1. The Field of the Invention
The present invention relates to electronic mail technology, and more specifically, to reducing unwanted and unsolicited electronic messages.
2. Background and Relevant Art
Computer systems and related technology affect many aspects of society. Indeed, the computer system's ability to process information has transformed the way we live and work. Computer systems now commonly perform a host of tasks (e.g., word processing, scheduling, and database management) that prior to the advent of the computer system were performed manually. More recently, computer systems have been coupled to one another to form both wired and wireless computer networks over which the computer systems can communicate electronically to share data. As a result, many tasks performed at a computer system (e.g., voice communication, accessing electronic mail, electronic conferencing, web browsing) include electronic communication with one or more other computer systems via wired and/or wireless computer networks.
Unwanted and unsolicited email (commonly referred to as “SPAM”) has been around virtually as long as there has been electronic mail. Historically, the annoyance and burden of spam was (though noticeable) small enough so as to not be a significant problem. However more recently, the rate at which SPAM has been appearing in users' electronic mailboxes has significantly increased. It is not uncommon for large commercial electronic mailbox providers to routinely observe that well over half or even three quarters of the electronic mail received by their users is SPAM. The problem has become one of significant proportions, costing users, industry, and the economy at large significant time and financial resources, threatening perhaps to even undermine the viability of electronic mail as a useful communication medium.
Conventionally, the design of electronic mail client software and electronic mail server software has primarily focused on making the user experience of dealing with their electronic mail as efficient, useful, and pleasant as possible. The software had little, if any, understanding of the actual interest a user might have in a given electronic mail message. Thus, all received electronic mail messages tended to be treated as equals and similarly presented to the user regardless of the content of the electronic mail messages. Unfortunately, this treatment of electronic mail messages results in the presentation of SPAM being virtually indistinguishable from the presentation of legitimate electronic mail messages (e.g., electronic messages from known senders, responses to electronic messages sent from the user, etc.)
Accordingly, a number of techniques have been developed to classify electronic mail messages as SPAM and thereby distinguish SPAM from other legitimate electronic mail messages. Some techniques examine received electronic mail messages and classify a received electronic mail message as SPAM based upon words or phrases found therein. Other techniques for classifying SPAM take advantage of the fact that electronic mail messages that are SPAM are typically sent to a large number of users. These other techniques use collective voting approaches to identify electronic mail messages as SPAM. Another common and particularly useful technique is the maintenance, on a user's behalf, of a list of his known correspondents, an approach commonly called a ‘known-sender list’ or “white list”.
After classification as SPAM, a SPAM electronic mail message may be treated differently than legitimate electronic mail messages, such as, for example, by automatically moving the SPAM electronic mail message into a user's “SPAM Folder” or possibly even deleting the SPAM electronic mail message without a user ever knowing it was sent.
However, many conventional electronic mail classification techniques rely solely on the contents of an electronic mail message (e.g., the headers and/or body of the electronic mail message) when determining whether the electronic mail message is legitimate or is SPAM. This is problematic, since entities desiring to send SPAM can (often quite easily) intentional alter a SPAM electronic mail message to appear as a legitimate electronic mail message. For example, an entity desiring to send SPAM may configure the body of an electronic mail message such that the chances of detection by an electronic mail filter are reduced. Further, an entity desiring to send SPAM may alter certain addressing information in the header portion of an electronic mail message, commonly referred to as “domain spoofing.”
Spoofing a domain name includes changing the domain name of the sender's electronic mail address (i.e., the text after the “@” in the electronic mail address) to make it appear as if an electronic mail message was sent from a particular entity, when the particular entity did not in fact send the electronic mail message. Thus, electronic mail classification techniques may incorrectly classify an electronic mail message as legitimate based on the spoofed domain name, when in fact the electronic mail message should be classified as spam. Accordingly, the effectiveness of conventional mail classification techniques is reduced.
Typically, before an electronic mail message is transferred from a sending mail server to a receiving mail server, a connection, such as, for example, a Transmission Control Protocol (“TCP”) connection, is established between the sending and receiving mail servers. Connection establishment can include the exchange of configuration information including network addresses, port numbers, and sequence numbers. For example, TCP connection establishment includes a well known three-way handshake sequence. Unfortunately, since the TCP three-way handshake sequence is well known, an entity desiring to send SPAM could forge a network address and then send configuration information (e.g., sequence numbers) purported to have originated from the forged network address. A receiving mail server may incorrectly determine that the configuration information originated from the forged network address.
Thus, the entity could forge a network address and establish a connection that appears to the receiving mail server to have originated from the forged network address. Accordingly, the entity could then use the established connection to send electronic mail messages that appear to have originated from the forged network address. If the entity then also spoofs the domain name of the forged network address, it may be difficult, if not impossible, to determine the true originating network address of an electronic mail message. Based on the forged network address and spoofed domain name, a receiving mail server may incorrectly classify the electronic mail message as legitimate. Therefore, mechanisms for coordinated reduction of unwanted and unsolicited electronic messages would be advantageous.