Email over the Internet and other networks have become a mainstay of business and personal communications. Email over the Internet is typically sent using the Simple Mail Transfer Protocol (“SMTP”), a popular text based mail transport and delivery protocol. SMTP is defined in The Internet Society Request of Comment (“RFC”) No. 2821 (April 2001), which is hereby incorporated by reference.
SMTP contemplates that transmission of emails occurs from a sending user's host (or “originating server”) to the receiving user's host (or “receiving server”) when the two hosts are connected to the same network such as the Internet or other transport service or connected to different networks coupled by a gateway.
Under SMTP, the sending and receiving servers establish a communications connection over the transport service. Then, the originating server (sometimes referred to herein as the remote server) initiates a mail transaction, which includes commands to specify certain information about the session, including the originator and destination of the mail. This information is referred to as the “envelope.” Next the originating server sends a command to transmit the message content itself. The message content is composed of a header and a body. The header includes structured field/value pairs. The body is the actual message which can be formatted in accordance with MIME, for example.
The receiving server responds to each command with a reply. For example, replies indicate that the command was accepted or that a temporary or permanent error condition exists. Replies include three digit codes (such as “250”).
Unsolicited bulk email (“UBE”), popularly known as “spam,” is a growing problem for email users. Spam clogs users' inboxes, wastes network bandwidth, consumes human and machine resources to evaluate and discard, and often is used to disseminate malicious code or perpetrate fraud or other unlawful or undesirable activity.
A number of approaches have been proposed to address the problem of UBE. One approach is to assess the content incoming email and to filter out messages with certain content associated with UBE. However, senders quickly adapt content to circumvent these systems. In response, ever more aggressive content filters may be utilized. However, this leads to false positives—that is, legitimate emails that are flagged or filtered as UBE.
When legitimate emails are filtered as UBE, users do not receive potentially important communications. To mitigate this risk, filtered UBE can be placed into a quarantine for periodic review by the user. However, this consumes human and machine resources and can delay receipt of an urgent legitimate email that is mistakenly filtered as UBE place into quarantine.
Another approach is to post suspect UBE senders on a deny list. However, spenders of spam will frequently change servers, sometimes hijacking otherwise legitimate systems. This counter-tactic limits the effectiveness of the deny list.
Another approach that has been adopted is the challenge response system, in which the recipient mail server sends a challenge to unknown mail sender and quarantines the sender's mail until the sender provides an appropriate response to the challenge. A drawback to this system is that it imposes delay and inconvenience on legitimate but unknown senders. Also, if a legitimate sender does not for whatever reason respond to the challenge, then the incoming email will not be received.
It would be desirable to more completely filter UBE while avoiding mistakenly filtering legitimate email. As used in this application, the term “legitimate” means a message other than UBE or other types of bulk email that are either prohibited by law or that are communications that computer users generally do not wish to receive. The term “legitimate” as applied to a sender or connection means a sender or connection not engaged in sending UBE.