[go: up one dir, main page]

CN115567475B - Method, device, equipment and storage medium for identifying junk mail - Google Patents

Method, device, equipment and storage medium for identifying junk mail Download PDF

Info

Publication number
CN115567475B
CN115567475B CN202211179798.1A CN202211179798A CN115567475B CN 115567475 B CN115567475 B CN 115567475B CN 202211179798 A CN202211179798 A CN 202211179798A CN 115567475 B CN115567475 B CN 115567475B
Authority
CN
China
Prior art keywords
mail
target
information
sender
recipient
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211179798.1A
Other languages
Chinese (zh)
Other versions
CN115567475A (en
Inventor
何宁华
李志涛
刘建虎
金永刚
刘萍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing 263 Enterprise Communication Co ltd
Original Assignee
Beijing 263 Enterprise Communication Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing 263 Enterprise Communication Co ltd filed Critical Beijing 263 Enterprise Communication Co ltd
Priority to CN202211179798.1A priority Critical patent/CN115567475B/en
Publication of CN115567475A publication Critical patent/CN115567475A/en
Application granted granted Critical
Publication of CN115567475B publication Critical patent/CN115567475B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application provides a method, a device, equipment and a storage medium for identifying junk mail, and relates to the technical field of networks. On the basis of identifying a target mail as a junk mail based on a preset junk mail identification technology, determining whether a historical mail exists between a target receiver and a target sender according to the fact that the target mail contains relevant information used for representing the target receiver and the target sender; if the target receiver and the target sender have historical mail exchange, namely the target receiver and the target sender mutually send and receive mails, the target mail is identified as normal mail; if the target receiver and the target sender do not have historical mail exchange, namely the target receiver and the target sender do not send and receive mails mutually, the target mail is identified as junk mail, so that the misjudgment rate of the junk mail is reduced.

Description

Method, device, equipment and storage medium for identifying junk mail
Technical Field
The present application relates to the field of network technologies, and in particular, to a method, an apparatus, a device, and a storage medium for identifying junk mail.
Background
With enterprise informatization, and the deep application of the industrial internet, the number of spam is increasing. Therefore, how to effectively identify spam is a urgent problem to be solved.
In the related art, a spam recognition technology such as an internet protocol (Internet Protocol, abbreviated as IP) address blacklist or IP address whitelist technology, a reverse query technology, a behavior recognition technology, a honeypot technology, a cryptographic technology, a statistical analysis technology, and a content recognition technology is generally adopted to recognize the spam, but the phenomenon of misjudging the spam still exists.
Disclosure of Invention
The application provides a method, a device, equipment and a storage medium for identifying junk mails, which are used for reducing the phenomenon of misjudging junk mails.
In a first aspect, the present application provides a method for identifying spam, including:
Acquiring a target mail which is identified as a junk mail based on a preset junk mail identification technology, wherein the target mail comprises related information for representing a target receiver and a target sender;
Determining whether a target receiver and a target sender have historical mail exchange;
If the target receiver and the target sender have historical mail exchange, the target mail is identified as normal mail;
if the target receiver and the target sender do not have historical mails, the target mail is identified as junk mail.
In one possible implementation, determining whether a target recipient has a historical mail exchange with a target sender includes:
Determining whether the information of the target sender is contained in a mail exchange relation with the target recipient in which historical mail exchange exists;
If so, determining that the target receiver and the target sender have historical mail exchange;
if not, determining that the target receiver and the target sender have no historical mail to and from.
In a possible implementation manner, the mail exchange relationship includes a mail exchange relationship degree for characterizing the number of times of mail exchange, and identifying the target mail as a normal mail includes:
Determining the mail business relationship degree of the target receiver and the target sender based on the mail business relationship;
determining whether the relationship between the mail traffic of the target receiver and the target sender is smaller than a relationship threshold;
And if the relation degree of the mail exchange between the target receiver and the target sender is greater than or equal to the relation degree threshold, identifying the target mail as a normal mail.
In a possible implementation manner, the method for identifying the junk mail further includes:
And if the mail traffic relation between the target receiver and the target sender is smaller than the relation threshold, identifying the target mail as junk mail.
In one possible implementation, the mail traffic relationship is determined by:
Based on a simple mail transmission protocol, acquiring mail information of a sender and mail information of a receiver of the mail;
responding to the sent mail, and inquiring whether the mail receiving record contains the mail information of the recipient according to the mail information of the sender; if the mail information is contained, determining the mail business relationship corresponding to the sender mailbox information and the recipient mailbox information;
responding to the received mail, and inquiring whether the mail sending record contains the mail box information of the sender according to the mail box information of the receiver; if the mail information is included, determining the mail business relationship corresponding to the sender mailbox information and the recipient mailbox information.
In one possible implementation manner, when determining the mail traffic relationship, the method may further include: if the mail information is included, the mail business relation degree corresponding to the sender mailbox information and the recipient mailbox information is increased.
In one possible implementation manner, when determining the mail traffic relationship, the method may further include:
responding to the sent mail, and updating a mail receiving record corresponding to the mail information of the recipient according to the mail information of the sender;
And in response to receiving the mail, updating a mail sending record corresponding to the mail box information of the recipient according to the mail box information of the recipient.
In a second aspect, the present application provides a device for identifying spam, including:
The acquisition module is used for acquiring target mails identified as junk mails based on a preset junk mail identification technology, wherein the target mails comprise relevant information for representing target recipients and target senders;
The determining module is used for determining whether historical mails are sent and received between the target receiver and the target sender;
The identification module is used for identifying the target mail as a normal mail when the target receiver and the target sender have historical mail exchange; and identifying the target mail as junk mail when the target recipient and the target sender have no historical mail traffic.
In one possible implementation manner, the determining module is specifically configured to:
Determining whether the information of the target sender is contained in a mail exchange relation with the target recipient in which historical mail exchange exists;
In the mail exchange relation with the historical mail exchange of the target receiver, when the information containing the target sender is determined, determining that the target receiver and the target sender have the historical mail exchange;
in the mail exchange relation with the target recipient, when the information of the target sender is not contained, the fact that the target recipient and the target sender do not have the historical mail exchange is determined.
In one possible implementation, the mail exchange relationship includes a mail exchange relationship degree that characterizes a number of mail exchanges. Correspondingly, the identification module may be specifically configured to:
Determining the mail business relationship degree of the target receiver and the target sender based on the mail business relationship;
determining whether the relationship between the mail traffic of the target receiver and the target sender is smaller than a relationship threshold;
and when the relation degree of the mail exchange between the target receiver and the target sender is greater than or equal to the relation degree threshold value, identifying the target mail as a normal mail.
In a possible implementation, the identification module may also be used to: and when the mail traffic relation between the target receiver and the target sender is smaller than the relation threshold, identifying the target mail as junk mail.
In one possible implementation, the mail traffic relationship is determined by:
Based on a simple mail transmission protocol, acquiring mail information of a sender and mail information of a receiver of the mail;
responding to the sent mail, and inquiring whether the mail receiving record contains the mail information of the recipient according to the mail information of the sender; if the mail information is contained, determining the mail business relationship corresponding to the sender mailbox information and the recipient mailbox information;
responding to the received mail, and inquiring whether the mail sending record contains the mail box information of the sender according to the mail box information of the receiver; if the mail information is included, determining the mail business relationship corresponding to the sender mailbox information and the recipient mailbox information.
In one possible implementation manner, when determining the mail traffic relationship, the method may further include: and when the mail receiving record is inquired to contain the mail information of the receiver according to the mail information of the sender, or the mail sending record is inquired to contain the mail information of the sender according to the mail information of the receiver, increasing the mail business relation degree corresponding to the mail information of the sender and the mail information of the receiver.
In one possible implementation manner, when determining the mail traffic relationship, the method may further include:
responding to the sent mail, and updating a mail receiving record corresponding to the mail information of the recipient according to the mail information of the sender;
and in response to receiving the mail, updating a mail sending record corresponding to the mail sending information of the sender according to the mail sending information of the recipient.
In a third aspect, the present application provides an electronic device comprising:
At least one processor;
And a memory coupled to the at least one processor;
wherein the memory is for storing computer-executable instructions for execution by the at least one processor to enable the at least one processor to perform the method provided in the first aspect.
In a fourth aspect, the present application provides a computer-readable storage medium having stored therein computer-executable instructions which, when executed, are adapted to carry out the method provided in the first aspect.
In a fifth aspect, the present application provides a program product comprising computer-executable instructions. When executed by a computer, to implement the method provided by the first aspect.
The application provides a method, a device, equipment and a storage medium for identifying junk mail, which are used for further determining whether a target receiver and a target sender have historical mail to and fro according to related information which is contained in the target mail and is used for representing the target receiver and the target sender on the basis of identifying the target mail as junk mail based on a preset junk mail identification technology, and identifying the target mail as normal mail if the historical mail to and from exists, namely the target receiver and the target sender mutually send and receive mail; if there is no history mail, that is, the target receiver and the target sender have not mutually received the mail, the target mail is identified as the junk mail, so that the misjudgment rate of the junk mail is reduced.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic diagram of an application scenario provided in an embodiment of the present application;
FIG. 2 is a flowchart of a method for identifying spam according to an embodiment of the present application;
FIG. 3 is a flowchart of a method for identifying spam according to another embodiment of the present application;
FIG. 4 is a flowchart illustrating the determination of mail traffic relationship according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a frame for identifying spam according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a device for identifying spam according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Specific embodiments of the present application have been shown by way of the above drawings and will be described in more detail below. The drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but rather to illustrate the inventive concepts to those skilled in the art by reference to the specific embodiments.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the accompanying claims.
At present, junk mails are very abused, and mail senders use the mail senders to send mails containing information such as viruses, advertisements, illegal contents and the like in a large scale. The identification technology currently applied to the junk mail mainly comprises an IP address blacklist technology or an IP address whitelist technology, a reverse query technology, a behavior identification technology, a honeypot technology, a statistical analysis technology, a content identification technology and the like. Specific:
the IP address blacklist or IP address whitelist technique is to add an IP address from which spam is frequently sent to the IP address blacklist, and subsequently, to letters sent from the same IP address, it is determined as spam. If an IP address is added to the white list, then any mail received from that IP address is considered not to belong to spam. This technique is prone to filtering out normal mail as spam.
The reverse inquiry technology is based on that the junk mail generally uses fake mail sending addresses, and only a few junk mails use real addresses to verify the mail addresses of senders, and the authenticity of the mail addresses is identified, so that whether the junk mails are the junk mails is further identified according to the authenticity of the mail addresses.
The behavior recognition technology, namely a recognition method proposed according to the sending behavior of the junk mail, is commonly used for limiting the connection frequency of a simple mail transmission Protocol (SIMPLE MAIL TRANSFER Protocol, SMTP for short), and is a source tracking authentication technology, a reputation verification technology and the like.
The honeypot technology is that the honeypot collects the mailbox addresses distributed more on the network into the database of the honeypot, and meanwhile, common junk mails are put into the database of the honeypot, and the mails received later are matched with the information in the database of the honeypot, so that whether the mails are junk mails or not is effectively judged.
Cryptographic techniques, i.e., employing cryptographic techniques to verify the legitimacy of a sender of mail, the legitimacy being provided by way of a certificate. Without the proper credentials, counterfeit mail items can be readily identified. Statistical analysis techniques by which a large number of correctly identified spam and non-spam are analyzed to produce a probability database that includes all words and the probability values that each word appears in the spam. With the probability database, the probability of a mail can be easily calculated, so that the legitimacy of the mail can be identified, but the misjudgment is also high.
Content recognition technology, intelligent filtering method based on Bayesian statistical algorithm and keyword filtering.
In the related art, the junk mail identification technology is comprehensively applied, so that junk mails can be effectively identified, but erroneous judgment of the junk mails still exists. For example, more common false positives include advertisement mail, system alert mail, human recruitment mail, and order mail, among others.
Based on the problems, the application further carries out secondary recognition on the junk mail recognized by the existing junk mail recognition technology according to the mail business relationship between the sender and the receiver on the basis of the existing junk mail recognition, thereby reducing the misjudgment of the junk mail. In addition, the application also realizes the personalized identification of whether the mail is junk mail or not because the mail received by the receiver is identified in a targeted manner from the personal angle of the receiver.
For easy understanding, an application scenario of the embodiment of the present application will be described first.
Fig. 1 is a schematic diagram of an application scenario provided in an embodiment of the present application. As shown in fig. 1, the application scenario may include a plurality of terminal devices 11, a mail sender 12, a server 13, and a database 14. The terminal device 11 may be a mobile phone, a tablet, a computer, or the like.
Wherein the mail transmitter 12 transmits mail such as advertisement mail, commercial mail, etc., to the plurality of terminal devices 11. The plurality of terminal devices 11 are used for receiving and/or transmitting mail. The server 13 is for collecting and storing mailing information between the plurality of terminal apparatuses 11, and storing the mailing information in the database 14. Specifically, the server 13 may further include a module (not shown) for determining a mail exchange relationship, a spam recognition module, and a module for collecting mailing information and querying the mail exchange relationship, which are used for executing the relevant steps of the spam recognition method provided by the embodiment of the present application.
The method for identifying the junk mail provided by the application is described in detail below by taking a server as an execution body and combining with a specific embodiment.
Fig. 2 is a flowchart of a method for identifying spam according to an embodiment of the present application. As shown in fig. 2, the method for identifying the junk mail comprises the following steps:
S201, acquiring a target mail which is identified as a junk mail based on a preset junk mail identification technology, wherein the target mail comprises relevant information for representing a target recipient and a target sender.
The step acquires a target mail which has been identified as a spam based on a preset spam identification technique. Alternatively, the preset spam recognition technology may be one or more of the IP address blacklist or IP address whitelist technologies, reverse query technologies, behavior recognition technologies, honeypot technologies, statistical analysis technologies, and content recognition technologies as described above. The method for identifying the junk mail by each junk mail identification technology is similar to that described above, and will not be repeated here.
The relevant information may be, for example, mailbox addresses of the target recipient and the target sender.
S202, determining whether historical mails exist between the target receiver and the target sender.
If yes, that is, if the target receiver and the target sender have historical mails, executing step S103; if not, i.e. there is no history mail to and from the target recipient and the target sender, step S104 is executed.
Optionally, based on the target receiver, if the target receiver receives the mail of the target sender and replies to the mail, it is indicated that there is a historical mail exchange between the target receiver and the target sender; if the target receiver receives the mail of the target sender and does not reply to the mail, the fact that historical mail does not exist between the target receiver and the target sender is indicated. For example, when the target recipient receives the mail of the target sender, the situation that the mail is not replied to may be that the mail is deleted or not processed directly, etc.
S203, identifying the target mail as normal mail.
Optionally, the target mail is corrected to a normal mail. It should be noted that, the target mail may be a business mail, an advertisement mail, or the like.
It will be appreciated that existing spam recognition techniques, such as advertising mail, system alert mail, human recruitment mail, and order mail, are prone to misjudgement, and may be considered normal mail or spam for different recipients.
For example, for advertisement mail, different recipients have different attitudes to the advertisement mail, some recipients receive the advertisement mail, delete the advertisement mail directly, and some recipients receive the advertisement mail, and may reply to the interesting content. Therefore, when the target mail is the advertisement mail, based on the historical mail passing of the target recipient, the personalized identification of whether the mail is the junk mail can be realized, so that misjudgment on the mail which is different from person to person is reduced.
S204, identifying the target mail as junk mail.
In the embodiment of the application, on the basis of identifying that the target mail is the junk mail based on a preset junk mail identification technology, whether the target receiver and the target sender have historical mail exchange or not is determined according to the fact that the target mail contains relevant information for representing the target receiver and the target sender; if the target receiver and the target sender have historical mail exchange, namely the target receiver and the target sender mutually send and receive mails, the target mail is identified as normal mail; if the target receiver and the target sender do not have historical mail exchange, namely the target receiver and the target sender do not send and receive mails mutually, the target mail is identified as junk mail, so that the misjudgment rate of the junk mail is reduced.
In some embodiments, S202, determining whether there is a historical mail exchange between the target recipient and the target sender may specifically include the following steps: determining whether the information of the target sender is contained in a mail exchange relation with the target recipient in which historical mail exchange exists; if so, determining that the target receiver and the target sender have historical mail exchange; if not, determining that the target receiver and the target sender have no historical mail to and from. It will be appreciated that the mail exchange relationship is for the intended recipient.
Alternatively, the mail exchange relationship may include a mail exchange relationship degree for characterizing the number of mail exchanges, on the basis of the above embodiment. Based on this, in the embodiment shown in fig. 2, whether the target mail is a normal mail is described in detail by referring to fig. 3:
Fig. 3 is a flowchart of a method for identifying spam according to another embodiment of the present application. As shown in fig. 3, identifying whether the target mail is a normal mail may specifically include the steps of:
S301, determining the mail business relationship degree between the target receiver and the target sender based on the mail business relationship.
In particular, the degree of mail traffic may be used to represent the number of times the mail traffic is correlated. For example, based on the target recipient, if the target recipient receives the mail of the target sender and replies to the mail, it is determined that there is a primary mail exchange relationship between the target recipient and the target sender, and the corresponding mail exchange relationship may be determined as 1. It can be understood that, for the target recipient, every time the mail exchange relationship is increased between the target recipient and the target sender, the corresponding mail exchange relationship is also increased by 1.
It should be noted that, in the mail exchange relationship between the target recipient and the target sender in the embodiment of the present application, the mail automatically replied by the system is not included.
S302, determining whether the mail traffic relation between the target receiver and the target sender is smaller than a relation threshold.
If not, i.e. the relationship between the mail traffic of the target recipient and the target sender is greater than or equal to the relationship threshold, step S303 is executed.
Alternatively, the relationship threshold may be 1, or any integer greater than 1. For example, the size of the specific relationship threshold may be determined according to the system operation condition of the specific mail, and the embodiment of the present application does not limit the size of the relationship threshold.
S303, identifying the target mail as a normal mail.
In the embodiment of the application, the mail exchange relation between the target receiver and the target sender is determined based on the mail exchange relation, and the target mail with the mail exchange relation between the target receiver and the target sender greater than or equal to the relation threshold is further identified as the normal mail, so that the identification rate of the junk mail is improved.
Optionally, if the mail traffic relation between the target recipient and the target sender is smaller than the relation threshold, identifying the target mail as junk mail.
The mail exchange relationship is mentioned in the above embodiment, and the determination of the mail exchange relationship is described in detail below with reference to fig. 4.
FIG. 4 is a flowchart illustrating the determination of mail traffic relationship according to an embodiment of the present application. As shown in fig. 4, the determination of the mail traffic relation includes the steps of:
S401, acquiring mail information of a sender and mail information of a receiver of the mail based on SMTP.
SMTP is a protocol for providing reliable and efficient email transmission. SMTP is a mail service established on a file transfer Protocol (FILE TRANSFER Protocol, abbreviated as FTP) file transfer service, and is mainly used for transferring mail information between systems and providing notification about incoming messages.
Alternatively, the sender mailbox information and the recipient mailbox information may be the sender mailbox address information and the recipient mailbox address information.
S402, responding to the sent mail, and inquiring whether the mail receiving record contains the mail information of the recipient according to the mail information of the sender; if the mail information is included, determining the mail business relationship corresponding to the sender mailbox information and the recipient mailbox information.
It can be understood that, in response to sending the mail, according to the mail information of the sender, the mail receiving record of the sender is queried to include the mail information of the recipient, which indicates that the sender receives the reply information of the recipient corresponding to the sent mail.
S403, responding to the received mail, and inquiring whether the mail sending record contains the mail box information of the sender according to the mail box information of the recipient; if the mail information is included, determining the mail business relationship corresponding to the sender mailbox information and the recipient mailbox information.
It can be understood that, in response to receiving the mail, according to the recipient mailbox information, the sender mail receiving record is queried to include the recipient mailbox information, which indicates that the sender has received the reply information of the recipient corresponding to the received mail.
Alternatively, the mail reception record or the mail transmission record may be stored in the database. The database may be a real-time database or a persistent database, for example. Specifically, the real-time database is used for storing mail receiving records with mail communication relations, and the corresponding mail receiving records can be updated in real time according to the receiving information of specific mails; the persistent database is used to store all mailing records for accumulation and analysis of data.
In some embodiments, the mailing records stored in the real-time database may also be updated in real-time. Specifically, the method for identifying the junk mail may further include: responding to the sent mail, and updating a mail receiving record corresponding to the mail information of the recipient according to the mail information of the sender; and in response to receiving the mail, updating a mail sending record corresponding to the mail box information of the recipient according to the mail box information of the recipient.
Illustratively, in response to receiving a mail, a recipient record of a mail reception record table of a recipient in a real-time database is queried according to a recipient mailbox address, if present, a counter in the mail reception record table is modified and incremented by 1, and if not present, the recipient record is written to the mail reception record table for the first time and the counter is set to 1.
Based on the above embodiment of the method for identifying spam, it can be understood that the degree of correspondence between mails in the correspondence between mails varies according to the number of times of correspondence between recipients and senders. In some embodiments, in response to sending the mail, the mail receiving record is queried to include the recipient mailbox information according to the sender mailbox information, and/or in response to receiving the mail, the mail sending record is queried to include the sender mailbox information according to the recipient mailbox information, and the mail exchange relationship degree corresponding to the sender mailbox information and the recipient mailbox information is increased. Illustratively, the mail traffic may be incremented by 1 each time.
In the embodiment of the application, based on a simple mail transmission protocol, the mail information of a sender and the mail information of a receiver of a mail are obtained; and inquiring whether the mail receiving and sending records contain the receiver mailbox information and the sender mailbox information according to the sender mailbox information and the receiver mailbox information so as to determine the mail business relationship corresponding to the sender mailbox information and the receiver mailbox information, thereby ensuring the accuracy of the mail business relationship and improving the recognition rate of the junk mail.
In summary, the embodiment of the method for identifying the junk mail and the embodiment of the method for determining the mail traffic relation provided by the application are described in detail with reference to fig. 5.
Fig. 5 is a schematic structural diagram of a frame for identifying spam according to an embodiment of the present application. As shown in fig. 5, the mail exchange relationship determining module 51 is configured to determine the mail exchange relationship based on the recipient, and the spam identifying module 52 is configured to identify spam, and a specific method for determining the mail exchange relationship and a method for identifying spam are similar to those described in the above embodiments, and are not described herein. The mail sending and receiving information collecting and mail sending relation inquiring module in the mail sending and receiving relation determining module 51 is used for collecting the mail box information of the addressees and the mail box information of the senders from SMTP and determining the mail sending and receiving relation based on the addressees according to the mail box information of the addressees and the mail box information of the senders. The data stored in the persistent database and the real-time database are similar to those described in the above embodiments, and will not be described again. In particular, for data stored in the persistent database, for data that cannot be stored in a short time, the data may be stored by means of a queue. The corresponding data is firstly sent to the queue, and the data is sequentially stored in the persistent database through the queue. The data stored in the monitoring queue can be stored through the business relationship data. It may be understood that the mail traffic relation determining module 51, the spam identifying module 52, and the mail receiving and sending information collecting and mail traffic relation inquiring module are virtual devices in the server.
The following are examples of the apparatus of the present application that may be used to perform the method embodiments of the present application. For details not disclosed in the embodiments of the apparatus of the present application, please refer to the embodiments of the method of the present application.
Fig. 6 is a schematic structural diagram of a device for identifying spam according to an embodiment of the present application. As shown in fig. 6, the spam recognition device 60 includes: an acquisition module 610, a determination module 620, and an identification module 630. Wherein:
An obtaining module 610, configured to obtain a target mail identified as a spam based on a preset spam recognition technology, where the target mail includes related information for characterizing a target recipient and a target sender.
A determination module 620 is configured to determine whether a target recipient has a historical mail exchange with a target sender.
The identifying module 630 is configured to identify the target mail as a normal mail when there is a history mail exchange between the target recipient and the target sender; and identifying the target mail as junk mail when the target recipient and the target sender have no historical mail traffic.
In one possible implementation, the determining module 620 is specifically configured to: determining whether the information of the target sender is contained in a mail exchange relation with the target recipient in which historical mail exchange exists; in the mail exchange relation with the historical mail exchange of the target receiver, when the information containing the target sender is determined, determining that the target receiver and the target sender have the historical mail exchange; in the mail exchange relation with the target recipient, when the information of the target sender is not contained, the fact that the target recipient and the target sender do not have the historical mail exchange is determined.
In one possible implementation, the mail exchange relationship includes a mail exchange relationship degree that characterizes a number of mail exchanges. Correspondingly, the identification module 630 may be specifically configured to: determining the mail business relationship degree of the target receiver and the target sender based on the mail business relationship; determining whether the relationship between the mail traffic of the target receiver and the target sender is smaller than a relationship threshold; and when the relation degree of the mail exchange between the target receiver and the target sender is greater than or equal to the relation degree threshold value, identifying the target mail as a normal mail.
In one possible implementation, the identification module 630 may also be configured to: and when the mail traffic relation between the target receiver and the target sender is smaller than the relation threshold, identifying the target mail as junk mail.
In one possible implementation, the mail traffic relationship is determined by: based on a simple mail transmission protocol, acquiring mail information of a sender and mail information of a receiver of the mail; responding to the sent mail, and inquiring whether the mail receiving record contains the mail information of the recipient according to the mail information of the sender; if the mail information is contained, determining the mail business relationship corresponding to the sender mailbox information and the recipient mailbox information; responding to the received mail, and inquiring whether the mail sending record contains the mail box information of the sender according to the mail box information of the receiver; if the mail information is included, determining the mail business relationship corresponding to the sender mailbox information and the recipient mailbox information.
In one possible implementation manner, when determining the mail traffic relationship, the method may further include: and when the mail receiving record is inquired to contain the mail information of the receiver according to the mail information of the sender, or the mail sending record is inquired to contain the mail information of the sender according to the mail information of the receiver, increasing the mail business relation degree corresponding to the mail information of the sender and the mail information of the receiver.
In one possible implementation manner, when determining the mail traffic relationship, the method may further include: responding to the sent mail, and updating a mail receiving record corresponding to the mail information of the recipient according to the mail information of the sender; and in response to receiving the mail, updating a mail sending record corresponding to the mail box information of the recipient according to the mail box information of the recipient.
The device provided by the embodiment of the application can be used for executing the method steps of the embodiment of the method, and the specific implementation manner and the technical effect are similar, and are not repeated here.
Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 7, the electronic device 70 includes:
At least one processor 701; and
A memory 702 communicatively coupled to the at least one processor 701; wherein,
The memory 702 stores instructions executable by the at least one processor 701 to enable the at least one processor 701 to perform the method of identifying spam as described above.
The specific implementation process of the processor 701 may be referred to the above method embodiment, and the specific implementation manner and technical effect are similar, and are not repeated here.
In particular, the processor 701 may include one or more processing units, such as: the Processor 701 may be a central processing unit (Central Processing Unit, abbreviated as CPU), a digital signal Processor (DIGITAL SIGNAL Processor, abbreviated as DSP), an Application SPECIFIC INTEGRATED Circuit (ASIC), or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present application may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in a processor for execution.
Memory 702 may be used to store program instructions. The memory 702 may include a stored program area and a stored data area. The storage program area may store an application program required for at least one function of the operating system. The storage data area may store data created during use of the electronic device 70. In addition, the memory 702 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, universal flash memory (universal flash storage, abbreviated UFS), and the like. The processor 701 performs various functional applications of the electronic device 70 and data processing by executing program instructions stored in the memory 702.
It should be noted that, the number of the memory 702 and the number of the processors 702 are not limited in the embodiment of the present application, and may be one or more, and fig. 7 illustrates one example; the memory 702, and the processor 701 may be connected by a wired or wireless connection in a variety of ways, such as via a bus connection. In practice, the electronic device 70 may be a computer or a mobile terminal in various forms. Examples of the computer include a laptop computer, a desktop computer, a workstation, a server, a blade server, and a mainframe computer; mobile terminals are, for example, personal digital assistants, cellular telephones, smart phones, wearable devices, and other similar computing devices.
The electronic device of the present embodiment may be used to execute the technical solution in the foregoing method embodiment, and its implementation principle and technical effects are similar, and are not described herein again.
The embodiment of the application provides a computer readable storage medium, in which computer executable instructions are stored, and when the computer executable instructions are executed by a processor, the computer executable instructions are used for implementing the steps of the method in the embodiment of the method, and the specific implementation manner and technical effect are similar, and are not repeated herein.
Embodiments of the present application also provide a program product containing computer-executable instructions. When the computer-executed instructions are executed to implement the method steps in the method embodiments described above, the specific implementation manner and technical effects are similar, and will not be described herein again.
Other embodiments of the application will be apparent to those skilled in the art from consideration of the specification and practice of the application disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It is to be understood that the application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (5)

1. A method for identifying spam, comprising:
Acquiring a target mail which is identified as a junk mail based on a preset junk mail identification technology, wherein the target mail comprises related information for representing a target receiver and a target sender;
Determining whether the information of the target sender is contained in a mail exchange relationship with the target recipient in which historical mail exchange exists;
If the mail information is included, determining the mail business relation degree between the target receiver and the target sender based on the mail business relation;
Determining whether the mail traffic relation between the target receiver and the target sender is smaller than a relation threshold;
If the mail exchange relation between the target receiver and the target sender is greater than or equal to a relation threshold, identifying the target mail as a normal mail;
If the mail exchange relation between the target receiver and the target sender is smaller than a relation threshold, identifying the target mail as junk mail;
If not, identifying the target mail as junk mail;
wherein the mail traffic relationship is determined by:
Acquiring target sender mailbox information and target recipient mailbox information based on a simple mail transmission protocol;
responding to the sent mail, and inquiring whether the mail receiving record of the target sender contains the mail information of the target recipient according to the mail information of the target sender; if the mail information is contained, determining the mail business relationship corresponding to the target sender mailbox information and the target receiver mailbox information;
Responding to the received mail, and inquiring whether the mail sending record of the target recipient contains the mail information of the target sender according to the mail information of the target recipient; if the mail information is contained, determining the mail business relationship corresponding to the target sender mailbox information and the target receiver mailbox information;
The mail exchange relationship does not contain the mail automatically replied by the system; the mail exchange relation comprises mail exchange relation degree used for representing the mail exchange times, after the response to the sending of the mail, the mail receiving record of the target sender is inquired to contain the target recipient mailbox information, or after the response to the receiving of the mail, the mail sending record of the target recipient is inquired to contain the target sender mailbox information, and then the mail exchange relation degree corresponding to the sender mailbox information and the recipient mailbox information is increased.
2. The identification method of claim 1, further comprising:
Responding to a sent mail, and updating a mail sending record corresponding to the target sender mailbox information according to the target sender mailbox information;
and in response to receiving the mail, updating a mail receiving record corresponding to the mail information of the target recipient according to the mail information of the target recipient.
3. A spam recognition device, comprising:
The system comprises an acquisition module, a storage module and a storage module, wherein the acquisition module is used for acquiring target mails identified as junk mails based on a preset junk mail identification technology, and the target mails contain relevant information for representing target recipients and target senders;
The first determining module is used for determining whether the information of the target sender is contained in the mail exchange relation of the historical mail exchange with the target recipient;
The first identification module is used for determining the mail exchange relation degree between the target receiver and the target sender based on the mail exchange relation if the mail exchange relation of the historical mail exchange of the target receiver contains the information of the target sender; determining whether the mail traffic relation between the target receiver and the target sender is smaller than a relation threshold; if the mail exchange relation between the target receiver and the target sender is greater than or equal to a relation threshold, identifying the target mail as a normal mail;
The second recognition module is used for recognizing the target mail as junk mail if the mail traffic relation between the target receiver and the target sender is smaller than a relation threshold; or if the mail exchange relation of the historical mail exchange of the target receiver does not contain the information of the target sender, identifying the target mail as junk mail;
The second determining module is used for acquiring the mailbox information of the target sender and the mailbox information of the target receiver based on a simple mail transmission protocol; responding to the sent mail, and inquiring whether the mail receiving record of the target sender contains the mail information of the target recipient according to the mail information of the target sender; if the mail information is contained, determining the mail business relationship corresponding to the target sender mailbox information and the target receiver mailbox information; responding to the received mail, and inquiring whether the mail sending record of the target recipient contains the mail information of the target sender according to the mail information of the target recipient; if the mail information is contained, determining the mail business relationship corresponding to the target sender mailbox information and the target receiver mailbox information; the mail exchange relationship does not contain mails automatically replied by the system; the mail exchange relation comprises mail exchange relation degree used for representing the mail exchange times, after the response to the sending of the mail, the mail receiving record of the target sender is inquired to contain the target recipient mailbox information, or after the response to the receiving of the mail, the mail sending record of the target recipient is inquired to contain the target sender mailbox information, and then the mail exchange relation degree corresponding to the sender mailbox information and the recipient mailbox information is increased.
4. An electronic device, comprising:
At least one processor;
and a memory communicatively coupled to the at least one processor;
Wherein the memory is for storing instructions executable by the at least one processor to enable the at least one processor to perform the method of claim 1 or 2.
5. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor are adapted to carry out the method of claim 1 or 2.
CN202211179798.1A 2022-09-27 2022-09-27 Method, device, equipment and storage medium for identifying junk mail Active CN115567475B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211179798.1A CN115567475B (en) 2022-09-27 2022-09-27 Method, device, equipment and storage medium for identifying junk mail

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211179798.1A CN115567475B (en) 2022-09-27 2022-09-27 Method, device, equipment and storage medium for identifying junk mail

Publications (2)

Publication Number Publication Date
CN115567475A CN115567475A (en) 2023-01-03
CN115567475B true CN115567475B (en) 2024-07-23

Family

ID=84742094

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211179798.1A Active CN115567475B (en) 2022-09-27 2022-09-27 Method, device, equipment and storage medium for identifying junk mail

Country Status (1)

Country Link
CN (1) CN115567475B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101035098A (en) * 2007-04-24 2007-09-12 北京网秦天下科技有限公司 Method for the mobile terminal to reject the spam via the query

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100596121C (en) * 2006-08-10 2010-03-24 华为技术有限公司 A method and device for preventing from spam
CN101325561B (en) * 2007-06-12 2012-01-04 阿里巴巴集团控股有限公司 Method, apparatus and system for processing electronic mail
WO2019054526A1 (en) * 2017-09-12 2019-03-21 (주)지란지교시큐리티 Method for managing spam mail

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101035098A (en) * 2007-04-24 2007-09-12 北京网秦天下科技有限公司 Method for the mobile terminal to reject the spam via the query

Also Published As

Publication number Publication date
CN115567475A (en) 2023-01-03

Similar Documents

Publication Publication Date Title
US8108477B2 (en) Message classification using legitimate contact points
US8224905B2 (en) Spam filtration utilizing sender activity data
US20060026242A1 (en) Messaging spam detection
US11539726B2 (en) System and method for generating heuristic rules for identifying spam emails based on fields in headers of emails
US7882189B2 (en) Using distinguishing properties to classify messages
US9060253B2 (en) Identifying and blocking mobile messaging service spam
US10091150B2 (en) Identifying first contact unsolicited communications
CN108011805A (en) Method, apparatus, intermediate server and the car networking system of message screening
US20160142275A1 (en) Method, system and apparatus for detecting instant message spam
CN115567475B (en) Method, device, equipment and storage medium for identifying junk mail
CN110300383A (en) A kind of filtering junk short messages programmed algorithm and device and system and storage medium
CN109218162B (en) Mail delivery method and device
JP4670049B2 (en) E-mail filtering program, e-mail filtering method, e-mail filtering system
CN115037542A (en) Abnormal mail detection method and device
US20050198181A1 (en) Method and apparatus to use a statistical model to classify electronic communications
KR20140127036A (en) Server and method for spam filtering
CN109218163B (en) Mail delivery method and server
Juneja et al. A Survey on Email Spam Types and Spam Filtering Techniques
US12028304B2 (en) System and method for restricting the reception of e-mails from a sender of bulk spam mail
EP3716540B1 (en) System and method for generating heuristic rules for identifying spam emails
EP4199471A1 (en) System and method for restricting the reception of e-mails from a sender of bulk spam mail
JP4082243B2 (en) E-mail server, e-mail system and program
KR101399037B1 (en) Method and device for processing spam mail using ip address of sender
CN117596227A (en) Intercepted mail processing method, device, equipment and medium
US20220407830A1 (en) Electronic mail security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant