WO2009131437A1 - Verifying authorized transmission of electronic messages over a network - Google Patents

Verifying authorized transmission of electronic messages over a network Download PDF

Info

Publication number
WO2009131437A1
WO2009131437A1 PCT/NL2008/050254 NL2008050254W WO2009131437A1 WO 2009131437 A1 WO2009131437 A1 WO 2009131437A1 NL 2008050254 W NL2008050254 W NL 2008050254W WO 2009131437 A1 WO2009131437 A1 WO 2009131437A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
verification
electronic
sender
address
Prior art date
Application number
PCT/NL2008/050254
Other languages
French (fr)
Inventor
Karel Cornelis Rietdijk
Original Assignee
It Unlimited Holding B.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by It Unlimited Holding B.V. filed Critical It Unlimited Holding B.V.
Priority to EP08741675A priority Critical patent/EP2272223A1/en
Priority to PCT/NL2008/050254 priority patent/WO2009131437A1/en
Priority to NL2002796A priority patent/NL2002796C2/en
Publication of WO2009131437A1 publication Critical patent/WO2009131437A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/212Monitoring or handling of messages using filtering or selective blocking

Definitions

  • the invention relates to the field of reducing transmission of unsolicited electronic messages, often referred to as spam messages, over a wired and/or wireless network.
  • Machine-learning filters assign to an incoming message a probability that the message is spam.
  • features typically are extracted from two classes of example messages (e.g., spam and non-spam messages) , and a learning filter is applied to discriminate probabilistically between the two classes. Since many message features are related to content (e.g., whole words and phrases in the subject and/or body of the message), such types of filters are commonly referred to as "content-based filters”.
  • content-based filters are commonly referred to as "content-based filters”.
  • These types of machine learning filters usually employ exact match techniques in order to detect and distinguish spam mes- sages from good messages.
  • spam filters operate on the basis of IP address or DNS address recognition by verifying the IP/DNS source address of the electronic message.
  • US 2003/0009698 discloses a method and system for filtering spam. Whenever a message is first received from an unapproved sender, a confirmation request email is sent to the sender's email address requesting the sender to confirm its existence and identity. Until the unapproved sender replies to the confirmation request email, electronic messages received from the unapproved sender are treated as spam. An inclusion list of senders is maintained by the spam filter that includes a list of approved senders. Electronic messages from approved senders are not treated as spam, and are immediately delivered to the user. A database of valid source addresses for a user is maintained either on the user's computing device or on a mail server, de- pending upon the specific application.
  • US 2005/0188045 discloses a system for eliminating unauthorized email sent to a user on a network.
  • the system employs an email-receiving server connected between the network and the user's email client for receiving email addressed to the user and rejecting those in which the sender address does not match any of sender addresses maintained on an "authorized senders" list (ASL list) .
  • ASL lists are maintained by an ASL manager in an ASL database operable with a spam processor module.
  • a redirector module rejects the email if, upon sending a request for validation to the spam processor module, the sender's address does not match any authorized sender address on the ASL list.
  • Email rejected by the redirector module is redirected to a web-based messaging (WBM) module which sends a message to the sender to confirm that the sender is a legitimate sender of email to the intended recipient. If the sender logs on to confirm their status, the WBM module executes an interaction procedure which can only be performed by a human, in order to ensure that the confirmation procedure is not performed by a mechanical program.
  • the ASL manager maintains the ASL lists based upon sender address data collected from various sources and analysis of various email usage factors, including sent email, received email, contact lists maintained by the user, user preference inputs, third party programs, etc.
  • Xtreem Purgy markets anti-spam software ("Xtreem Purgy") .
  • Xtreem Purgy anti-spam software
  • the software checks if its sender is on the list of approved senders. If the sender is on the list, the new message is made available to the email program and ends up in a mailbox. If the person who sent the new message is not on the list of approved senders, the software sends back a message (referred to as a "verification request") asking the person to verify that the person's email address is legitimate. Upon positive verification the email address is added to the list of approved senders meaning that all future messages sent from the verified email address are automatically delivered to the mailbox.
  • Xtreem Purgy anti-spam software
  • anti-spam software based on verification of the sender address has reduced the amount of unsolicited electronic messages in mailboxes of users, such software is considered as particularly inconvenient for the sender of the electronic message. Such a method is sometimes even considered inappropriate as it starts from the presupposition that a first time legitimate sender of electronic messages is a spamming suspect. As a consequence, such anti-spam software has not been distributed amongst a sufficient amount of computers to significantly reduce the amount of electronic spam messages transmitted over networks. This, in turn, results in a large waste of electronic resources by the continuation of transmission of spam messages .
  • a computer-implemented method of verifying authorized transmission of electronic messages over a network comprising a sending device and a recipient device is proposed.
  • a first electronic message is transmitted over the wired and/or wireless network and a verification request message is received in re- sponse to transmitting the first electronic message.
  • a verification response message is transmitted automatically in response to receiving the verification request message.
  • the electronic message can be indicated as a non-spam electronic message .
  • an automatic reply facility to send a verification response message in response to the verifi- cation request message (automatic authentication) will not significantly reduce the effectiveness of the anti-spam software, whereas the user-friendliness is greatly improved and the penetration of the software in the market is enhanced resulting in a reduction of spam.
  • the spammer uses an existing sender address, the address will be flooded with verification request messages and, moreover, the spammer will be traceable.
  • the verification message link code is first assigned to the first verification request message from a recipient device. Accordingly, the verification response message can only contain the appropriate verification message link code after receipt of the verification request message. This feature eliminates the possibility for a spammer to send a verification response message after the first electronic message without having received a verification request message.
  • use of the verification message is continued during subsequent message exchanges between a sending address and a recipient address.
  • the link code is read from the subsequent electronic messages and checked against a stored link code for an associated sender address in a database in order to verify that an initially verified sender address has not been spoofed afterwards.
  • the verification facility may be employed both for regular electronic messages and for web- implemented electronic messages, such as webmail. Verification may also be employed in the wireless domain, using mobile devices.
  • the method can be applied in server-client and server- server applications, e.g. in a user device or in an intermediary (virtual) device in a network, e.g. a POP3 server, an IMAP server, an ISP etc.
  • the invention also relates to a sending device, a recipient device, a computer program and a system configured for verifying the authorized transmission of electronic messages over a network.
  • a sending device a recipient device
  • a computer program a system configured for verifying the authorized transmission of electronic messages over a network.
  • FIG. 1 provides a schematic illustration of a system according to an embodiment of the invention
  • FIG. 2 shows a message flow chart of messages in the system of FIG. 1 according to an embodiment of the invention
  • FIG. 3 shows a flow chart illustrating a method of operating the system of FIG. 1 according to an embodiment of the invention
  • FIG. 4 shows a flow chart illustrating a method of sending an electronic message.
  • FIG. 1 provides a schematic illustration of a system 1 comprising a sender device 2 and a recipient device 3 connected by a network 4 via servers 5, 6 (which may be internet service providers (ISPs) or a server of an organization).
  • servers 5, 6 which may be internet service providers (ISPs) or a server of an organization).
  • Sender device 2 and recipient device 3 are e.g. personal computers.
  • server 6 comprises a processor module (not shown) for operating a method of verifying the authenticity of electronic messages for recipient devices 3. The method may be employed using software code portions executed by the processor module.
  • Server 6 comprises or has access to a database 7.
  • the system 1 also comprises a connection to telecommunications system 8 accessible via wireless access network 9 for a mobile recipient device 3.
  • FIGS. 2 and 3 illustrate a method of operating the system of FIG. 1. It is assumed that a first e-mail is to be transmitted from the sender device 2 to the recipient device 3.
  • a first email is transmitted from sender de- vice 2 to server 5 in a manner known as such.
  • the first email contains a sender address and a recipient address.
  • Server 5 forwards the first email over network 4 to server 6 in step 21.
  • Server 6 stores the email in a spam folder associated with the recipient address of recipient device 3.
  • the contents of the spam folder may be inspected by a user of the recipient device 3.
  • Server 6 verifies in database 7 whether or not the sender address in the first email is listed on a white list of the recipient address.
  • the white list contains one or more trusted sender addresses, authenticated by a user of the recipi- ent address.
  • a verification message link code is assigned and stored in database 7 in association with the sender address.
  • a validity period is also assigned to the link code.
  • a verification request message containing the verification message link code is transmitted from the server 6 to the sender address of the sending device 2 in steps 22, 23.
  • the verification message link code is stored and a verification response message, also containing the link code, is generated and transmitted back automatically without involvement of the user of the sending de- vice 2 in steps 24, 25 to the server 6.
  • the steps are performed by software code portions running on the sending device 2. Said software code portions may be part of a dedicated email software program or of a downloadable software tool that operates in combination with an email software program.
  • the receipt of the verification request message and the transmittal of the verification response message, both messages containing the verification message link code are preferably not visible to the user of the sender device 2.
  • the server 6 verifies whether the link code in the verification request message and the link code in the verification response message correspond. Assuming that the link code of the verification response message is received within the validity period for the code, the email message is transferred from a spam folder to an inbox folder if the link codes correspond such that the email can be made available to the recipient device 3 in step 26. Moreover, the sender address may be put on the white list of the recipient address, either automatically or upon positive confirmation from the recipient address. If the verification response message is not received or if the verification message link code of the verification request message and the verification response message do not correspond, the email is not transferred to the inbox folder.
  • the sender used a program or tool configured for returning verification link codes. This may e.g. be recognized from information in the first email (e.g. in the header of the first e-mail) .
  • the first email is transferred from the spam folder to the inbox folder of the recipient address. If the sender is recognized to use such a program or tool, it is subsequently verified if a verification message link code is known for this sender address in e.g. the white list. If such a code is not present, a link code is assigned to the sender address and the verification procedure may be initiated. The email is transferred from the spam folder to the inbox folder of the recipient address.
  • the sending device 2 operates a program or tool for automatically returning a verification message link code.
  • the second email contains the verification message link code obtained previously.
  • the sender address of sending device 2 is assumed to be present on the white list associated with the recipient address.
  • Server 6 upon receipt of the second email, again verifies whether the sender address is on the white list and that the sender device used a program or tool for automatically returning a verification message link code. Moreover, server 6 verifies whether the link code in the second email corresponds to the link code stored in database 7 associated with the sender address. If the link code read from the second e-mail corre- sponds to the stored link code, the second email is stored in the inbox folder of the recipient device 3 and is made available in step 29. Otherwise, the email will not be transferred to the inbox folder.
  • FIG. 4 is a flow chart for the situation of transmit- ting an email using the program or tool according to an embodiment of the invention.
  • server 6 places the verification message link code in the third email if the user of the sending device is on the white list and a code is known for this user address.
  • the third email is forwarded in steps 31, 32 to the (original) sender device 2.
  • the verification message link code in the third email is checked, e.g. by sender device 2, against the link code received in step 22, 23 and, upon positive verification, the third email is placed in the inbox folder of the sending device 2.
  • White lists not necessarily contain (only) individual trusted sender addresses, but may (also) contain trusted domains.
  • An example is the entry *@skef.com indicating that all sender addresses of this domain are trusted sender addresses .
  • the white list may be a shared white list for the organization (or a part of the organization) .
  • Sender addresses are only put on the shared white list if a predetermined number of authentications is obtained from within the organization.
  • a counter may be employed for recording the number of received individual authentications.
  • Authentications may be generated as a result of putting a sender address on personal white lists of people or groups within the organization.
  • each sent electronic message is verified by the mechanism of receiving a verification request message and automatically transmitting a verification response message, both preferably containing the verification message link code.
  • the verification message link code may be a unique code.
  • the code may contain of first block of characters from which a sender address may be derived and a second block of characters indicative of the number of received electronic mes- sages.

Abstract

The invention relates to a computer-implemented method of verifying authorized transmission of electronic messages over a network comprising a sending device and a recipient. A first electronic message is transmitted over the network and a verification request message is received in response to transmitting the first electronic message. A verification response message is transmitted automatically in response to receiving the verification request message. When the verification response message has been received by a recipient device, the electronic message can be indicated as a non-spam electronic message.

Description

Verifying authorized transmission of electronic messages over a network
FIELD OF THE INVENTION
The invention relates to the field of reducing transmission of unsolicited electronic messages, often referred to as spam messages, over a wired and/or wireless network.
BACKGROUND OF THE INVENTION
The advent of global communications networks such as the internet has presented commercial opportunities for reaching vast numbers of potential customers. Electronic messages, and particularly electronic mail ("email"), are becoming increasingly pervasive as a means for disseminating unwanted advertisements and promotions (also denoted as "spam") to network users.
Common techniques utilized to thwart spam involve the employment of filtering systems/methodologies . Machine-learning filters assign to an incoming message a probability that the message is spam. In this approach, features typically are extracted from two classes of example messages (e.g., spam and non-spam messages) , and a learning filter is applied to discriminate probabilistically between the two classes. Since many message features are related to content (e.g., whole words and phrases in the subject and/or body of the message), such types of filters are commonly referred to as "content-based filters". These types of machine learning filters usually employ exact match techniques in order to detect and distinguish spam mes- sages from good messages.
Other spam filters operate on the basis of IP address or DNS address recognition by verifying the IP/DNS source address of the electronic message.
Unfortunately, often spammers can fool conventional spam filters by e.g. modifying their spam messages to look like good mail or to include a variety of erroneous characters throughout the message to avoid and/or confuse character recog- nition systems. Thus, such conventional spam filters provide limited protection against unsolicited electronic messages.
US 2003/0009698 discloses a method and system for filtering spam. Whenever a message is first received from an unapproved sender, a confirmation request email is sent to the sender's email address requesting the sender to confirm its existence and identity. Until the unapproved sender replies to the confirmation request email, electronic messages received from the unapproved sender are treated as spam. An inclusion list of senders is maintained by the spam filter that includes a list of approved senders. Electronic messages from approved senders are not treated as spam, and are immediately delivered to the user. A database of valid source addresses for a user is maintained either on the user's computing device or on a mail server, de- pending upon the specific application.
Also, US 2005/0188045 discloses a system for eliminating unauthorized email sent to a user on a network. The system employs an email-receiving server connected between the network and the user's email client for receiving email addressed to the user and rejecting those in which the sender address does not match any of sender addresses maintained on an "authorized senders" list (ASL list) . The ASL lists are maintained by an ASL manager in an ASL database operable with a spam processor module. A redirector module rejects the email if, upon sending a request for validation to the spam processor module, the sender's address does not match any authorized sender address on the ASL list. Email rejected by the redirector module is redirected to a web-based messaging (WBM) module which sends a message to the sender to confirm that the sender is a legitimate sender of email to the intended recipient. If the sender logs on to confirm their status, the WBM module executes an interaction procedure which can only be performed by a human, in order to ensure that the confirmation procedure is not performed by a mechanical program. The ASL manager maintains the ASL lists based upon sender address data collected from various sources and analysis of various email usage factors, including sent email, received email, contact lists maintained by the user, user preference inputs, third party programs, etc.
Purgy.com markets anti-spam software ("Xtreem Purgy") . When a new message arrives, the software checks if its sender is on the list of approved senders. If the sender is on the list, the new message is made available to the email program and ends up in a mailbox. If the person who sent the new message is not on the list of approved senders, the software sends back a message (referred to as a "verification request") asking the person to verify that the person's email address is legitimate. Upon positive verification the email address is added to the list of approved senders meaning that all future messages sent from the verified email address are automatically delivered to the mailbox. Although anti-spam software based on verification of the sender address has reduced the amount of unsolicited electronic messages in mailboxes of users, such software is considered as particularly inconvenient for the sender of the electronic message. Such a method is sometimes even considered inappropriate as it starts from the presupposition that a first time legitimate sender of electronic messages is a spamming suspect. As a consequence, such anti-spam software has not been distributed amongst a sufficient amount of computers to significantly reduce the amount of electronic spam messages transmitted over networks. This, in turn, results in a large waste of electronic resources by the continuation of transmission of spam messages .
Therefore, there exists a need in the art for an improved method and system for the reduction of electronic spam messages.
SUMMARY OF THE INVENTION
A computer-implemented method of verifying authorized transmission of electronic messages over a network comprising a sending device and a recipient device is proposed. A first electronic message is transmitted over the wired and/or wireless network and a verification request message is received in re- sponse to transmitting the first electronic message. A verification response message is transmitted automatically in response to receiving the verification request message. When the verification response message has been received by a recipient device, the electronic message can be indicated as a non-spam electronic message .
Massive spamming with electronic messages is typically- performed from non-existing sender addresses that, as a consequence thereof, cannot receive reply e-mails. Despite this fact, recognized in US 2003/0009698, anti-spam methods relying on verification request messages and verification response messages before electronic messages are indicated as non-spam, require human interaction in order to send a verification response message from a sender device. The applicant has realized that when a sender address of an electronic message is capable of receiving a verification request message, it is likely that that this sender is not a spammer (and the electronic message is not a spam message) . As a consequence, an automatic reply facility to send a verification response message in response to the verifi- cation request message (automatic authentication) will not significantly reduce the effectiveness of the anti-spam software, whereas the user-friendliness is greatly improved and the penetration of the software in the market is enhanced resulting in a reduction of spam. In case the spammer uses an existing sender address, the address will be flooded with verification request messages and, moreover, the spammer will be traceable.
It is advantageous to link the verification request message and verification response message by a verification message link code. The verification message link code is first assigned to the first verification request message from a recipient device. Accordingly, the verification response message can only contain the appropriate verification message link code after receipt of the verification request message. This feature eliminates the possibility for a spammer to send a verification response message after the first electronic message without having received a verification request message. Advantageously, use of the verification message is continued during subsequent message exchanges between a sending address and a recipient address. The link code is read from the subsequent electronic messages and checked against a stored link code for an associated sender address in a database in order to verify that an initially verified sender address has not been spoofed afterwards.
It should be noted that the verification facility may be employed both for regular electronic messages and for web- implemented electronic messages, such as webmail. Verification may also be employed in the wireless domain, using mobile devices. The method can be applied in server-client and server- server applications, e.g. in a user device or in an intermediary (virtual) device in a network, e.g. a POP3 server, an IMAP server, an ISP etc.
The invention also relates to a sending device, a recipient device, a computer program and a system configured for verifying the authorized transmission of electronic messages over a network. Hereinafter, embodiments of the invention will be described in further detail. It should be appreciated, however, that these embodiments may not be construed as limiting the scope of protection for the present invention.
BRIEF DESCRIPTION OF THE DRAWINGS
In the drawings:
FIG. 1 provides a schematic illustration of a system according to an embodiment of the invention;
FIG. 2 shows a message flow chart of messages in the system of FIG. 1 according to an embodiment of the invention;
FIG. 3 shows a flow chart illustrating a method of operating the system of FIG. 1 according to an embodiment of the invention;
FIG. 4 shows a flow chart illustrating a method of sending an electronic message. DETAILED DESCRIPTION OF THE DRAWINGS
FIG. 1 provides a schematic illustration of a system 1 comprising a sender device 2 and a recipient device 3 connected by a network 4 via servers 5, 6 (which may be internet service providers (ISPs) or a server of an organization). Sender device 2 and recipient device 3 are e.g. personal computers.
In an embodiment of the invention, server 6 comprises a processor module (not shown) for operating a method of verifying the authenticity of electronic messages for recipient devices 3. The method may be employed using software code portions executed by the processor module. Server 6 comprises or has access to a database 7.
The system 1 also comprises a connection to telecommunications system 8 accessible via wireless access network 9 for a mobile recipient device 3.
FIGS. 2 and 3 illustrate a method of operating the system of FIG. 1. It is assumed that a first e-mail is to be transmitted from the sender device 2 to the recipient device 3.
In step 20 a first email is transmitted from sender de- vice 2 to server 5 in a manner known as such. The first email contains a sender address and a recipient address. Server 5 forwards the first email over network 4 to server 6 in step 21.
Server 6 stores the email in a spam folder associated with the recipient address of recipient device 3. The contents of the spam folder may be inspected by a user of the recipient device 3. Server 6 verifies in database 7 whether or not the sender address in the first email is listed on a white list of the recipient address. The white list contains one or more trusted sender addresses, authenticated by a user of the recipi- ent address.
If the sender address is not present on the white list for the recipient address, a verification message link code is assigned and stored in database 7 in association with the sender address. A validity period is also assigned to the link code. A verification request message containing the verification message link code is transmitted from the server 6 to the sender address of the sending device 2 in steps 22, 23. At the sending device 2, the verification message link code is stored and a verification response message, also containing the link code, is generated and transmitted back automatically without involvement of the user of the sending de- vice 2 in steps 24, 25 to the server 6. The steps are performed by software code portions running on the sending device 2. Said software code portions may be part of a dedicated email software program or of a downloadable software tool that operates in combination with an email software program. The receipt of the verification request message and the transmittal of the verification response message, both messages containing the verification message link code, are preferably not visible to the user of the sender device 2.
The server 6 verifies whether the link code in the verification request message and the link code in the verification response message correspond. Assuming that the link code of the verification response message is received within the validity period for the code, the email message is transferred from a spam folder to an inbox folder if the link codes correspond such that the email can be made available to the recipient device 3 in step 26. Moreover, the sender address may be put on the white list of the recipient address, either automatically or upon positive confirmation from the recipient address. If the verification response message is not received or if the verification message link code of the verification request message and the verification response message do not correspond, the email is not transferred to the inbox folder.
If it is determined that the first email originates from a sender address that is present on the white list, it is verified whether or not the sender used a program or tool configured for returning verification link codes. This may e.g. be recognized from information in the first email (e.g. in the header of the first e-mail) .
If the sender does not use such a program or tool, the first email is transferred from the spam folder to the inbox folder of the recipient address. If the sender is recognized to use such a program or tool, it is subsequently verified if a verification message link code is known for this sender address in e.g. the white list. If such a code is not present, a link code is assigned to the sender address and the verification procedure may be initiated. The email is transferred from the spam folder to the inbox folder of the recipient address.
It is assumed that the user of the sending device 2 now transmits a second email to the recipient device 3 in steps 27, 28. The sending device operates a program or tool for automatically returning a verification message link code. The second email contains the verification message link code obtained previously. The sender address of sending device 2 is assumed to be present on the white list associated with the recipient address.
Server 6, upon receipt of the second email, again verifies whether the sender address is on the white list and that the sender device used a program or tool for automatically returning a verification message link code. Moreover, server 6 verifies whether the link code in the second email corresponds to the link code stored in database 7 associated with the sender address. If the link code read from the second e-mail corre- sponds to the stored link code, the second email is stored in the inbox folder of the recipient device 3 and is made available in step 29. Otherwise, the email will not be transferred to the inbox folder.
FIG. 4 is a flow chart for the situation of transmit- ting an email using the program or tool according to an embodiment of the invention. If the user of recipient device 3 desires to reply to the first or second email with a third email, server 6 places the verification message link code in the third email if the user of the sending device is on the white list and a code is known for this user address. The third email is forwarded in steps 31, 32 to the (original) sender device 2. The verification message link code in the third email is checked, e.g. by sender device 2, against the link code received in step 22, 23 and, upon positive verification, the third email is placed in the inbox folder of the sending device 2.
The ongoing use of the assigned verification message link code during subsequent message exchanges prevents a spammer to use a sender address that has been put on the white lists of many recipients. White lists not necessarily contain (only) individual trusted sender addresses, but may (also) contain trusted domains. An example is the entry *@skef.com indicating that all sender addresses of this domain are trusted sender addresses .
It should be appreciated that one or more of the above- mentioned steps at the server β, may also be applied locally at the recipient device 3 or at the server 5. It may not always be advisable to rely on the judgement of a single recipient in order to put a sender address on a white list. Accordingly, e.g. for large organizations, the white list may be a shared white list for the organization (or a part of the organization) . Sender addresses are only put on the shared white list if a predetermined number of authentications is obtained from within the organization. A counter may be employed for recording the number of received individual authentications. Authentications may be generated as a result of putting a sender address on personal white lists of people or groups within the organization.
Recipients are allowed to manually enter sender addresses on the white list. Also, if recipients initiate electronic messages themselves, the addressees of these messages are put on the white list automatically. It should be appreciated that the method may also be employed without the use of a white list. In such an embodiment, each sent electronic message is verified by the mechanism of receiving a verification request message and automatically transmitting a verification response message, both preferably containing the verification message link code.
The verification message link code may be a unique code. The code may contain of first block of characters from which a sender address may be derived and a second block of characters indicative of the number of received electronic mes- sages.

Claims

1. A computer-implemented method of verifying authorized transmission of electronic messages over a network comprising a sending device and a recipient device, characterized by the method comprising the steps in the network of: - transmitting a first electronic message over the network;
- receiving a verification request message in response to transmitting said first electronic message;
- automatically transmitting a verification response message in response to receiving said verification request message.
2. The method of claim 1, wherein said steps are performed in the sending device and said first electronic message is received at the recipient device.
3. The method according to claim 1 or 2, wherein said verification request message and verification response message comprise a verification message link code.
4. The message according to claim 3, wherein said veri- fication message link code is embedded in said verification request message and said verification response message.
5. The method according to claim 3 or 4, wherein said first electronic message is sent from a sender address of said sending device to a recipient address of said recipient device, further comprising the step of transmitting a second electronic message from said sender address to said recipient address, said second electronic message also containing said verification message link code.
6. The method according to claim 5, further comprising the step of receiving a third electronic message from said recipient address, said third electronic message also containing said verification message link code.
7. The method according to the preamble of claim 1 comprising the steps in the network of:
- receiving a first electronic message from a sender address of a sending device over the network; - transmitting a verification request message in response to receiving said first electronic message and receiving a verification response message, said verification request message and verification response message comprising a verification message link code; - transmitting a further electronic message to said sender address, said further electronic message also containing said verification message link code.
8. The method according to claim 7, further comprising the step of receiving a second electronic message from said sender address over said network, said second electronic message containing said verification message link code.
9. The method according to claim 7 or 8, wherein said steps are performed at said recipient device.
10. The method according to claim 9, wherein said recipient device has access to a white list of authorized trusted sender addresses, further comprising the steps of: - verifying whether said white list contains said sender address;
- providing said verification message link code to said further electronic message if said sender address is on said white list.
11. The method according to one or more of the claims
7-10, wherein said verification message link code is embedded in said further electronic message and said verification message.
12. A computer program comprising software code por- tions for performing the steps of one or more of the claims 1- 11.
13. A system configured for performing the method according to claims 1-11.
14. A sending device configured for performing the method according to claims 1-6.
15. A recipient device configured for performing the method according to claims 7-11.
PCT/NL2008/050254 2008-04-25 2008-04-25 Verifying authorized transmission of electronic messages over a network WO2009131437A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP08741675A EP2272223A1 (en) 2008-04-25 2008-04-25 Verifying authorized transmission of electronic messages over a network
PCT/NL2008/050254 WO2009131437A1 (en) 2008-04-25 2008-04-25 Verifying authorized transmission of electronic messages over a network
NL2002796A NL2002796C2 (en) 2008-04-25 2009-04-24 Verifying authorized transmission of electronic messages over a network.

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/NL2008/050254 WO2009131437A1 (en) 2008-04-25 2008-04-25 Verifying authorized transmission of electronic messages over a network

Publications (1)

Publication Number Publication Date
WO2009131437A1 true WO2009131437A1 (en) 2009-10-29

Family

ID=40263472

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/NL2008/050254 WO2009131437A1 (en) 2008-04-25 2008-04-25 Verifying authorized transmission of electronic messages over a network

Country Status (3)

Country Link
EP (1) EP2272223A1 (en)
NL (1) NL2002796C2 (en)
WO (1) WO2009131437A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030009698A1 (en) * 2001-05-30 2003-01-09 Cascadezone, Inc. Spam avenger
US20060031338A1 (en) 2004-08-09 2006-02-09 Microsoft Corporation Challenge response systems
FR2907292A1 (en) * 2006-10-16 2008-04-18 France Telecom MESSAGE CONTROL TO BE TRANSMITTED FROM A TRANSMITTER DOMAIN TO A RECEIVER DOMAIN

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030009698A1 (en) * 2001-05-30 2003-01-09 Cascadezone, Inc. Spam avenger
US20060031338A1 (en) 2004-08-09 2006-02-09 Microsoft Corporation Challenge response systems
FR2907292A1 (en) * 2006-10-16 2008-04-18 France Telecom MESSAGE CONTROL TO BE TRANSMITTED FROM A TRANSMITTER DOMAIN TO A RECEIVER DOMAIN

Also Published As

Publication number Publication date
EP2272223A1 (en) 2011-01-12
NL2002796A1 (en) 2009-10-27
NL2002796C2 (en) 2011-04-04

Similar Documents

Publication Publication Date Title
US8073912B2 (en) Sender authentication for difficult to classify email
US7529802B2 (en) Method for performing multiple hierarchically tests to verify identity of sender of an email message and assigning the highest confidence value
US6546416B1 (en) Method and system for selectively blocking delivery of bulk electronic mail
US8126971B2 (en) E-mail authentication
US8219630B2 (en) System and method for detecting and filtering unsolicited and undesired electronic messages
US7917757B2 (en) Method and system for authentication of electronic communications
US9021560B1 (en) Authorization via web of subsequent message delivery from a specified sender
US20030212791A1 (en) Method and system for authorising electronic mail
US20060004896A1 (en) Managing unwanted/unsolicited e-mail protection using sender identity
US20080313704A1 (en) Electronic Message Authentication
US9444647B2 (en) Method for predelivery verification of an intended recipient of an electronic message and dynamic generation of message content upon verification
EP1575228B1 (en) Method and apparatus for reducing e-mail spam and virus distribution in a communications network by authenticating the origin of e-mail messages
US10284597B2 (en) E-mail authentication
US20060143136A1 (en) Trusted electronic messaging system
WO2004107137A2 (en) Method and code for authenticating electronic messages
US20230007011A1 (en) Method and system for managing impersonated, forged/tampered email
US20080276318A1 (en) Spam detection system based on the method of delayed-verification on the purported responsible address of a message
WO2008015669A2 (en) Communication authenticator
NL2002796C2 (en) Verifying authorized transmission of electronic messages over a network.
US20070192420A1 (en) Method, apparatus and system for a keyed email framework
JP2009505216A (en) System and method for detecting and filtering unsolicited electronic messages
Orman From Whom?: SMTP Headers Hold the Clues
AU2003203794A1 (en) A method and system for authorising electronic mail
JP2012069125A (en) System and method for detecting and filtering unsolicited and undesired electronic messages

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08741675

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2008741675

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE