special character pattern is a character pattern that the sender can instantly analyze or read the meaning with the naked eye, thereby requiring the public authentication. When the sender enters a special character pattern in response, the authentication processor authenticates the sender by comparing it with the stored value. As another example of the authentication process of the authentication processing unit 40, the authentication processing unit displays a question with a correct answer on the web page linked to the access information, receives a correct answer from the sender, compares the correct answer, and authenticates the sender according to the correct answer. At this time, the displayed question allows the sender to use a question of difficulty that can immediately find the correct answer. Therefore, a sender (spammer) who sends a large amount of spam mail or a spam mail using a randomly generated false account cannot receive the authentication mail or must respond in one hand, thereby effectively identifying the sender of the spam mail. . The authentication processing unit 40 adds the sender's e-mail address to the authenticator list 30 and transmits a message indicating the completion of authentication to the mail transmitting / receiving unit 10 when the authentication is completed by the sender's response to the authentication mail. do. On the other hand, if the response is not received from the sender within the set time, the authentication processor 40 determines that the e-mail as spam mail and transmits a message indicating the authentication failure to the mail transmission and reception unit. Therefore, the mail transmission / reception unit 10 transmits or deletes the e-mail stored in the temporary storage unit 20 according to the authentication completion or authentication failure message of the authentication processing unit 40 to the mail server 200.

On the other hand, each e-mail stored in the temporary storage unit 20 in the state that the authentication of the sender is not complete may be provided to the corresponding recipient in the form of a list. That is, the mail account registrant (recipient) of the mail server 200 may check a list of e-mails for which authentication has not been completed (hereinafter referred to as a 'pending list'), and selectively receive e-mails from the lists. . In this case, the mail transmission / reception unit 10 extracts the e-mail selected by the recipient from the temporary storage unit 20 and transmits the e-mail selected by the recipient to the corresponding recipient mail account of the mail server 200. Therefore, the e-mail received by the receiver through the above process is not deleted regardless of the sender's authentication.

2 is a flowchart illustrating a spam mail blocking process according to the present invention. Referring to Figure 2 describes the spam block process according to the present invention.

When the e-mail is transmitted from the mail server 300, the mail transmitting and receiving unit 10 receives the e-mail and the received e-mail is stored in the temporary storage unit 20 (ST200).

The authentication processing unit 40 searches whether the sender of the e-mail is included in the authenticator list 30 (ST210). Specifically, the sender e-mail address included in the e-mail is searched in the authenticator list 30.

If the sender's e-mail address is included in the authenticator list 30, the mail transmission / reception unit 10 transmits the e-mail stored in the temporary storage unit 20 to the mail account of the receiver of the mail server 200. (ST220, ST230).

On the other hand, if the sender's e-mail address is not in the list of authenticators, the authentication processing unit 40 generates an authentication mail and transmits it to the sender's e-mail address (ST220, ST240). At this time, the authentication mail is preferably generated using a pre-stored generation format (text content, access information, code, etc.). The authentication mail includes access information such as a URL for connecting the sender to the authentication processing unit 40 and a unique key for authenticating the sender. Preferably, the authentication mail includes advertisements linked to specific websites.

The authentication processing unit 40 waits for the sender's response to the authentication mail for a preset time (ST250).

If there is a response from the sender within the set time, the authentication processing unit 40 compares the response and a key value corresponding to the unique key to authenticate the sender, and then registers the sender's e-mail address in the authenticator list 30. (ST260, ST270). Specifically, when the sender accesses the web page linked with the access information of the authentication mail and views and displays the graphic processed special character pattern, or inputs the correct answer to the question displayed on the web page, the authentication processing unit checks this. After authenticating the sender, the e-mail address of the sender is registered in the authenticator list. Therefore, the e-mail received from the sender's e-mail address is then sent directly to the mail server 200 without authentication through the authentication mail.

In addition, the mail transmission / reception unit 10 transmits the e-mail temporarily stored in the temporary storage unit 20 to the recipient mail account of the mail server 200 (ST230).

On the other hand, if the caller does not access the authentication processing unit 40 within the set time, the authentication processing unit transmits a message indicating the authentication failure to the mail transmission and reception unit 10, the electronic transmission and reception unit electronic stored in the temporary storage unit 20 The mail is deleted (ST260, ST280).

On the other hand, the authenticator list 30 can be changed by the recipient directly access to add or delete the sender's e-mail address, and can be set to prohibit the reception of the specific sender's e-mail address. If the recipient deletes the registered sender's e-mail address from the list of authenticators, then the e-mail received from the sender's e-mail address can be received after re-authentication through the authentication process of steps ST240 to ST270. . In addition, it is desirable to prevent the authentication of the e-mail address that is set as non-receipt before the recipient releases it separately. In this case, the mail transmission / reception unit 10 allows the e-mail transmitted from the e-mail address forbidden to be immediately deleted from the temporary storage unit 20 without an authentication process.

In addition, as described above, the mail transmission / reception unit 10 may provide each recipient with a pending list for the e-mail stored in the temporary storage unit 20. In this case, when the corresponding recipient selects to store the specific e-mail among the e-mails of the pending list, the mail transmitting / receiving unit 10 transmits the selected e-mail to the recipient mail account of the mail server 200. Accordingly, the selected e-mail is not deleted regardless of whether the ST250 and ST260 respond to the authentication mail, and the receiver can quickly receive and confirm the e-mail required before the sender's authentication response. In addition, of course, the sender of the selected e-mail may be configured to automatically add an e-mail address to the authenticator list 30.

On the other hand, when the sender's mail server 300 is also applied to the spam blocking system 100 according to the present invention, that is, when the spam blocking system 100 is provided in front of the mail server 300, the spam blocking system on the sender's side also Sender authentication through authentication mail is performed on incoming e-mail. In other words, when the recipient's mail server is called 'mail server A' and the sender's mail server is called 'mail server B', the general mail (hereinafter referred to as 'normal mail') is sent from the mail server B. The spam blocking system 100 of A, the spam blocking system A searches for the list of authenticators 30 and, if not present, transmits an authentication mail A1 for this. At this time, the authentication mail A1 is transmitted by using the email address (recipient ID @ mail server A's domain) or a separate operation account (domain of webmaster @ mail server A) of the receiver (user of the account of mail server A) as the sender. . Therefore, the spam blocking system 100 of the mail server B (the spam blocking system B) also recognizes the authentication mail A1 as a normal mail, searches the list of authenticators 30, and if not present, sends the authentication mail B1 to the mail server A. do. As a result, a looping phenomenon may occur between the spam blocking system A and the spam blocking system B, such as A2, B2, A3, B3, ....

Hereinafter, in order to prevent the infinite sending of the authentication mail as described above, an embodiment of identifying and receiving the authentication mail from the normal mail between the spam blocking system will be described.

Example 1

The first embodiment for preventing the infinite sending of the authentication mail is to generate the authentication mail in a specific format that can be identified or to insert the predetermined identification information in the authentication mail spam system 100, specifically the mail transmission and reception unit 10 is authenticated This is to distinguish mail from normal mail. Preferably, the identification information generated by a certain rule is inserted into the header of the authentication mail. The e-mail consists of a header and a body. The header contains information such as the subject, sender, recipient, and date received. Accordingly, by inserting identification information distinguishable from the general mail in the header of the authentication mail, the spam blocking system 100 can identify it as an authentication mail and transmit it to the sender's mail account without a separate authentication process.

For example, if the subject of the general email sent from the spam blocking system B is' Hello! ', The subject of the authentication mail A1 sent from the spam blocking system A is' Re: Hello! 1ksij334kskfd '. At this time, '1ksij334kskfd' is the identification information indicating that the electronic mail is an authentication mail. On the other hand, it is preferable that the identification information is generated by the encoding module of the spam blocking system A, and the authentication processing unit of the spam blocking system A inserts the identification information into the subject of the authentication mail A1 and transmits it.

Accordingly, the spam blocking system B decodes '1ksij334kskfd' to determine the e-mail as an authentication mail, and searches the authenticator list 30 and sends the authentication mail B1 to the sender mail account of the mail server B without authentication. The authentication mail A1 is transmitted. At this time, the decoding of the identification code is to be performed by the own decoding module of the spam blocking system.

Example 2

The second embodiment to prevent the infinite sending of the authentication mail is to modify the public mail MTA (Mail Transfer Agent) currently in use, so that the mail to be sent before sending the authentication mail B1 from the spam blocking system B to the spam blocking system A is authenticated. Be sure to include a communication process that indicates mail. To this end, a protocol for distinguishing a mail server where a sender is registered and an authentication mail from a general mail is inserted at the front end of a protocol for checking a sender's mail account among the mail transmission protocols used when sending and receiving e-mail. The protocol for the communication process is transparently inserted at the front of the Simple Mail Transfer Protocol and the Extended Simple Mail Transfer Protocol.

In general, SMTP and ESMTP sessions that send and receive mail are sent and received e-mail after verifying the sender's mail account to send and receive mail.

First, a mail transmission / reception process in a general SMTP and ESMTP session will be described with reference to FIG. 3. In general, when the e-mail is transmitted from the mail server A to the mail server B, as shown in FIG. 3, the e-mail is transmitted after checking the account to receive the e-mail. More specifically, it is as follows.

Step 1: The mail server A requests the transmission of the e-mail to the mail server B. At this time, of course, the code for identifying the mail server A is transmitted together with the request message.

Step 2: Mail server B requests a mail account (recipient's email address) to receive the email. In this case, the code for identifying the mail server B is also transmitted together with the request message.

Step 3: Mail server A sends the recipient e-mail address.

Step 4: The mail server B checks whether there is an e-mail address received in the third step. If there is no corresponding e-mail address, mail server B sends an error message to mail server A.

Step 5: The mail server B approves the transmission of the e-mail of the mail server A when the received e-mail address is an account registered in the mail server B.

Step 6: Mail server A sends the actual e-mail to mail server B.

Therefore, the spam mail blocking system according to the present invention inserts a communication process informing the transmission of the authentication mail before the first step.

4 and 5 are diagrams for explaining a process of transmitting and receiving authentication mail according to the present invention, Figure 4 is a view illustrating a process of sending and receiving authentication mail between spam blocking system, Figure 5 is a spam blocking system and a mail server Illustrating the process of sending and receiving authentication mail between users. 4 and 5 illustrate the case where the authentication mail is transmitted from the mail server A to the mail server B. FIG.

First, a case in which the spam blocking system is applied to both the mail server A and the mail server B will be described below with reference to FIG. 4.

Step 1: The spam blocking system A requests the transmission of the authentication mail to the spam blocking system B. At this time, of course, a separate code for identifying the spam blocking system A is also transmitted.

Step 2: Anti-spam system B sends an identification code to verify the transmission of the authentication mail. At this time, of course, a separate code for identifying the spam blocking system B is transmitted together.

Step 3: The spam blocking system A transmits a response code for the identification code received in the second step.

Step 4: The spam blocking system B confirms whether the response code transmitted in the third step is a proper code for the identification code, and approves the transmission of the authentication mail.

The identification code and the response code of the second step and the third step are key values paired with each other and may be generated by a predetermined rule. That is, it is generated by a code generation rule shared between the spam blocking system A and the spam blocking system B. For example, a code consisting of three alphabets and two numbers is transmitted as an identification code, and a response code of three codes following the alphabet and two numbers that add up to 10 are added to the response code. Correspondence rules can be implemented on the MTA. In this case, when 'cbd27' is transmitted as an identification code and 'edf83' is sent as a response code, the spam blocking system B regards the next e-mail to be transmitted as an authentication mail because the response code is a suitable code. Receive processing without

Step 5: The spam blocking system A sends the authentication mail to the spam blocking system B.

On the other hand, the fourth step further comprises the step of checking whether the e-mail address of the recipient (sender of the general mail) to receive the authentication mail is registered in the mail server B (steps 3 to 5 of FIG. 3). Of course you can.

Next, referring to FIG. 5, a case where an authentication mail is transmitted and received between a spam blocking system and a general mail server is described below. In FIG. 5, the mail server A is a mail server to which the spam blocking system A is applied, and the mail server B is a general mail server to which the spam blocking system is not applied.

Step 1: The spam blocking system A requests the mail server B to send the authentication mail. At this time, a separate code for identifying the spam blocking system A is also transmitted.

Step 2: The mail server B does not respond because the communication (message) received in the first step is not a communication sent or received in a normal SMTP and ESMTP session.

If there is no response from the mail server B, the spam blocking system A determines the mail server B as a general mail server and transmits the authentication mail through normal SMTP and ESMTP sessions. That is, the authentication mail is transmitted according to the process of sending a general e-mail.

Step 3: The spam blocking system A requests the mail server B to send an e-mail. At this time, a code for identifying the spam blocking system A is transmitted together.

Step 4: Mail server B requests a mail account to receive the email. At this time, a code for identifying the mail server B is transmitted together.

Step 5: Anti-Spam System A sends an email address to receive the email.

Step 6: Mail server B checks if there is an e-mail address received in step 5.

Step 7: The mail server B approves the e-mail transmission of the spam blocking system A.

Step 8: Anti-Spam System A sends the authentication mail as e-mail.

On the other hand, when authenticating an incoming e-mail through an authentication mail, if a large amount of e-mail is received, system resources may be wasted and overloaded by sending the authentication mail one by one. This wastes resources. In addition, a large amount of authentication mails may be transmitted to the other party's mail server, causing an overload to the other party's mail server. Accordingly, the anti-spam system 100 according to the present invention manages the sender's e-mail address, IP address or domain of the e-mail whose e-mail is reliable with respect to the received e-mail, and blacklists the e-mail included in the black list. The e-mail transmitted from the address, IP address or domain is blocked from the mail transmission / reception unit 10 and deleted. Hereinafter, the spam mail blocking process using the black list will be described.

Figure 6 is a block diagram of a spam mail blocking system using a black list according to the present invention, after filtering the spam mail using the black list 70 to perform authentication through the authentication mail for the remaining e-mail Figure shows an embodiment. As illustrated in FIG. 6, the spam blocking system 100 according to the present invention includes a blacklist blocking unit 50 for blocking an e-mail included in the blacklist 70 among e-mails received from the mail server 300. ), A mail sending / receiving unit 10 for receiving an e-mail passing through the blacklist blocking unit, a temporary storage unit 20 for temporarily storing the received e-mail, and a list of senders authenticated by the spam blocking system 100 Authenticator list 30 to authenticate, authentication processing unit 40 for authenticating the sender of the e-mail using the authentication mail, blacklist processing unit for creating and managing a black list in conjunction with the temporary storage unit, pending list and authenticator list ( 60) and a blacklist 70 that stores a list of sender's email addresses, IP addresses or domains to block email. Hereinafter, each component of the spam blocking system 100 will be described, but portions overlapping with the above description will be omitted.

The blacklist 70 according to the present invention is a list of sender's e-mail addresses, IP addresses or domains which will block the transmission of e-mails to all users of the mail server 200, ie all recipients. The blacklist 70 is a list of e-mail addresses, IP addresses or domains determined to be definite spam senders that all the recipients of the mail server 200 do not want to receive, and the e-mail addresses and IP addresses included in the black list. Alternatively, the e-mail transmitted from the domain is blocked by the blacklist blocking unit 50. Unlike the authenticator list 30 and the pending list, the black list 70 is generated and managed in units of mail servers. The black list 70 is generated and managed by the black list processing unit 60.

The blacklist blocking unit 50 is disposed at the front end of the mail transmitting and receiving unit 10 and among the e-mails received by the mail server 200, e-mails included in the black list 70, that is, e-mail addresses included in the black list. This will block and delete e-mail sent from IP addresses or domains. As described above, the blacklist 70 includes an e-mail address of a sender whose all registered recipients of the mail server 200 do not want to receive e-mails, i.e., an e-mail address and IP of a verified spam sender. Since it is an address or a domain, when the authentication mail is transmitted to the electronic mail, unnecessary system resources are wasted on the mail server 200 as well as the other mail server 300. Therefore, after blocking the e-mail included in the black list 70 in the black list blocking unit 50, the mail transmitting and receiving unit 10 receives only the remaining e-mail and performs authentication through the authentication mail, thereby greatly saving system resources. It is possible to improve the processing efficiency of the e-mail.

The blacklist processing unit 60 according to the present invention generates and manages the blacklist 70 in association with the temporary storage unit 20 and the pending list. The blacklist processing unit 60 is an e-mail in which all recipients of the e-mail are temporarily stored in the temporary storage unit 20 for a set period after the authentication processing unit 40 transmits the authentication mail. Analyzes and compares each characteristic of the e-mail, and registers the e-mail address, IP address, or domain of the sender of the e-mail having the same characteristics in the blacklist 70. At this time, the blacklist processing unit 60 searches the certifier list 30 before registering the sender's e-mail address, IP address or domain in the blacklist 70, and the sender e-mail address and IP included in the certifier list. Do not blacklist addresses or domains. The characteristics analyzed by the blacklist processing unit 60 include the sender's e-mail address, the originating IP, the subject of the e-mail, and the body content of the e-mail. In addition, various characteristics may be compared and analyzed. The blacklist processing unit 60 has a plurality of e-mails which are registered in the pending list and stored in the temporary storage unit 20 and have the same e-mail having any one of the same characteristics as the e-mail address, IP, subject and body content of the same sender. If the e-mail is not stored by all recipients through the pending list, the sender e-mail address, IP address or domain of the e-mail is registered in the blacklist 70. If described in more detail for each characteristic as follows.

First, when analyzing the sender's e-mail address, by comparing the sender e-mail address of the e-mail stored in the temporary storage unit 20, the number of e-mails sent from the same sender e-mail address and the e-mail sent by the sender If all of the recipients of the e-mail have not stored the sender's e-mail via the pending list during the storage period of the temporary storage, the blacklist processing unit 60 blacklists the sender e-mail address, IP address or domain of the e-mail. Register). Preferably, the number of the e-mails transmitted, the storage period, and the frequency (number of times) of transmitting the e-mails are ranked, and the senders having a predetermined rank or higher are included in the blacklist 70. For example, if sender A sent 100 emails and sender B sent 10 emails, but both sender A's email and sender B's email were not saved by the recipient from the pending list, sender A would It is ranked higher than the sender B and included in the blacklist 70. On the other hand, if any one of the recipients of the e-mail stores the e-mail from the pending list, the sender of the e-mail is not included in the black list (70).

Next, in the case of analyzing the originating IP, comparing the originating IPs of the e-mails stored in the temporary storage unit 20, regardless of whether the sender's e-mail address is the same, the number of e-mails transmitted from the same originating IP is many and corresponding. Allow all recipients of an e-mail to register with the blacklist 70 all sender e-mail addresses, IP addresses or domains of these e-mails that have not stored the e-mail via the pending list. Therefore, it is also possible to effectively block spam mails sent by using an automatic email generator that automatically generates a sender's email address and automatically sends the same or multiple recipients. In addition, when analyzing the subject of the e-mail or the content of the body of the e-mail, by comparing the subject or body content of the e-mail stored in the temporary storage unit 20 with each other to correlate whether the sender's e-mail address or the sending IP is the same If there are multiple emails with the same subject or the same body content and all recipients of the email have not been saved via the pending list during the storage period of the temporary store, then the email address, IP address or domain of the sender of the email is Register on the blacklist (70). In particular, when analyzing the body content of each e-mail, the body content is hashed (hashed), converted into codes, and the converted codes are compared with each other to determine whether they are the same. In case of analyzing the originating IP, the subject or the body content, the ranking can also be ranked and blacklisted more than a certain rank. If there is an e-mail saved by the recipient, the blacklist should not be registered.

In addition, the blacklist processing unit 60 according to the present invention, in conjunction with the authenticator list 30, if the e-mail address, IP address or domain included in the blacklist 70 is included in the authenticator list, the corresponding e-mail. It will delete the address, IP address or domain from the blacklist. The blacklist processing unit 60 compares the blacklist 70 and the authenticator list 30 of each recipient on a predetermined period basis. Preferably, when the recipient's authenticator list 30 is updated, for example when the recipient includes a new email address or the like in the authenticator list, or has stored an email from a pending list, or the sender has authenticated mail. When the authentication is performed through the blacklist processing unit 60, the blacklist 70 compares the updated authenticator list. Therefore, the e-mail that one recipient wants to receive is not blocked by the blacklist blocking unit 50 and can be selectively received by each recipient, thereby preventing the necessary e-mail from being lost and matching the characteristics of the recipient. By running a blacklist, you can effectively block spam without harming recipients.

7 is a flowchart illustrating a spam mail blocking process using a blacklist according to the present invention. Referring to FIG. 7, the spam mail blocking process using the blacklist according to the present invention will be described below.

When the e-mail is transmitted from the mail server 300, the blacklist blocking unit 50 searches whether the sender of the e-mail is included in the blacklist 70 (ST400). That is, the sender e-mail address, IP address or domain of the e-mail is searched in the blacklist.

If the sender of the corresponding e-mail is included in the black list 70, the black list blocking unit 50 blocks and deletes the e-mail (ST410 and ST420).

If the search result of the ST400 does not include the sender of the e-mail in the blacklist 70, the blacklist blocking unit 50 passes the e-mail and the e-mail is received by the e-mail transmitting and receiving unit 10 and temporarily stored. It is stored in the unit 20 (ST410, ST430).

The authentication processing unit 40 performs authentication through the authentication mail on the electronic mail stored in the temporary storage unit 20 (ST440). Specifically, the authentication process of steps ST210 to ST280 of FIG. 2 is performed.

Apart from the e-mail authentication process of the authentication processing unit 40, the blacklist processing unit 60 is connected to the temporary storage unit 20, the pending list and the authenticator list 30, and the sender e-mail address, It manages adding or deleting IP addresses or domains.

First, the blacklist processing unit 60 analyzes the characteristics of the e-mails which are not selected from the pending list until the set storage period of e-mails stored in the temporary storage unit 20 has elapsed sent to each recipient of the mail server 200. The sender e-mail address, IP address or domain of the e-mail having the same characteristics is registered in the blacklist 70 (ST450). Specifically, the blacklist processing unit 60 provided the list of e-mails stored in the temporary storage unit 20 as a pending list after transmitting the authentication mail, but there was no authentication of the sender for the corresponding e-mail, and the receiver was also a temporary storage unit. The e-mail is analyzed for the unsaved e-mail from the pending list until the time period set to be stored in the e-mail is registered, and then the e-mail is registered in the black list 70. These e-mails are not only authenticated by the sender but also don't want the recipient to receive them. As described above, the characteristics of the e-mail analyzed at this time include the sender's e-mail address, originating IP, the subject of the e-mail and the contents of the e-mail. The blacklist processing unit 60 compares and analyzes the characteristics of the sender e-mail address, originating IP, subject and body content for each e-mail stored in the temporary storage unit 20 and not stored by the receiver through the pending list. If there are multiple e-mails from the same e-mail address, e-mail sent from the same sender e-mail address, e-mail sent from the same e-mail address, e-mail with the same subject, or the same body content, the e-mail is definitely spam. The sender e-mail address, IP address or domain is registered in the blacklist 70 as regards the mail. Preferably, in consideration of the number of e-mails having the same characteristics, storage period, transmission frequency, etc., the possibility of spam mail is ranked by rank, and the sender is included in the blacklist 70 for the upper part of the e-mails. In addition, the blacklist processing unit 60 retrieves a sender e-mail address, an IP address, or a domain to be registered in the black list 70 from the authenticator list 30 of each recipient registered in the mail server 200, and the corresponding e-mail. Only blacklist if there is no list of authenticators with addresses, IP addresses or domains. Therefore, since all the recipients registered in the mail server 200 which received the e-mail from the sender do not want to receive the e-mail, they are registered in the blacklist 70, so that only the e-mail sent from a certain spammer can be blocked. The damage of the caller can be prevented.

In addition, the blacklist processing unit 60 compares the authenticator list 30 and the blacklist 70 at regular intervals, and the value included in the authenticator list among the sender e-mail address, IP address, or domain included in the blacklist is determined. If it is present, it is deleted (ST460, ST470). Preferably, when the authenticator list 30 of each recipient is updated, the blacklist processing unit 60 compares the updated authenticator list with the blacklist to determine whether there is a commonly included e-mail address, IP address or domain. In response, the e-mail address, IP address or domain included in both the authenticator list and the blacklist is deleted from the blacklist. When the authenticator list 30 is updated, each recipient registers a new e-mail address or the like in the authenticator list, each recipient stores an e-mail from the pending list, and the sender authenticates through the authentication mail. This includes the case where: Therefore, it is possible for the receiver to prevent the sender who wants to receive the e-mail from being registered in the blacklist 70 and the process is performed in real time, thereby preventing the desired e-mail from being blocked.

As described above, the spam mail blocking system and method according to the present invention not only effectively block spam mail by authenticating the sender of the e-mail through a response to the authentication mail, but also can distinguish the authentication mail from the normal mail between spam mail systems. By doing so, a remarkable effect can be prevented from repeatedly sending and receiving authentication mails.

In other words, the spam mail blocking system and method according to the present invention,

(1) Sends an authentication mail to the sender for an e-mail sent from an unregistered e-mail address, and authenticates the sender according to the response to the authentication mail. Can effectively block spam sent from fictitious email addresses,

(2) Since only the e-mail sent by the authenticated sender is received, unnecessary waste of time and resource consumption for the spam mail processing can be significantly reduced.

(3) Since the spam mail blocking function is handled by the sender side rather than the receiver side of the e-mail, unnecessary waste of resources in the recipient mail system can be prevented.

(4) By inserting a separate identification code to identify the authentication mail in the subject of the authentication mail, the spam blocking system that receives the authentication mail is judged to be an authentication mail rather than a general e-mail. You can prevent sending and receiving repeatedly,

(5) By inserting a protocol for communicating with the anti-spam system to mutually identify the transmission of authentication mail at the front end of the SMTP and ESMTP session, which is generally used for sending and receiving e-mail, the mail system receiving the authentication mail is received. By identifying the mail as an authentication mail, you can prevent repeated sending and receiving of authentication mail.

(6) Transparently inserts the above communication process in front of SMTP and ESMTP sessions for identification of authentication mails, so it can be processed without invading SMTP and ESMTP sessions, so it is also applicable when sending authentication mails to general mail servers. Not only is it possible to prevent spammers or hackers from recognizing or hacking the communication,

(7) Since the MTA needs to be adjusted to share only the communication rules that can be checked between the spam blocking systems, it can be easily compatible between the spam blocking system or the mail server.

(8) Provide each recipient with a pending list, which is a list of e-mails stored in the temporary storage, before a response to the authentication mail is received, and the e-mail is temporarily stored without the sender's authentication at the recipient's choice. Since it is sent from the storage to the recipient's mail account on the mail server, it is possible to quickly check the e-mail regardless of whether the sender is authenticated or to lose the e-mail even if the sender did not respond to the authentication mail by mistake. Prevent,

(9) All recipients registered on the mail server blacklist the sender's e-mail address, IP address or domain that they do not want to receive e-mail, and send e-mail sent from the e-mail address included in the black list. Since the reception and authentication of unnecessary e-mails are blocked at the transmission and reception stage, the system not only wastes system resources and improves processing efficiency, but also prevents system overload by sending unnecessary authentication mails to the other party's mail server. Can do it,

(10) Since all recipients registered in the mail server do not want to receive e-mails, they are registered in the black list only, so that the necessary e-mails can be prevented from being lost, thereby preventing the damage of the recipients and the bona fide senders. The blacklist is also compared and updated in real time, so that the sender who wants to receive the e-mail can be prevented from being registered in the blacklist, thus providing a blacklist considering the characteristics of the entire recipients of the mail server.

(11) improve the efficiency of orphans by including the advertisements linked to the advertiser's website in the verification email,

(12) It can be applied to other mail systems using authentication method through authentication mail, so it is highly scalable.

While preferred embodiments of the present invention have been described using specific terms, such descriptions are for illustrative purposes only and it is understood that various changes and modifications may be made therein without departing from the spirit and scope of the following claims. You must lose.

Claims (8)

delete delete delete delete delete delete At the front end of the mail server A for transmitting and receiving e-mail, an authentication mail for authenticating the sender is transmitted to the sender's e-mail address, and the caller is sent according to whether the sender responds to the authentication mail. An anti-spam method of authenticating and sending said email of an authenticated sender to a recipient, A first step of blocking reception of an e-mail transmitted from an e-mail address or an IP address included in a blacklist storing an e-mail address or an IP address of a sender who has been rejected by all the recipients registered in the mail server A; A second step of receiving an e-mail not blocked in the first step; A third step of retrieving the sender's e-mail address from a list of authenticators, the list of sender's e-mail addresses for which the transmission of the e-mail to the recipient has been authenticated and approved; A fourth step of transmitting the email to the mail account of the recipient of the mail server A, if the sender's email address is in the authenticator list; If the sender's e-mail address is not in the list of authenticators, the authentication mail includes access information including a URL for accessing a specific web page for authentication of the sender, a unique key, and an advertisement linked to the specific website. Generating and transmitting to the sender's e-mail address, and temporarily storing the e-mail in a temporary storage unit for a set time; When the sender's response to the authentication mail is received within the set time, the e-mail temporarily stored in the temporary storage unit is transferred to the mail account of the receiver of the mail server A, and the sender's e-mail address is sent. Adding to the list of authenticators a sixth step; A seventh step of deleting the e-mail temporarily stored in the temporary storage unit when the response of the sender to the authentication mail is not received within the set time; An eighth step of providing the recipient with a pending list which is a list linked with the e-mail so as to check the e-mail temporarily stored in the temporary storage unit; The e-mail selected by the recipient from the pending list is transmitted to the mail account of the recipient of the mail server A regardless of whether or not it responds to the authentication mail, and the e-mail address of the sender of the selected e-mail is authenticated. A ninth step of adding to the child list; A sender's e-mail address between each e-mails of all the e-mails temporarily stored in the temporary storage unit for the set time in the fifth step, not selected through the pending list in the ninth step, A tenth step of registering an e-mail address or an IP address of the e-mail sender of the e-mail having the same characteristics as each other by comparing each characteristic including an originating IP, a subject of the e-mail, and a body content of the e-mail; And An eleventh step of comparing the blacklist and the authenticator list in real time and deleting an email address of a sender commonly included in the blacklist and the authenticator list from the blacklist, The fourth step and the fifth to eighth steps are selectively performed, the sixth and seventh steps are selectively performed, and the eighth and ninth steps are performed through the fifth to fifth steps. The seventh step may be performed regardless of the order, and the eleventh step may be performed regardless of the order of the first to tenth steps. The fifth step, Generating an authentication mail including access information including a URL for accessing a specific web page, a unique key, and an advertisement linked to a specific website for authentication of the sender; and sending the authentication mail to the sender's e-mail address. Between the process of transferring to A step 5-1 of transmitting a message requesting permission to transmit the authentication mail to a mail server B in which the sender's e-mail address is registered; A fifth step of the mail server A receiving the identification code generated and transmitted by the mail server B according to a predetermined rule in order to verify the transmission of the authentication mail; A fifth step of transmitting the response code generated by the predetermined rule and paired with the identification code to the mail server B; And a fifth step of receiving the message from the mail server B to approve the transmission of the authentication mail. delete

Images