[go: up one dir, main page]

CN101060421A - A garbage mail processing system and garbage mail sorting method - Google Patents

A garbage mail processing system and garbage mail sorting method Download PDF

Info

Publication number
CN101060421A
CN101060421A CNA2006100351554A CN200610035155A CN101060421A CN 101060421 A CN101060421 A CN 101060421A CN A2006100351554 A CNA2006100351554 A CN A2006100351554A CN 200610035155 A CN200610035155 A CN 200610035155A CN 101060421 A CN101060421 A CN 101060421A
Authority
CN
China
Prior art keywords
mail
degree
belief
trust
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2006100351554A
Other languages
Chinese (zh)
Other versions
CN100490392C (en
Inventor
周颢
谢尚成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CNB2006100351554A priority Critical patent/CN100490392C/en
Publication of CN101060421A publication Critical patent/CN101060421A/en
Application granted granted Critical
Publication of CN100490392C publication Critical patent/CN100490392C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

本发明涉及一种垃圾邮件处理系统,包括设置在邮件服务器SMTP中的垃圾邮件过滤器模块、病毒分析器模块,还包括:(1)邮箱监视器模块,用于监视邮箱操作行为,对邮件分检;(2)按邮件地址记录有邮件信任度数值的信任度数据库;以及(3)信任度评判模块,该模块调用信用度数据库中存储的当前邮件的信任度值与预定的参考信任度数值比较分检当前邮件;邮箱过滤器模块根据过滤器模块,病毒分析器模块,以及信任度评判模块对邮件的处理结果,修改信任度数据库中存储的该邮件的信任度数值,降低被分检为垃圾邮件的邮件信任度值,升高被分检为正常邮件的邮件信任度值。应用本发明的系统能够提高对邮件的处理、分检效果,增强对恶意来访的防范。

Figure 200610035155

The present invention relates to a spam processing system, which includes a spam filter module and a virus analyzer module arranged in the mail server SMTP, and also includes: (1) a mailbox monitor module, which is used to monitor the operation behavior of the mailbox and analyze the mail (2) a trust degree database that records mail trust degree values by mail addresses; and (3) a trust degree evaluation module, which calls the trust degree value of the current mail stored in the credit degree database and compares it with a predetermined reference trust degree value Sorting the current mail; the mailbox filter module modifies the trust value of the mail stored in the trust database according to the processing results of the filter module, the virus analyzer module, and the trust evaluation module, so as to reduce the number of being sorted as garbage Mail trust value of mail, increase the trust value of mail sorted as normal mail. The application of the system of the invention can improve the effect of processing and sorting mails, and enhance the prevention of malicious visits.

Figure 200610035155

Description

一种垃圾邮件处理系统及分检垃圾邮件的方法A spam processing system and method for sorting spam

技术领域technical field

本发明涉及电子信息传输中的处理技术,特别是涉及到对垃圾邮件的处理、分检以及对恶意来访者的有效防范。The invention relates to the processing technology in electronic information transmission, in particular to the processing and sorting of junk mails and the effective prevention of malicious visitors.

技术背景technical background

随着网络信息社会的到来,垃圾邮件一直在困扰着邮箱服务器的管理者和广大的用户。为了清除日益增多的垃圾邮件,邮箱服务器的管理者设计了白、黑名单的审核系统,将有过失的邮箱地址和域名列入黑名单,将绝对可信任的列入白名单,从而可以快速处理邮件。现有的白、黑名单技术太过于绝对化,不能有效得解决黑白名单动态变化的情况。假如一个垃圾邮件发件者利用偷来的邮箱(白名单邮箱)发垃圾邮件,或是白名单用户机器异常(中毒或中木马),那么白、黑名单反而会带来严重的负面效果。现有的白、黑名单的成员地址产生过于人工化,并不能很好的解决自动产生和随时增补的问题。With the advent of the network information society, spam has been bothering the administrators of mailbox servers and the majority of users. In order to eliminate the increasing amount of spam, the manager of the mailbox server has designed a whitelist and blacklist audit system, which blacklists the email addresses and domain names that are at fault, and puts absolutely trustworthy email addresses and domain names into the whitelist, so that they can be processed quickly mail. The existing white and black list technologies are too absolute and cannot effectively solve the situation of dynamic changes in black and white lists. If a spam sender uses a stolen mailbox (whitelist mailbox) to send spam, or the machine of a whitelist user is abnormal (poisoned or Trojan horse), then the whitelist and blacklist will bring serious negative effects. The generation of member addresses of the existing white and black lists is too artificial, and it cannot solve the problem of automatic generation and addition at any time.

现有技术中还在邮箱服务器STMP中设置了垃圾邮件过虑系统或病毒分析系统,能够对各种违规关键词和可疑代码出现的邮件进行有效的拦截,但并不能对通过的邮件做出绝对可靠的结论。现有的邮件过滤系统过于分散(黑、白名单、垃圾过滤器,病毒过滤器各自独立运作),不能对目标对象当前是否可靠产生一个动态的综合总体评价,无法以时间的综合影响来评价对象,进行判断。即时间综合影响判断还不能在现有邮件过滤系统中体现。In the prior art, a spam filtering system or a virus analysis system is also installed in the STMP of the mailbox server, which can effectively intercept various illegal keywords and suspicious codes, but cannot make an absolutely reliable analysis of the passed emails. conclusion. The existing mail filtering system is too scattered (blacklist, whitelist, spam filter, and virus filter operate independently), and it is impossible to produce a dynamic comprehensive evaluation of the current reliability of the target object, and it is impossible to evaluate the object based on the comprehensive impact of time , to judge. That is, the judgment of the comprehensive impact of time cannot be reflected in the existing mail filtering system.

现有的过滤器只是利用正常邮件、垃圾邮件的内容或结构区别特征进行过滤。假如能利用收件人对待正常邮件、垃圾邮件的处理态度特征对过滤判定过程进行影响,则可大大提高整个过滤系统的性能。但现有的邮件过滤系统并无此能力。Existing filters only use the content or structure distinguishing features of normal emails and spam emails to filter. If the characteristics of the recipient's attitude toward normal mail and spam can be used to affect the filtering judgment process, the performance of the entire filtering system can be greatly improved. But the existing mail filtering system does not have this ability.

发明内容Contents of the invention

本发明目的在解决现有的垃圾邮件处理中黑、白名单的生成基本依靠人工来完成,无法适应黑、白名单动态变化的问题,以及垃圾邮件得临时动态随机特点,导致恶意发件人被黑名单的有效堵截不能长久的问题。The purpose of the present invention is to solve the problem that the generation of black and white lists in the existing spam processing is basically done manually, and cannot adapt to the dynamic changes of black and white lists, and the temporary dynamic random characteristics of spam, resulting in malicious senders being arrested. The effective interception of the blacklist cannot last long.

为解决上述问题,本发明提供了一种垃圾邮件处理系统,该系统包括设置在邮件服务器SMTP中的垃圾邮件过滤器模块、病毒分析器模块,其特征在于:还包括:In order to solve the above problems, the invention provides a spam processing system, the system includes a spam filter module and a virus analyzer module arranged in the mail server SMTP, it is characterized in that: it also includes:

(1)邮箱监视器模块,用于监视邮箱操作行为,对邮件分检;(1) Mailbox monitor module, used to monitor the operation behavior of mailboxes and sort mails;

(2)按邮件地址记录有邮件信任度数值的信任度数据库;以及(2) a trust degree database that records mail trust degree values according to mail addresses; and

(3)信任度评判模块,该模块调用信用度数据库中存储的当前邮件的信任度值与预定的参考信任度数值比较分检当前邮件;(3) degree of trust evaluation module, this module transfers the degree of trust value of the current mail stored in the credit degree database and the predetermined reference degree of trust value to compare and sort out the current mail;

邮箱过滤器模块根据过滤器模块,病毒分析器模块,以及信任度评判模块对邮件的处理结果,修改信任度数据库中存储的该邮件的信任度数值,降低被分检为垃圾邮件的邮件信任度值,升高被分检为正常邮件的邮件信任度值。The mailbox filter module modifies the trust value of the mail stored in the trust database according to the processing results of the filter module, the virus analyzer module, and the trust evaluation module, and reduces the trust degree of the mail sorted as spam value, increases the confidence value of messages that are sorted as clean.

优选的,所述信任度评判模块评判的方式为绝对信任判断或者相对信任判断。Preferably, the evaluation method of the trust evaluation module is an absolute trust evaluation or a relative trust evaluation.

优选的,初始状态下,信任度数据库中存储的信任度值为低。Preferably, in the initial state, the trust value stored in the trust database is low.

优选的,信任度数据库中存储有域级的信任度关系数据;Preferably, domain-level trust relationship data is stored in the trust database;

邮件监视器模块的裁决范围为邮箱地址所在的域,即邮件监视器模块收集转呈当前邮件的邮件地址,并依据对当前邮件的分检结果修改转呈当前邮件的邮件地址的信任度数据。The adjudication scope of the email monitor module is the domain where the email address is located, that is, the email monitor module collects the email address forwarded to the current email, and modifies the trust degree data of the email address forwarded to the current email according to the sorting result of the current email.

本发明中,垃圾邮件处理系统中的邮件信任度判定系统,参考借鉴社会的个人信用的评估机制,建立一套对邮件来源地址、域的综合评估机制,除含括现有垃圾邮件过滤引擎,反病毒引擎的对来源地址、域的评价影响外,还独创性的加入时间综合影响、收件人对待正常邮件、垃圾邮件的处理态度特征影响的邮箱监视系统,并在绝对信任判断与相对信任判断两个层次上对邮件进行信任判决,以达到具有时间和历史积累作用形成的邮件信任度数据库,实际上它是一个包含有自动生成的黑白名单的动态数据库。在以上系统中,垃圾邮件过滤系统、病毒分析系统,邮箱监视系统,都是信任度判决者。每一次判决均会对邮件信任度数据库产生影响,使其不断更新,对准确的阻截垃圾邮件具有显著的支持作用。In the present invention, the mail trust degree judgment system in the junk mail processing system refers to the evaluation mechanism of personal credit in the society for reference, and establishes a set of comprehensive evaluation mechanism to the mail source address and domain, except including the existing junk mail filtering engine, In addition to the impact of the anti-virus engine on the evaluation of source addresses and domains, it also has an original mailbox monitoring system that is influenced by the comprehensive impact of joining time and the recipient's attitude towards normal emails and spam emails. Judgment Two levels of trust judgment are made on emails to achieve an email trust database formed by the accumulation of time and history. In fact, it is a dynamic database containing automatically generated black and white lists. Among the above systems, spam filtering system, virus analysis system, and mailbox monitoring system are all judges of trust. Every judgment will have an impact on the mail trust database, which will be continuously updated, and has a significant supporting role in accurately blocking spam.

本发明还提供了一种分检垃圾邮件的方法,该方法应用的系统包括经过黑、白名单审核模块、垃圾邮件过滤器模块、病毒分析器模块,其特征在于:该方法包括步骤:The present invention also provides a kind of method of sorting spam, the system that this method applies comprises through blacklist, white list examination module, spam filter module, virus analyzer module, it is characterized in that: this method comprises steps:

(1)按邮件的地址从信任度数据库中找出相对应源地址的信任度数值与设定范围相比较,大于设定范围最大值以上的判定为正常邮件,将邮件分检入正常邮箱;小于设定范围最小值以下的判定为垃圾邮件,将邮件分检入垃圾邮箱;落在设定范围的最大最小值之间的进行步骤(2);(1) According to the address of the mail, find out the trust value of the corresponding source address from the trust degree database and compare it with the set range, if it is greater than the maximum value of the set range, it is judged as a normal mail, and the mail is checked into the normal mailbox; The judgment below the minimum value of the set range is spam, and the mail is checked into the junk mailbox; the step (2) is carried out between the maximum and minimum values of the set range;

(2)经垃圾过滤器模块和病毒分析器模块做进一步分检处理,在两次过滤分检处理过程中,任何一次过滤不合格,则将邮件判定为垃圾邮件,分检到垃圾邮箱,两次过滤均合格的进行步骤(3);(2) After the garbage filter module and the virus analyzer module are further sorted and processed, during the two filtering and sorting processes, if any one filter is unqualified, the mail will be judged as spam, and it will be sorted into the junk mailbox. Perform step (3) if the filtering is qualified for the second time;

(3)将信任度数据库中相对应源地址的信任度数值与设定范围最大最小值的平均值进行比对,大于该平均值的邮件判定为正常邮件,将邮件分检入正常邮箱,小于该平均值的邮件判定为垃圾邮件,将邮件分检入垃圾邮箱;(3) Compare the trust degree value corresponding to the source address in the trust degree database with the average value of the maximum and minimum values in the set range, and the mails greater than the average value are judged as normal mails, and the mails are sorted into normal mailboxes, and those less than The mail with the average value is judged as spam, and the mail is checked into the junk mailbox;

(4)按对邮件处理的结果,修订信任度数据库中邮件来源地址对应的信任度值,增加正常邮件地址对应的信任度值,减少垃圾邮件地址对应的信任度值。(4) According to the results of mail processing, the trust value corresponding to the mail source address in the trust database is revised, the trust value corresponding to the normal mail address is increased, and the trust value corresponding to the spam address is reduced.

优选的,对分检过程中所做出的每一次判定结果,均修订信任度数据库中邮件来源地址对应的信任度值。Preferably, for each judgment result made in the sorting process, the trust value corresponding to the mail source address in the trust database is revised.

优选的,服务器接收邮件后,首先核对信用度数据库中记录,判定是否为初访用户,若不是则转入步骤(1)处理,若是则先在配套数据库中对应初访邮箱地址赋予一个偏低的信任度数值,再转入步骤(1)处理。Preferably, after the server receives the email, it first checks the records in the credit database to determine whether it is a first-time visitor, if not, then proceed to step (1) for processing, if so, first assign a low e-mail address corresponding to the first-time visitor email address in the supporting database trust value, and then turn to step (1) for processing.

优选的,修订信任度数据库中邮件来源地址对应的信任度值的步骤还包括:Preferably, the step of revising the trust value corresponding to the mail source address in the trust database further includes:

依据对当前邮件来源地址对应的信任度值的增减,增减获得的转发当前邮件的其他邮件地址的信任度值。According to the increase or decrease of the trust value corresponding to the source address of the current mail, the obtained trust value of other mail addresses forwarding the current mail is increased or decreased.

本发明的积极效果在于在邮件服务器中对目标对象形成一个有效的整体信任度的评估体系,以邮件信任度,实际上是以发件人的信任度来评价收到邮件的可靠程度,可以在现有的邮件辩识系统中有效得提高过滤拦截率与减小误判率。更重要的意义在于评估体系以动态的信用度变化来代替绝对的黑白名单,有更高的自适应能力,可以适应动态变化的邮件环境,又可以解决自动黑白名单生成困难的问题。系统可以体现历史时间累积效应的影响,历史时间的累积效应会使得目标对象的信任度趋向可以正确表达其是否可靠的水平,故可更准确的分辩邮件,而人本恶原则,更适合于过滤有动态发件人特征的垃圾邮件。本邮件信任度判定系统中,综合加入以人对正常邮件、垃圾邮件的不同情感处理态度特征进行判定影响,比现有的系统更加的科学有效。长时间应用下对域的累积作用,与传递原则的应用,有助于在系统级快速形成一个安全目标对象信任关系网,使垃圾邮件发起者更加难以渗入。The positive effect of the present invention is to form an effective evaluation system for the overall trust degree of the target object in the mail server, to evaluate the reliability of the received mail with the trust degree of the mail, in fact, with the trust degree of the sender, which can be used in In the existing mail identification system, the filter interception rate can be effectively improved and the misjudgment rate can be reduced. The more important significance is that the evaluation system replaces the absolute black and white lists with dynamic credit changes, which has a higher adaptive ability, can adapt to the dynamically changing email environment, and can solve the problem of automatic black and white lists. The system can reflect the influence of the cumulative effect of historical time. The cumulative effect of historical time will make the trust of the target object tend to be able to correctly express whether it is reliable, so it can distinguish emails more accurately, and the principle of human beings is more suitable for filtering Spam with dynamic sender characteristics. In this e-mail trust degree judgment system, it is more scientific and effective than the existing system to comprehensively add the influence of people's different emotional processing attitude characteristics on normal e-mails and spam e-mails. The cumulative effect on the domain under long-term application and the application of the delivery principle help to quickly form a trust relationship network of security target objects at the system level, making it more difficult for spam initiators to infiltrate.

附图说明Description of drawings

图1是根据配套数据库中的邮箱信任度值进行邮件判决的图示。Fig. 1 is an illustration of mail judgment according to the mailbox trust value in the supporting database.

图2是垃圾邮件处理系统中,实现信任评估及邮件判断的示意图。Fig. 2 is a schematic diagram of implementing trust evaluation and mail judgment in the spam processing system.

图3是本发明分检垃圾邮件的示意图。Fig. 3 is a schematic diagram of sorting spam according to the present invention.

图4是监视器模块扩大到域级监视的示例。Figure 4 is an example of a monitor module extended to domain-level monitoring.

图中,1绝对信任判断、2垃圾邮件过滤器模块、3病毒过滤器模块、4邮件监视器模块、5相对信任判断、6信任度数据库、7正常邮箱、8垃圾邮箱、A9用户、B10用户、C11用户、12收信系统。In the figure, 1 Absolute Trust Judgment, 2 Spam Filter Module, 3 Virus Filter Module, 4 Mail Monitor Module, 5 Relative Trust Judgment, 6 Trust Degree Database, 7 Normal Mailbox, 8 Junk Mailbox, A9 User, B10 User , C11 user, 12 receiving system.

具体实施方式Detailed ways

下面结合附图进一步说明本发明的目的是如何实现的。How to achieve the object of the present invention will be further described below in conjunction with the accompanying drawings.

为了更简明、清楚的陈述发明内容首先介绍专用术语。In order to state the content of the invention more concisely and clearly, special terms are firstly introduced.

邮件信任度:用于代表作用对象(对邮件系统来说,作用对象是发件人或发件域)的可信程度。邮件信任度值越低则作用对象越不可靠,反之,越高则越可靠。在本邮件信任度判定系统中,可靠指的是正常邮件的可能机率越可靠,其为正常邮件的机率高,反之,其为正常邮件的机率越低。在邮件信任系统中以人本恶为原则基于垃圾邮件发件人信任度较低而又经常变换地址。Email trustworthiness: it is used to represent the trustworthiness of the target (for the email system, the target is the sender or sending domain). The lower the email trust value, the more unreliable the target is, on the contrary, the higher the trust value, the more reliable it is. In this mail trust degree judgment system, reliable means that the more reliable the possible probability of a normal mail is, the higher the probability that it is a normal mail, and vice versa, the lower the probability that it is a normal mail. In the email trust system, the principle of human beings is evil is based on the fact that spam senders have a low degree of trust and often change addresses.

信任度判决者:在信任度判定系统中,信任判决者担任法官的角色,可以对所有的行为进行判定。对行为的裁决定性,会产生判决结果,直接影响作用对象的信任度数值的变动。Trust judge: In the trust judgment system, the trust judge acts as a judge and can judge all actions. The determination of the behavior will produce a judgment result, which directly affects the change of the trust value of the target.

信任判决:由信任判决者对目标对象的行为是否违反信用的一次判定,会产生合法或违法、无法判定三种对目标对象的作用结果,分别对应信用度增加、信用度大幅下降、信用度不变三种信用度值变化结果。经过信任判决的长期累积作用,使得作用对象的邮件信任度趋向于可以正确表达其是否可靠。Trust Judgment: A judgment made by the trust judge on whether the behavior of the target object violates the credit will produce three effects on the target object: legal or illegal, and undeterminable, which correspond to three types of results: increase in credit, sharp decline in credit, and unchanged credit Credit value change results. After the long-term cumulative effect of trust judgments, the trust degree of the object's mail tends to be able to correctly express whether it is reliable.

信任判定:由信任度判定系统依当前目标对象的信任度对其某次邮件行为是否可靠所做出的一个评估判断,分绝对信任判断与相对信任判断两种。Trust Judgment: An evaluation and judgment made by the trust degree judgment system based on the trust degree of the current target object whether a certain email behavior is reliable, divided into two types: absolute trust judgment and relative trust judgment.

绝对信任判断:是根据目标对象的信任度,对其某次行为进行绝对的性质判断,产生可靠、不可靠、未确定三种结果。其特点是只有信任度非常明显的接近最小或最大值,已可明显的表现是否可靠才做出可靠或不可靠的判断结果,而其余一概判断为未确定。Absolute Trust Judgment: Based on the trust degree of the target object, make an absolute judgment on the nature of a certain behavior, and produce three results: reliable, unreliable, and undetermined. Its characteristic is that only when the trust degree is very obviously close to the minimum or maximum value, and it is already obvious whether the performance is reliable, can a reliable or unreliable judgment result be made, while the rest are all judged as undetermined.

相对信任判断:是根据目标对象的信任度,对其某次行为是否可靠进行可能性预测,产生可能可靠与可能不可靠两种预测结果。其特点是只要可靠与不可靠的两种机率中有一种大于对方,就承认机率大的一方,做出相对的预测。Relative trust judgment: It is based on the trust degree of the target object to predict the reliability of a certain behavior, and produce two prediction results: possibly reliable and possibly unreliable. Its characteristic is that as long as one of the two probabilities of reliability and unreliability is greater than the other, the one with the higher probability will be recognized and a relative prediction will be made.

参见图1。图1中,a是信任度预设的最小值,c是信任度预设的最大值,b是信任度预设的中间值。在绝对信任度判定中,小于a将判定为绝对不可靠、大于c将判定为绝对可靠、在a-c之间判定为未确定。在相对信任度判定中,a-b之间判定为可能不可靠、b-c之间判定为可能可靠。See Figure 1. In Fig. 1, a is the minimum value of the preset trust degree, c is the maximum value of the preset trust degree, and b is the middle value of the preset trust degree. In the judgment of absolute confidence, if it is less than a, it will be judged as absolutely unreliable, if it is greater than c, it will be judged as absolutely reliable, and if it is between a-c, it will be judged as undetermined. In the judgment of relative confidence, the judgment between a-b is probably unreliable, and the judgment between b-c is probably reliable.

本发明的核心在于:以信任评估、邮件判断与系统级扩展三种方式相结合,建立一套对邮件来源地址、域的综合评估机制,除包括现有反垃圾邮件引擎,反病毒引擎的对来源地址、域的评价影响外,还独创性的加入时间综合影响、收件人对待正常邮件、垃圾邮件的处理态度特征影响,并在绝对信任判断与相对信任判断两个层次上对邮件进行判断分流,以达到比现有更好的自适应分类效果。The core of the present invention lies in: combining trust evaluation, mail judgment and system-level expansion to establish a comprehensive evaluation mechanism for mail source addresses and domains. In addition to the influence of source address and domain evaluation, it also has the original comprehensive influence of joining time, the influence of recipients' attitude towards normal emails and spam emails, and judges emails at two levels: absolute trust judgment and relative trust judgment. Splitting to achieve better adaptive classification results than existing ones.

本发明在垃圾邮件处理系统中涉及到:垃圾邮件过滤器模块2、病毒过滤器模块3、邮件监视器模块4以及专门设置的信任度数据库6和现有技术的收信系统12。The present invention involves in the spam processing system: a spam filter module 2, a virus filter module 3, a mail monitor module 4, a specially set trust degree database 6 and a mail receiving system 12 of the prior art.

图2是垃圾邮件处理系统中,实现信任评估及邮件判断的示意图。其中,垃圾邮件过滤器模块2,病毒邮件过滤器模块3,邮件监视器模块4分别对邮件的可信与否进行判断,并将信任度数据存储在信任度数据库6中,初始状态时,信任度为低。Fig. 2 is a schematic diagram of implementing trust evaluation and mail judgment in the spam processing system. Wherein, the spam filter module 2, the virus mail filter module 3, and the mail monitor module 4 judge whether the mail is credible or not, and store the trust degree data in the trust degree database 6. In the initial state, trust degree is low.

垃圾邮件过滤器模块2通过垃圾过滤引擎判定邮件是否为垃圾邮件,从而对邮件来源地址、域进行奖励(增加信用度)与惩罚(减少信用度)的判决;The spam filter module 2 determines whether the mail is spam by the spam filtering engine, thereby rewarding (increasing credit) and punishing (reducing credit) the mail source address and domain;

病毒邮件过滤器模块3通过病毒过滤引擎判定邮件是否含可疑代码,从而对邮件来源地址、域进行奖励与惩罚等判决。The virus mail filter module 3 judges whether the mail contains suspicious codes through the virus filtering engine, so as to reward and punish the source address and domain of the mail.

邮件监视器模块4是依据邮箱拥有者,对正常邮件、垃圾邮件两种不同邮件的处理行为特征,具体实现可以以邮箱操作行为规则集的方式,归纳出一个规则集,从而对邮件来源地址、域进行奖励与惩罚。例如:正常邮箱内邮件打开很短若干秒内即被删除,甚至未被打开就被删除,表示对其有厌恶的处理倾向,故将对发件人产生惩罚裁决;打开超过一定量的或是产生回复,转发操作的,表示对其有喜好、关注倾向,故将对发件人产生奖励裁决;垃圾箱内的邮件被打开超过一定或是被转移到正常邮箱,表示对其有喜好、关注倾向,将对发件人产生奖励裁决;发邮件,表示对收件人有友好倾向,将对其产生奖励裁决。The mail monitor module 4 is based on the mailbox owner's processing behavior characteristics of two different mails, normal mail and junk mail. The specific implementation can summarize a rule set in the form of a mailbox operation behavior rule set, so as to determine the source address of the mail, The domain rewards and punishes. For example: emails in a normal mailbox will be deleted within a few seconds of opening, or even deleted without being opened, indicating that there is a tendency to dislike it, so the sender will be punished; opening more than a certain amount or If there is a reply or forwarding operation, it means that there is a tendency to like and pay attention to it, so a reward ruling will be issued to the sender; if the email in the trash box is opened beyond a certain point or is transferred to a normal mailbox, it means that there is like and concern about it Tendency, a reward ruling will be issued to the sender; sending an email indicates a friendly tendency to the recipient, and a reward ruling will be generated for it.

结合图2和图3,本发明中对垃圾邮件的分检方法包括:In conjunction with Fig. 2 and Fig. 3, among the present invention, the sorting method to spam comprises:

(1)收信系统12收到邮件后,按邮件的地址从信任度数据库6中调出相对应源地址的信任度数值,进行绝对信任判断,以图1为例,若大于预先设定的c值,判决为正常邮件,直接发往正常邮箱7,即目标地址邮箱,若小于预先设定的a值,则直接发送到垃圾邮箱8,c可根据具体情况设置为2b的75%-95%大小,设定的最大值越大信任度越高。设定的最小值,可根据具体情况设置为2b的5%-25%大小,设定的最小值越小信任度越低。若该邮件对应地址的信任度值在a与c之间,则进行步骤(2)。(1) After the mail receiving system 12 receives the mail, it transfers the trust degree value of the corresponding source address from the trust degree database 6 according to the address of the mail, and carries out absolute trust judgment. Taking Fig. 1 as an example, if it is greater than the preset c value, judged to be a normal email, sent directly to the normal mailbox 7, that is, the target address mailbox, if it is less than the preset a value, it will be sent directly to the junk mailbox 8, and c can be set to 75%-95 of 2b according to the specific situation % size, the larger the maximum value is set, the higher the trustworthiness. The set minimum value can be set to 5%-25% of 2b according to the specific situation. The smaller the set minimum value, the lower the trust degree. If the trust value of the address corresponding to the email is between a and c, proceed to step (2).

(2)将信任度值在a与c之间的邮件,发往垃圾邮件过滤器模块2以及病毒过滤器模块3进行病毒过滤,其中任一次过滤不合格,则将邮件发送至圾邮箱8;若两层过滤均通过,则进行步骤(3)。(2) Send the mails with the trust value between a and c to the spam filter module 2 and the virus filter module 3 for virus filtering, if any filter is unqualified, the mail is sent to the spam mailbox 8; If both layers of filtration pass, proceed to step (3).

(3)重新调出配套数据库6中调出相对应源地址的信任度数值,进行相对信任判断,仍以图1为例,大于b值的判定为正常邮件,送到正常邮箱7,即目标邮箱,小于b值的判定为垃圾邮件,发送到垃圾邮箱8。(3) Call out the trust value of the corresponding source address in the supporting database 6 again, and make a relative trust judgment. Still taking Figure 1 as an example, the judgment greater than the b value is normal mail, and it is sent to the normal mailbox 7, that is, the target Mailbox, if the value is less than b, it is judged as spam and sent to spam mailbox 8.

(4)当邮件被分检到不同的邮箱后,邮箱监视器模块4将根据邮件的处理结果修改其信任度值,并更新信任度数据库6。(4) After the mail is sorted into different mailboxes, the mailbox monitor module 4 will modify its trust degree value according to the processing result of the mail, and update the trust degree database 6 .

图3所示信任关系邮件系统在两个层次上对邮件判定提供支援:绝对信任判断1与相对信任判断5。绝对信任判断1,起最高优先的定性作用,根据信任度对邮件行为进行分类判定与分流,由于其判定的条件非常苛刻,故有非常高的准确性,可用于代替现有的黑白名单技术,并且解决了黑白名单的自动生成问题,与动态自适应变化问题。相对信任判定5,发生在过滤器们都无法判定其为垃圾邮件的情况下,为最低优先级,此时根据信任度对其好坏做一个可能性预测,形成最终判定。两层的信任判定,是以如果明显可靠,马上进行绝对判断,如果不明显,则在最后进行预测评估,这个思想来进行的设计。其在绝对信任判断1可达到非常理想的绝对好坏分类效果,而在相对信任判断5,则是最后提高过滤率的手段。The trust relationship email system shown in Figure 3 provides support for email judgment at two levels: absolute trust judgment 1 and relative trust judgment 5 . Absolute Trust Judgment 1, which plays the qualitative role of the highest priority, classifies, judges and diverts mail behaviors according to the degree of trust. Because the judgment conditions are very harsh, it has very high accuracy and can be used to replace the existing black and white list technology. And it solves the problem of automatic generation of black and white lists, and the problem of dynamic adaptive changes. Relative trust judgment 5, which occurs when the filters cannot judge it as spam, is the lowest priority. At this time, a possibility prediction is made based on the trust degree to form the final judgment. The two-tier trust judgment is designed based on the idea that if it is obvious that it is reliable, an absolute judgment will be made immediately, and if it is not obvious, a predictive evaluation will be made at the end. In absolute trust judgment 1, it can achieve a very ideal absolute good or bad classification effect, while in relative trust judgment 5, it is the last means to improve the filtering rate.

在分检过程中所做出的每一次判定结果均经过管理软件支持,对信任度数据库6内对应地址的信任度值做出奖励或惩罚性的修改;Each judgment result made in the sorting process is supported by the management software, and the trust value of the corresponding address in the trust database 6 is rewarded or punitively modified;

对信任度数据库6的修改,是由收件邮箱拥有者对正常邮件、垃圾邮件的处理和操作方式决定,具体可以由邮箱操作行为为规范化的模式归纳为一个规则集,从而决定对邮件来源地址,或收件地址的信任度数据库作出相应信任度修改的判定;自动生成动态的黑白名单,即列在绝对可信任范围或绝对不可信任范围。The modification of the trust database 6 is determined by the processing and operation methods of normal emails and spam emails by the owner of the receiving mailbox. Specifically, the standardized mode of mailbox operation behavior can be summarized into a rule set to determine the source address of the email. , or the trust degree database of the recipient address makes a judgment on the corresponding trust degree modification; automatically generates a dynamic black and white list, that is, it is listed in the absolutely trustworthy range or the absolutely untrustworthy range.

图4中,实线表示邮件发送方向、虚线表示信任度作用方向、终点对于起点的信任度增加。In Figure 4, the solid line indicates the sending direction of the mail, the dotted line indicates the direction of trust degree action, and the trust degree of the end point increases for the starting point.

结合图4,邮件监视器模块4的监测范围扩展到邮件的传递,由某用户A9向某用户B10传输的邮件经过某用户B10转发到某用户C11,则由监视器系统向某用户A9做出对某用户C11信任的信任度奖励判定,并修改配套数据库对应信任度值,从而形成安全的目标邮箱地址之间稳定的相互信任的关系网结构。In conjunction with Fig. 4, the monitoring scope of the mail monitor module 4 is extended to the transmission of mails, and the mails transmitted from a certain user A9 to a certain user B10 are forwarded to a certain user C11 through a certain user B10, and then the monitoring system makes a decision to a certain user A9 Determine the trust degree reward for the trust of a user C11, and modify the corresponding trust value of the supporting database, so as to form a stable mutual trust relationship network structure between safe target email addresses.

结合图4所示,对信任度数据库6的修正,是根据转发正常邮件的操作由邮箱监视器系统做出的判定对源地址信任度的奖励,从而形成安全目标对象之间的相互信任关系滤网。这就是系统级扩展,是基于信任关系扩展到整个邮件体系,由点到面的扩展应用。扩展如下:一、把所有信任判决的作用积累到作用对象的域,就可以形成一个域级的信任关系,扩展至系统级应用;二、为了加强信任关系的生成与作用,作如下断言,一个信任的对象,其信任的对象也可能是可靠的。将其作用于信任关系系统,定义作用对象的信任度有传递关系:某用户A9向某用户B10发信(某用户B10在某用户A9的信任度增加),某用户B10向某用户C11发信(某用户C11在某用户B10的信任度增加),则此传递关系会导致产生某用户A9向某用户C11发信的同样效果(某用户C11在某用户A9的信任度增加),效果的幅度与中间对象(某用户B10)的信任度成正比。此传递关系为不可逆单向传递,由邮件系统作为信任裁决者向某用户A9做出对某用户C11的信任度奖励。经于传递作用,可以加剧信任各角色信任度的变化速度,目的是使现有安全的目标对象之间形成一个稳定的相互信任的关系网结构社区,而使得作为外来者的垃圾邮件发起对象,更加难以渗透。As shown in Fig. 4, the correction to the trust degree database 6 is based on the judgment made by the mailbox monitor system to reward the source address trust degree according to the operation of forwarding normal mail, thereby forming a mutual trust relationship filter between security target objects. net. This is the system-level extension, which extends to the entire mail system based on the trust relationship, and is extended from point to surface. The expansion is as follows: 1. By accumulating the functions of all trust judgments to the domain of the target, a domain-level trust relationship can be formed and extended to system-level applications; 2. In order to strengthen the generation and function of trust relationships, the following assertion is made, a The object of trust, the object of its trust may also be reliable. Apply it to the trust relationship system, and define the trust degree of the action object to have a transitive relationship: a certain user A9 sends a letter to a certain user B10 (the trust degree of a certain user B10 in a certain user A9 increases), and a certain user B10 sends a letter to a certain user C11 (the trust degree of a certain user C11 in a certain user B10 increases), then this transfer relationship will lead to the same effect of a certain user A9 sending a letter to a certain user C11 (the trust degree of a certain user C11 in a certain user A9 increases), the magnitude of the effect It is proportional to the trust degree of the intermediate object (a certain user B10). This transfer relationship is an irreversible one-way transfer, and the mail system acts as a trust arbiter to reward a user A9 with a degree of trust for a user C11. Through the transfer function, it can intensify the change speed of the trust degree of each role of trust. The purpose is to form a stable mutual trust relationship network structure community among the existing security target objects, so that the spam initiator as an outsider, more difficult to penetrate.

以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内所作的任何修改,等同替代和改进等,均应包含在本发明的保护范围内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications made within the spirit and principles of the present invention, equivalent substitutions and improvements, etc., should be included in the protection of the present invention. within range.

Claims (8)

1. spam treatment system, this system comprises twit filter module, the virus analysis device module that is arranged among the mail server SMTP, it is characterized in that: also comprise:
(1) mailbox monitor module is used to monitor the mailbox operation behavior, to mail-sorting;
(2) record the degree of belief database that mail is trusted number of degrees value by addresses of items of mail; And
(3) degree of belief is passed judgment on module, and the degree of belief value of the current mail of storing in this module invokes credit rating database and predetermined reference degree of belief numeric ratio are than the current mail of go-on-go;
The mailbox filter module is according to filter module, virus analysis device module, and degree of belief is passed judgment on the result of module to mail, revise the degree of belief numerical value of this mail of storing in the degree of belief database, reduction is the mail degree of belief value of spam by go-on-go, and raising by go-on-go is the mail degree of belief value of normal email.
2. a kind of spam treatment system according to claim 1 is characterized in that: the mode that described degree of belief is passed judgment on the module judge is that utmost good faith is judged or relative trust is judged.
3. a kind of spam treatment system according to claim 1 is characterized in that:
Under the initial condition, the degree of belief value of storing in the degree of belief database is low.
4. a kind of spam treatment system of stating according to claim 1,2 or 3 is characterized in that:
Store the degree of belief relation data of territory level in the degree of belief database;
The ruling scope of mail monitor module is the territory at email address place, and promptly the mail monitor module is collected the addresses of items of mail of transmitting current mail, and according to the degree of belief data of the go-on-go results modification of current mail being transmitted the addresses of items of mail of current mail.
5. the method for a go-on-go spam, the system that this method is used comprise that it is characterized in that: the method comprising the steps of through black, white list auditing module, twit filter module, virus analysis device module:
(1) the degree of belief numerical value of finding out corresponding source address by the address of mail from the degree of belief database is compared with setting range, greater than the normal email that is judged to be more than the setting range maximum, mail-sorting is gone into normal mailbox; Less than the spam that is judged to be below the setting range minimum value, mail-sorting is gone into the rubbish mailbox; Drop on and carry out step (2) between the maximin of setting range;
(2) do further go-on-go processing through spam filters module and virus analysis device module, filter in the go-on-go processing procedure at twice, anyly once filter defectively, then mail is judged to be spam, go-on-go is to the rubbish mailbox, and twice filtration is all qualified carries out step (3);
(3) the degree of belief numerical value of corresponding source address in the degree of belief database and the mean value of setting range maximin are compared, mail greater than this mean value is judged to be normal email, mail-sorting is gone into normal mailbox, mail less than this mean value is judged to be spam, and mail-sorting is gone into the rubbish mailbox;
(4) by result to mail treatment, the degree of belief value of source of email address correspondence in the revision degree of belief database, the degree of belief value of increase normal email address correspondence, the degree of belief value of minimizing spam address correspondence.
6. the method for go-on-go spam according to claim 5 is characterized in that: to the result of determination of being made in the go-on-go process each time, all revise the degree of belief value of source of email address correspondence in the degree of belief database.
7. according to the method for claim 5 or 6 described go-on-go spams, it is characterized in that:
After server receives mail, at first check record in the credit rating database, take a decision as to whether and visit the user for the first time, handle if not then change step (1) over to, if then elder generation's correspondence in supporting database is visited email address for the first time and given a degree of belief numerical value on the low side, change step (1) again over to and handle.
8. according to the method for claim 5 or 6 described go-on-go spams, it is characterized in that: the step of the degree of belief value of source of email address correspondence also comprises in the revision degree of belief database:
Foundation increases and decreases the degree of belief value of other addresses of items of mail of the current mail of forwarding that obtains to the increase and decrease of the degree of belief value of current source of email address correspondence.
CNB2006100351554A 2006-04-19 2006-04-19 A garbage mail processing system and garbage mail sorting method Active CN100490392C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2006100351554A CN100490392C (en) 2006-04-19 2006-04-19 A garbage mail processing system and garbage mail sorting method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2006100351554A CN100490392C (en) 2006-04-19 2006-04-19 A garbage mail processing system and garbage mail sorting method

Publications (2)

Publication Number Publication Date
CN101060421A true CN101060421A (en) 2007-10-24
CN100490392C CN100490392C (en) 2009-05-20

Family

ID=38866328

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2006100351554A Active CN100490392C (en) 2006-04-19 2006-04-19 A garbage mail processing system and garbage mail sorting method

Country Status (1)

Country Link
CN (1) CN100490392C (en)

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010038143A1 (en) * 2008-10-01 2010-04-08 Network Box Corporation Limited Electronic communication control
CN101150756B (en) * 2007-11-08 2010-05-19 电子科技大学 A kind of spam message filtering method
CN102098638A (en) * 2010-12-15 2011-06-15 成都市华为赛门铁克科技有限公司 Short message sorting method and device, and terminal
CN102222192A (en) * 2010-12-24 2011-10-19 卡巴斯基实验室封闭式股份公司 Optimizing anti-malicious software treatment by automatically correcting detection rules
CN101499981B (en) * 2009-03-19 2014-10-22 哈尔滨工程大学 E-mail gateway type systematic mail account maintaining method
US8938773B2 (en) 2007-02-02 2015-01-20 Websense, Inc. System and method for adding context to prevent data leakage over a computer network
CN104506356A (en) * 2014-12-24 2015-04-08 网易(杭州)网络有限公司 Method and device for determining credibility of IP (Internet protocol) address
US9015842B2 (en) 2008-03-19 2015-04-21 Websense, Inc. Method and system for protection against information stealing software
CN104636381A (en) * 2013-11-14 2015-05-20 联想(北京)有限公司 Information processing method and device
WO2015096120A1 (en) * 2013-12-27 2015-07-02 Intel Corporation Techniques for implementing a secure mailbox in resource-constrained embedded systems
US9130986B2 (en) 2008-03-19 2015-09-08 Websense, Inc. Method and system for protection against information stealing software
US9130972B2 (en) 2009-05-26 2015-09-08 Websense, Inc. Systems and methods for efficient detection of fingerprinted data and information
US9241259B2 (en) 2012-11-30 2016-01-19 Websense, Inc. Method and apparatus for managing the transfer of sensitive information to mobile devices
CN101978669B (en) * 2008-03-19 2016-04-27 网圣公司 For the system and method for analytical electron information dissemination event
CN105610833A (en) * 2015-12-30 2016-05-25 新浪网技术(中国)有限公司 Mail anti-spam method and system based on IP reputation value
CN105765479A (en) * 2013-11-08 2016-07-13 微软技术许可有限责任公司 Hierarchical statistical model for behavior prediction and classification
CN106664566A (en) * 2014-07-01 2017-05-10 三星电子株式会社 Method and apparatus of notifying of SMiShing
CN108965350A (en) * 2018-10-23 2018-12-07 杭州安恒信息技术股份有限公司 A kind of mail auditing method, device and computer readable storage medium
CN109218162A (en) * 2017-07-05 2019-01-15 北京二六三企业通信有限公司 Mail distribution method and device
CN109347807A (en) * 2018-09-20 2019-02-15 北京计算机技术及应用研究所 A kind of differentiation intrusion prevention method based on degree of belief
CN109391535A (en) * 2017-08-02 2019-02-26 阿里巴巴集团控股有限公司 The contact person of domain grade determines method, spam judgment method and device
CN109428946A (en) * 2017-08-31 2019-03-05 Abb瑞士股份有限公司 Method and system for Data Stream Processing
CN110474837A (en) * 2019-08-19 2019-11-19 赛尔网络有限公司 A kind of Junk mail processing method, device, electronic equipment and storage medium
US10504029B2 (en) 2015-06-30 2019-12-10 Microsoft Technology Licensing, Llc Personalized predictive models
CN113590531A (en) * 2021-07-26 2021-11-02 浙江汇鼎华链科技有限公司 Data classification storage system and method based on big data

Cited By (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8938773B2 (en) 2007-02-02 2015-01-20 Websense, Inc. System and method for adding context to prevent data leakage over a computer network
US9609001B2 (en) 2007-02-02 2017-03-28 Websense, Llc System and method for adding context to prevent data leakage over a computer network
CN101150756B (en) * 2007-11-08 2010-05-19 电子科技大学 A kind of spam message filtering method
US9130986B2 (en) 2008-03-19 2015-09-08 Websense, Inc. Method and system for protection against information stealing software
US9495539B2 (en) 2008-03-19 2016-11-15 Websense, Llc Method and system for protection against information stealing software
CN101978669B (en) * 2008-03-19 2016-04-27 网圣公司 For the system and method for analytical electron information dissemination event
US9455981B2 (en) 2008-03-19 2016-09-27 Forcepoint, LLC Method and system for protection against information stealing software
US9015842B2 (en) 2008-03-19 2015-04-21 Websense, Inc. Method and system for protection against information stealing software
AU2009299539B2 (en) * 2008-10-01 2016-01-28 Network Box Corporation Limited Electronic communication control
WO2010038143A1 (en) * 2008-10-01 2010-04-08 Network Box Corporation Limited Electronic communication control
CN101499981B (en) * 2009-03-19 2014-10-22 哈尔滨工程大学 E-mail gateway type systematic mail account maintaining method
US9130972B2 (en) 2009-05-26 2015-09-08 Websense, Inc. Systems and methods for efficient detection of fingerprinted data and information
WO2012079452A1 (en) * 2010-12-15 2012-06-21 成都市华为赛门铁克科技有限公司 Method, device and terminal for classifying short messages
CN102098638A (en) * 2010-12-15 2011-06-15 成都市华为赛门铁克科技有限公司 Short message sorting method and device, and terminal
CN102222192A (en) * 2010-12-24 2011-10-19 卡巴斯基实验室封闭式股份公司 Optimizing anti-malicious software treatment by automatically correcting detection rules
US10135783B2 (en) 2012-11-30 2018-11-20 Forcepoint Llc Method and apparatus for maintaining network communication during email data transfer
US9241259B2 (en) 2012-11-30 2016-01-19 Websense, Inc. Method and apparatus for managing the transfer of sensitive information to mobile devices
CN105765479A (en) * 2013-11-08 2016-07-13 微软技术许可有限责任公司 Hierarchical statistical model for behavior prediction and classification
CN104636381A (en) * 2013-11-14 2015-05-20 联想(北京)有限公司 Information processing method and device
CN104636381B (en) * 2013-11-14 2018-02-27 联想(北京)有限公司 The processing method and processing device of information
WO2015096120A1 (en) * 2013-12-27 2015-07-02 Intel Corporation Techniques for implementing a secure mailbox in resource-constrained embedded systems
CN106664566A (en) * 2014-07-01 2017-05-10 三星电子株式会社 Method and apparatus of notifying of SMiShing
CN104506356A (en) * 2014-12-24 2015-04-08 网易(杭州)网络有限公司 Method and device for determining credibility of IP (Internet protocol) address
US10504029B2 (en) 2015-06-30 2019-12-10 Microsoft Technology Licensing, Llc Personalized predictive models
CN105610833B (en) * 2015-12-30 2019-01-18 新浪网技术(中国)有限公司 A kind of mail anti-spam method and system based on IP credit value
CN105610833A (en) * 2015-12-30 2016-05-25 新浪网技术(中国)有限公司 Mail anti-spam method and system based on IP reputation value
CN109218162A (en) * 2017-07-05 2019-01-15 北京二六三企业通信有限公司 Mail distribution method and device
CN109391535A (en) * 2017-08-02 2019-02-26 阿里巴巴集团控股有限公司 The contact person of domain grade determines method, spam judgment method and device
CN109391535B (en) * 2017-08-02 2022-03-04 阿里巴巴集团控股有限公司 Domain-level contact person determining method, and junk mail judging method and device
CN109428946A (en) * 2017-08-31 2019-03-05 Abb瑞士股份有限公司 Method and system for Data Stream Processing
CN109347807A (en) * 2018-09-20 2019-02-15 北京计算机技术及应用研究所 A kind of differentiation intrusion prevention method based on degree of belief
CN109347807B (en) * 2018-09-20 2021-03-19 北京计算机技术及应用研究所 Trust-based differential intrusion prevention method
CN108965350A (en) * 2018-10-23 2018-12-07 杭州安恒信息技术股份有限公司 A kind of mail auditing method, device and computer readable storage medium
CN108965350B (en) * 2018-10-23 2021-04-23 杭州安恒信息技术股份有限公司 Mail auditing method, device and computer-readable storage medium
CN110474837A (en) * 2019-08-19 2019-11-19 赛尔网络有限公司 A kind of Junk mail processing method, device, electronic equipment and storage medium
CN113590531A (en) * 2021-07-26 2021-11-02 浙江汇鼎华链科技有限公司 Data classification storage system and method based on big data

Also Published As

Publication number Publication date
CN100490392C (en) 2009-05-20

Similar Documents

Publication Publication Date Title
CN100490392C (en) A garbage mail processing system and garbage mail sorting method
CA2607005C (en) Identifying threats in electronic messages
US20060168024A1 (en) Sender reputations for spam prevention
US7660865B2 (en) Spam filtering with probabilistic secure hashes
US7748038B2 (en) Method and apparatus for managing computer virus outbreaks
US20080140781A1 (en) Spam filtration utilizing sender activity data
KR100938072B1 (en) Framework enabling integration of anti-spam technologies
JP4694146B2 (en) Prevent outgoing spam
AU2004216772B2 (en) Feedback loop for spam prevention
US20060277259A1 (en) Distributed sender reputations
US9148432B2 (en) Range weighted internet protocol address blacklist
EP1635524A1 (en) A method and system for identifying and blocking spam email messages at an inspecting point
EP1489799A2 (en) Obfuscation of a spam filter
US20060168017A1 (en) Dynamic spam trap accounts
JP2004362559A (en) Features and list of origination and destination for spam prevention
EP2665230B1 (en) Method and system for email spam detection, using aggregated historical data set
CN1774706A (en) Framework to enable integration of anti-spam technologies
EP2365461A2 (en) Reputation management for network content classification
CN1819563A (en) System and method for treating electronic messages
CN1380626A (en) Method and device for distinguishing rubbish electronic mail and electronic mail servicer
US20160132799A1 (en) List hygiene tool
Ali et al. Spam classification using adaptive boosting algorithm
Wang et al. Botnet detection based on analysis of mail flow
CN1780266A (en) Method of Analyzing Mail Behavior Controlling Email
Shukla et al. Development of an effective bayesian approach for spam filtering

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant