Various forms of electronic messaging (e.g., e-mail, SMS, MMS, instant messaging, etc.) have vastly enhanced the speed and efficiency with which we communicate. As such, electronic messaging services are now a central feature of most online services. Unfortunately, the pervasiveness, ease of use, and low per-message cost of sending electronic messaging leads to generation of a great quantity of undesirable messages (SPAM) from spammers or other senders, such as unsolicited marketing messages, mailing/distribution list messages, messages distributing malware, messages attempting to trick the recipient in some way (e.g., to divulge personal information, to visit an unintended URL, to engage in a fraudulent business transaction), etc.
To enhance the experience of their users, service providers fight a constant battle with spammers to reduce the amount of undesirable messages that reach users. In general, when an electronic message is received for a user, a service provider must decide whether that message is desirable or undesirable for that user. This is typically done with filters that contain rules and/or blacklists. For example, filters may identify undesirable messages based on an analysis of message content including any attachments (e.g., using keywords, URL lists, hashes) and envelope information including the sender's IP address. Filters must be constantly updated as spammers alter message content, originating IP address, etc. to overcome existing filter rules and/or blacklists.
In existing environments, filtering is typically accomplished through use of global filtering criteria (i.e., rules/lists applying to all users in the system) and user-specific filtering criteria (i.e., rules/lists applying to each user individually). In these environments, as individual users provide feedback signals for electronic messages (e.g., as being desirable or undesirable) that user's individual filtering criteria is updated accordingly. Through a feedback mechanism, the global filtering criteria may later be updated based on how individual users have classified those messages (e.g., to classify those messages a desirable or undesirable).
While this feedback mechanism is helpful, it does have some limitations. For example, since it may take some time for a sufficient number of users to classify a category of messages, it may also take an unacceptably long amount of time update the global filtering criteria to allow or disallow these messages. In addition, since different users may have different views on what constitutes desirable vs. undesirable messages it can be very difficult to determine how to update the global filtering criteria.
In addition, spammers have leveraged these feedback mechanisms to game global filters. For example, a spammer may obtain accounts with a service provider, and send undesirable messages to those accounts. Then, using those accounts, the spammer may signal that those messages are desirable messages. In this way, spammers may be able to affect global filters to classify their undesirable messages as desirable, enabling those messages to reach other users of the service.
Recently, multi-tenant environments have been gaining in popularity. In a multi-tenant environment, a service provider provides or hosts services for tenants (e.g., businesses) having a plurality of users (e.g., employee accounts). The addition of multi-tenant environments has provided spammers additional tools for gaming and otherwise bypassing global filtering criteria. For example, spammers may obtain tenant accounts with a service provider, and use those tenant accounts to send undesirable messages. Since the undesirable messages originate from an IP address of the service provider, and come from what may look like a legitimate customer, it can be difficult for a service provider to appropriately classify those messages.