The problem of spam is well-recognized in established communication technologies, such as electronic mail. Spam may include unsolicited messages sent by a computer over a network to a large number of recipients. Spam includes unsolicited commercial messages, but spam has come to be understood more broadly to additionally include unsolicited messages sent to a large number of recipients, and/or to a targeted user or targeted domain, for malicious, disruptive, or abusive purposes, regardless of commercial content. For example, a spammer might send messages in bulk to a particular user to harass, or otherwise, disrupt their computing resources.
However, a sender of a large number of messages might not be considered a spammer. For example, an educational, financial institution, health institution, or the like, might send a large number of messages to its alumni, members, or the like. Similarly, known and/or generally acceptable merchants might send large number of messages that some recipients may actually want to receive. Such bulk message distributors may be well known by some of its recipients, who may actually seek to receive the messages. Thus, a sender of a large number of messages cannot be classified based solely upon the quantity of messages it sends.
Some traditional network level spam detectors are configured to employ various information about a message source, such as an Internet Protocol (IP) source address, a Uniform Resource Identifier (URI), such as a Uniform Resource Locator (URL), or the like, to filter messages. Such filters are configured under the belief that identification of a spammer by the source of the message enables filtering of spam messages. However, many spammers have adopted approaches to circumvent such filters by using legitimate source addresses that make such IP and/or URI based filters ineffective. Thus, it is with respect to these considerations and others that the present invention has been made.