Some online services, such as social network services, allow members to upload user information and provide, to the members, information about users associated with the user information. Examples of user information include email addresses and phone numbers.
For example, a user who registers with an online social network service is presented with a web page that allows the newly registered user to upload an address book of the user, such a list of email addresses of contacts in the user's email account. For each email address in the list, the social network service determines whether an existing member has registered with the email address. If so, then the social network service presents information about the existing member, such as the member's name, occupation, residence information, etc. The social network service may also allow the newly registered user to provide input that causes a connection request to be sent to the existing member so that the user and the member may be connected in the social graph maintained by the social network service.
For an email address that the social network service does not recognize, the social network service may prompt the newly registered member to send a message to the email address to invite the corresponding user to register with the social network service.
However, bad users may abuse this address book upload service by generating large lists of email addresses of people they do not know, uploading the lists to the social network service, and determining whether any of the emails are associated with members of the social network service. The email addresses in the lists may have been automatically generated using known domain names (for example, public domains, such as “yahoo.com”, “gmail.com”, and “hotmail.com”, or corporate domains, such as “linkedin.com” and “bankofamerica.com”) or may have been stolen from third party servers, such as bank servers, government servers, retailer servers, etc. For those email addresses that match email addresses of members of the social network service, an abuser may then send connection requests to the identified members, some of whom may accept the connection request. After a member accepts a connection request from an abuser, the abuser has access to potentially intimate information of the member, such as work history, academic history, residence information, personal interests and hobbies, birthday information, etc.; virtually any information that that the legitimate member provided to the social network service.
The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.