1. Technical Field
The present invention relates in general to networks and, in particular, to controlling distribution of undesirable mail within a network. Still more particularly, the present invention relates to analyzing electronic mail to predict and classify undesirable electronic mail prior to transmission to a client, such that the client is enabled to quickly manage removal of undesirable electronic mail.
2. Description of the Related Art
Computer networks, such as the Internet, are typically based on client-server software architectures. These architectures provide a versatile infrastructure that supports shared access to server resources, such as receiving and transmitting electronic mail(e-mail). A client is typically a requester of services, and a server is the provider of services. A single machine can be both a client and a server depending on the software configuration. A typical client machine is loaded with client software, while a typical server machine is loaded with server software. Clients can be either stand-alone computer systems(like personal computers) or xe2x80x9cdumberxe2x80x9d systems adapted for limited use with a network (e.g. dumb terminals).
A generalized client-server computing network has several nodes or servers which are interconnected, either directly to each other or indirectly through one of the other servers. Based on network configuration, the connection by the client to the network may be via connections including, but not limited to, an Ethernet connection or token ring. Other direct and/or indirect connection methods(e.g. telephone connection via remote access protocol) are also possible when a client is connected from a user""s home, for example.
The network can be a localized network or a geographically dispersed network and can be further connected to other networks. Each server is essentially a stand-alone data processing (computer) system, having one or more processors, memory devices, and communications devices, that has been adapted (programmed) for providing information and/or services to individual users at another set of nodes or client workstations.
In many networks, a primary function of a server is receiving e-mail addressed to clients and transmitting e-mail composed received from clients. The rapid increase in the number of users of electronic mail(e-mail) and the low cost of distributing electronic messages via the Internet and other electronic communications networks has made marketing via e-mail an attractive advertising medium. Consequently, e-mail is now frequently utilized as the medium for widespread marketing of messages to e-mail addresses, commonly known as xe2x80x9cspam.xe2x80x9d
Users of e-mail, however, frequently are not eager to have e-mail boxes filled with unsolicited e-mails. Users accessing the Internet through Internet Service Providers (ISPs) such as America Online(trademark) (AOL) or Microsoft Network(trademark) (MSN), application service providers (ASPs), portal providers, or large businesses such as IBM and General Motors (GM) are often targeted by e-mail marketers.
The sending and receiving of unsolicited e-mail messages are increasing problems for both ISPs and corporations. In particular, unsolicited sending and receiving of e-mail can unnecessarily utilize data storage space on servers and for ISPs unsolicited mail reduces customer satisfaction. In addition, unsolicited mail may includes viruses, worms, or other destructive attachments that can easily be transmitted within a server upon activation at a single client within a network.
There are a number of methods being utilized for filtering unsolicited e-mails at an e-mail server and/or in association with e-mail software packages, such as Lotus Notes(trademark) (Lotus Notes is a trademark of IBM), executing on client systems. One such method is designed to block a user from receiving e-mails from particular e-mail addresses or e-mails that include particular keywords or character strings. However, this approach is vulnerable in that marketers may quickly adjust an address or domain name from which unsolicited e-mails are transmitted and thereby outdate address blocking lists. In addition, marketers and others producing spam may adjust wording of text messages or transmit unsearchable attachments in order to temporarily avoid blocking lists. Moreover, most ISPs cannot provide blocking services to a customer unless the services are specifically requested by that customer.
Other known e-mail filtering techniques are based upon an inclusion list, such that e-mail received from any source other than one listed in the inclusion list is discarded as junk. In addition, a user may designate keywords of interest such that e-mails containing keywords of interest to the user are placed in the user""s xe2x80x9cinboxxe2x80x9d. However, these methods require the user and/or ISP to continually update the inclusion list. Therefore, inclusion lists are typically only as intelligent as a user makes them and may easily become outdated.
Some methods combine the use of blocking lists and inclusion lists and distinguish e-mails that are not filtered by either list. For example, U.S. Pat. No. 6,023,723 (""723) describes a filtering system that filters e-mail at a user""s network computer according to a list of desired addresses and character strings and undesired addresses and character strings. Any e-mail that is not included or discarded is sent to a xe2x80x9cwaiting roomxe2x80x9d for the user to review. If a user rejects an e-mail in the waiting room, the address as well as specific character strings included in the e-mail are included in the list of undesired receiving addresses. However, the use of a xe2x80x9cwaiting roomxe2x80x9d is limited in that it does not provide a prediction of whether or not an e-mail is desirable, but just that the e-mail does not fit the criteria for inclusion or blocking. A user must still look through each e-mail and remove undesirable e-mails individually.
Other known methods may utilize additional conditional filtering mechanisms in order to filter through multiple diverse e-mail messages. For example, U.S. Pat. No. 5,999,932 (""932) utilizes a first filter to sort through messages with an inclusion list at a user""s computer and included messages are marked xe2x80x9cOKxe2x80x9d. Next, a heuristic process is performed to determine if the remaining e-mail messages may be of interest to the user. Heuristic processing may evaluate each message according to rules such as whether or not the xe2x80x9cFromxe2x80x9d field of the e-mail matches a xe2x80x9cToxe2x80x9d entry from the user""s inclusion list. In another example, U.S. Pat. No. 5,283,648(""648) describes conditional rule-based e-mail filtering utilizing xe2x80x9cwhen-if-thenxe2x80x9d rules designated by a user. However, both ""932 and ""948 require a user to update conditional filtering criteria in order to evaluate new and changing e-mail spam techniques. In addition, neither technique provides for predicting whether or not an e-mail is spam.
In addition to user-designated blocking and inclusion lists, network servers and other services may determine and recommend blocking criteria. For example, in the ""723 patent, addresses and character strings of rejected e-mails are periodically transmitted to a network location and included in a master list where rejected e-mail information from multiple network users is compiled. The master list is periodically sent to each network computer to allow the filter of undesired addresses and character strings to be updated for each network user. However, determining undesirable electronic mail after rejection by users means that the ""723 method relies on numerous user""s wasting time reading and rejecting e-mail from a particular address or including particular words before the master list is updated. In addition, a virus or other destructive bug may reach many users with detrimental effects by the ""723 method before the master list is updated.
In another example, Brightmail Inc. (trademark) provides software for ISPs that creates a Spam Wall(trademark) on network servers to block current spam attacks and 24-hour updating of spam-identifying rules for the software in order to block new spam attacks. In order to update the spam-identifying rules, a probe network utilizes xe2x80x9cseededxe2x80x9d e-mail addresses to attract spam, analysts write blocking rules for the attracted spam, and spam walls are updated with the blocking rules on all network servers utilizing the service. While the Brightmail method provides for structuring a spam wall to keep rule-identified spam from reaching users who subscribe to the service, the method is not specified for individual ISPs or corporations that may be individually targeted by a particular marketer. In addition, a user is not provided with a quantified prediction as to whether or not an electronic mail is spam or a simple method of removing undesirable mail.
In view of the foregoing, it would be advantageous to provide a method for automatically analyzing electronic mail as it arrives at a network server to determine patterns among incoming e-mails and classify potential spam. In classifying potential spam, it would be advantageous for the user to be enabled to both view and easily discard e-mails designated by the network server as potential spam.
In view of the foregoing, it is therefore an object of the present invention to provide an improved method, system and program for managing networks.
It is another object of the present invention to provide a method, system and program for controlling distribution of undesirable mail within a network.
It is yet another object of the present invention to provide a method, system and program for analyzing electronic mail to predict and classify undesirable electronic mail prior to transmission to a client, such that the client is enabled to quickly manage removal of undesirable electronic mail.
In accordance with the present invention, multiple e-mails are received at a network server intended for multiple clients served by the network server. The e-mails are analyzed to determine patterns of similarity. A selection of similar e-mails are predicted and classified as potentially undesirable e-mail according to the analysis, such that e-mails classified as potentially undesirable e-mail are identified to the multiple clients upon access of e-mails from the network server.
Upon accessing e-mails from the network server at a data processing system in association with a particular client, the accessed e-mails classified as potentially undesirable e-mail are displayed in a distinct manner from a remainder of the accessed e-mails. Thereafter, in response to a single action by the particular client, the e-mails classified as potentially undesirable e-mail are removed from display, such that the particular client is enabled to efficiently manage removal of e-mails predicted as undesirable by a network server.
All objects, features, and advantages of the present invention will become apparent in the following detailed written description.