Patent application number | Description | Published |
20090006531 | CLIENT REQUEST BASED LOAD BALANCING - A method for balancing load in a network system, having a plurality of clients initiating transactions with a plurality of servers. For each transaction a host name associated with one or more servers capable of completing the transaction is specified. The client initiates a request to resolve the host name and a plurality of IP addresses are returned. The client randomly communicates with one of the IPs identified as capable of completing the transaction and reports on the success of the transaction. If multiple attempts to the same IP fail, the IP is removed from service by the client. | 01-01-2009 |
20100174788 | HONORING USER PREFERENCES IN EMAIL SYSTEMS - In a distributed email system, user preferences respected more effectively by presenting messages marked for deletion to secondary messaging servers having access to user preferences. Messages marked for deletion by inbound servers are presented to secondary level servers having access to user white lists and the choice of whether to delete the suspect message is made by the secondary server. | 07-08-2010 |
20100175103 | REACTIVE THROTTLING OF INBOUND MESSAGES AND RANGES - A method for throttling inbound email messages in an enterprise email system including a plurality of inbound mail servers and at least one management server is provided. Policies defining message event limits for each unique sender are applied to messaging events from the unique sender at each inbound server. Feedback from each of the inbound mail servers to the management server is provided. When events from a unique sender exceed a threshold, as determined by the management server using the feedback, an alert is generated and a new, more restrictive policy for the unique sender is created. The more restrictive policy is broadcast the more restrictive policy to each of the inbound mail servers. | 07-08-2010 |
20100205259 | EMAIL MANAGEMENT BASED ON USER BEHAVIOR - Methods for assisting email users manage email messages received in an email account. An event is triggered by an action performed by an email user with respect to an email message in an email account. The event identifies an entity associated with the email message (e.g., sender address, domain, keyword, etc.). A determination is made whether to assist the user manage their email based on a heuristic. The heuristic assigns weights based on prior events associated with the same entity to determine whether the user is interested in receiving emails from the sender. Based on the heuristics, the method may add the sender to the user's block-list or unsubscribe the user from a mailing list. | 08-12-2010 |
20100251362 | DYNAMIC SPAM VIEW SETTINGS - A method of displaying email messages to a user is provided. Spam classification information and meta data is associated with email messages received for a user. Email message summary information is displayed in a user interface based on whether the meta data associated with the message meets or exceeds a threshold display level for the summary information. The user provides input via the user interface which is an indication to change the threshold display level and the change is dynamically displayed. | 09-30-2010 |
20100332601 | REAL-TIME SPAM LOOK-UP SYSTEM - A system and method of managing unsolicited email sent to an email system over a network. Email messages are received at an message at an inbound mail transfer agent. A determination is made as to whether the email message is suspected to be an unsolicited suspect message. One or more queries for additional information on one or more characteristics of the message is initiated. Determinations are made based on replies to the queries before issuing a message accepted for delivery indication to a sending server. | 12-30-2010 |
20110138062 | RECIPROCAL PUBLIC TRUST RELATIONSHIP - Publicly accessible linking information is to establish a trusted relationship between reciprocally linked entities controlling web resources, such as websites or web logs. A method of establishing a trust relationship between two entities identifying a user-installed link to a second web resource in a first web resource. Next, the method determines when a reciprocal link is made in the second web resource directed to the first web resource and creates a trust relationship between the entities based on the reciprocal link. | 06-09-2011 |
20110191832 | RESCUING TRUSTED NODES FROM FILTERING OF UNTRUSTED NETWORK ENTITIES - Network entities controlling a set of nodes may vary by trustworthiness, such as tolerance for nodes that send spam, distribute malware, or perform denial-of-service attacks. A device receiving such activities may identify a trust rating of the network entity and apply appropriately stringent filtering (such as spam evaluation) to activities received from nodes controlled by the network entity. However, a poor trust rating of a network entity may subject a legitimate node controlled by the network entity to inefficiently or unfairly stringent activity filtering. Instead, the device may evaluate the activities of a particular node, assign a trust rating to the node, and if the trust rating of the node is higher than the trust rating of the network entity, apply less stringent activity filtering to the activities of the node, thereby “rescuing” the node from the more stringent activity filtering applied to the other nodes of the network entity. | 08-04-2011 |
20110191847 | ACTIVITY FILTERING BASED ON TRUST RATINGS OF NETWORK ENTITIES - The filtering of activities generated by nodes of a network while interacting with a device may be performed by evaluating the desirability of the activities (e.g., a spam or not-spam determination of email messages sent by the node) and assigning a trust rating to the node. However, nodes are often identified by network address, and an operator of a node sending undesirable activities may reassign the network address of the node in order to avoid heavy filtering. Instead, nodes may be identified as being controlled by a network entity (e.g., an autonomous system identified in a border gateway protocol routing table.) The network entity is assigned a network entity trust rating based on the trust ratings of the nodes controlled thereby, and an appropriate level of activity filtering based on the network entity trust rating may be selected for subsequent activities received from all nodes controlled by the network entity. | 08-04-2011 |
20110246583 | Delaying Inbound And Outbound Email Messages - A computer implemented system and method to enable protection of email users from unsolicited bulk email using a message delivery delay based on characteristics detected in selected messages. Messages are evaluated for characteristics resembling unsolicited bulk email. A determination is made whether a message passing through the email system exhibits such characteristics and whether to delay the message. Suspect messages may be delayed for a period of time, the delay period being dependent on the characteristics giving rise to a determination to delay. Following the period, additional information received during the delay period characterizing the message is used to determine whether to dispose or deliver the message. Messages evaluated can be inbound to the email system, outbound to other email systems, or moving within the email system. | 10-06-2011 |
20110246584 | Personalized Email Interactions Applied To Global Filtering - A computer implemented method for filtering unwanted bulk email in an email system and providing a positive user experience is provided. The method enables protection of email users from unsolicited bulk email using user-provided data on user interactions at both a user storage level and a global level with an email system. Metadata on user interactions with messages is collected. Messages are received by the system and evaluated using a global filter which assigns a score resulting in a message action. The action may be message delivery, message non-delivery or message routing, based on a score assigned by the global filter. When the message is delivered to user storage, the message may be examined relative to the metadata, and may alter the message action to an action different than the message action resulting from the score. Metadata for a plurality of users is returned to the global filter for use in making filtering future messages and modifies the global filter. | 10-06-2011 |
20110296003 | USER ACCOUNT BEHAVIOR TECHNIQUES - User account behavior techniques are described. In implementations, a determination is made as to whether interaction with a service provider via a user account deviates from a model. The model is based on behavior that was previously observed as corresponding to the user account. Responsive to a determination that the interaction deviates from the model, the user account is flagged as being potentially compromised by a malicious party. | 12-01-2011 |
20110296524 | Campaign Detection - Campaign detection techniques are described. In implementations, a signature is computed for each of a plurality of emails to be communicated by a service provider to respective intended recipients. A determination is made that two or more of the plurality of emails is similar based on the respective signatures. Responsive to a finding that a number of similar emails exceeds a threshold, an indication is output that the similar emails have a likelihood of being involved in a spam campaign. | 12-01-2011 |
20120246720 | USING SOCIAL GRAPHS TO COMBAT MALICIOUS ATTACKS - Detection of user accounts associated with spammer attacks may be performed by constructing a social graph of email users. Biggest connected components (BCC) of the social graph may be used to identify legitimate user accounts, as the majority of the users in the biggest connected components are legitimate users. BCC users may be used to identify more legitimate users. Using degree-based detection techniques and PageRank based detection techniques, the hijacked user accounts and spammer user accounts may be identified. The users' email sending and receiving behaviors may also be examined, and the subgraph structure may be used to detect stealthy attackers. From the social graph analysis, legitimate user accounts, malicious user accounts, and compromised user accounts can be identified. | 09-27-2012 |
20120259929 | GEO-DATA SPAM FILTER - Geo-data spam filters are described. In one or more implementations, origin data and language data of a message are evaluated to establish a score for the message indicating a likelihood that the message is spam. The evaluation includes comparing the origin data and the language data to ranked lists indicating message origins and languages with which a respective message recipient interacts positively and ranked lists indicating message origins and languages with which the respective recipient interacts negatively. Interactions of the respective recipient with previously sent messages may be tracked to form these lists. Based on the score established by evaluating the origin data and the language data of the message, the message is filtered for delivery. | 10-11-2012 |
20120290712 | Account Compromise Detection - Techniques for account compromise detection are described. In one or more implementations, a usage pattern is established for a user account of a service provider, where the service provider is configured to provide a plurality of web services for access via a network and the usage pattern describes interaction with one or more of the plurality of web services. A deviation is detected in subsequent activity associated with the user account from the usage pattern and a determination is made as to whether compromise the user account is likely based at least in part on the detection. | 11-15-2012 |
20130086180 | Message Classification and Management - Message management and classification techniques are described. In one or more implementations, a message received from a sender for delivery via a user account is examined to extract one or more features of the message. A determination is then made as to whether the message corresponds to one or more categories based on the extracted features, the categories usable to enable features to be applied to the message in a user interface. | 04-04-2013 |
20130185791 | VOUCHING FOR USER ACCOUNT USING SOCIAL NETWORKING RELATIONSHIP - Trusted user accounts of an application provider are determined. Graphs, such as trees, are created with each node corresponding to a trusted account. Each of the nodes is associated with a vouching quota, or the nodes may share a vouching quota. Untrusted user accounts are determined. For each of these untrusted accounts, a trusted user account that has a social networking relationship is determined. If the node corresponding to the trusted user account has enough vouching quota to vouch for the untrusted user account, then the quota is debited, a node is added for the untrusted user account to the graph, and the untrusted user account is vouched for. If not, available vouching quota may be borrowed from other nodes in the graph. | 07-18-2013 |
20140108578 | Geo-Data Spam Filter - Geo-data spam filters are described. In one or more implementations, origin data and language data of a message are evaluated to establish a score for the message indicating a likelihood that the message is spam. The evaluation includes comparing the origin data and the language data to ranked lists indicating message origins and languages with which a respective message recipient interacts positively and ranked lists indicating message origins and languages with which the respective recipient interacts negatively. Interactions of the respective recipient with previously sent messages may be tracked to form these lists. Based on the score established by evaluating the origin data and the language data of the message, the message is filtered for delivery. | 04-17-2014 |
20140289428 | Dynamic Intervals for Synchronizing Data - In embodiments of dynamic intervals for synchronizing data, the data is periodically synchronized between computing devices, such as between server devices, client devices, and/or between client and server devices. A polling optimization service can assess heuristics that are associated with the data synchronizations between the computing devices, and determine optimal dynamic intervals to periodically synchronize the data based on the heuristics. The polling optimization service can then iterate to further assess the heuristics that are associated with subsequent data synchronizations and determine updates of the optimal dynamic intervals. The polling optimization service updates the heuristics based on the subsequent and ongoing data synchronizations, and iterates to update the optimal dynamic intervals based on the updated heuristics. | 09-25-2014 |