The present invention relates to data security, and more particularly, is directed to determining the actual source of an electronic mail message. The present invention also is directed to determining the actual source of an electronic message to a website.
Unsolicited commercial email is popularly known as “spam”. It has been estimated that 90% of email messages are spam, corresponding to 100 billion daily spam emails.
Email addresses are easy to forge. Spammers often employ forged email addresses when their spam is disguised as legitimate email, e.g., phishing, wherein a spammer sends an email purporting to be from a legitimate website, generally to induce an unsuspecting party to provide their log-in name and password for the website.
However, it is not so easy to reliably determine that an email has a forged address.
Existing email authentication schemes require that the email administrator for the domain actively participate, which has resulted in such schemes being not used for most domains. The ability to reliably authenticate the origin of an email would be of great utility to email processing systems, as that email could be readily identified as spam.
Digital signatures are formed using a private cryptographic key to encrypt data associated with a message. The receiver uses a public cryptographic key to decrypt the data thereby recovering a plaintext version of the associated data. However, the difficulty of establishing an infrastructure to distribute public keys for email source authentication has hampered use of digital signatures for this purpose.
Websites that provide services, such as free email accounts, are often the targets of improper users who register for many accounts and then abuse them. To prevent programs from registering, that is, to ensure people register, such websites often employ a CAPTCHA test that is difficult for a computer to solve but relatively easy for a human to solve. Popular types of CAPTCHAs include graphic images of characters or words that have been subject to various visual distortions.
However, CAPTCHAs are generally annoying to humans, software programs can do a pretty good job of solving many CAPTCHAs, and spammers sometimes employ low-wage individuals to register for new accounts. Thus, there is room for an improved technique that protects websites from improper registrations.