Field of the Invention
The invention relates to a method for identifying mails and a server thereof, and particularly relates to a method for identifying spam mails and a mail server using the method.
Description of Related Art
With reference to FIG. 1, FIG. 1 is a schematic diagram illustrating a conventional method of forwarding a mail. As shown in FIG. 1, when the mail is sent by a user 110, the mail is delivered to a mail transfer agent (MTA) server 114 via a mail user agent (MUA) server 112. The MTA 114 sends the mail to a MTA 116 of a recipient 120 according to a mail address (other MTAs may exist between the MTA 114 and the MTA 116 for forwarding the mail), and then the mail is forwarded to a MUA 118 of the recipient 120.
The conventional methods for identifying spam mails can be roughly categorized into two types: 1. verification based on domain name system (DNS); and 2. identification based on mail transfer path.
According to the first type, when the MTA at the recipient end (e.g., the MTA 116) receives the mail, the Internet protocol (IP) address and domain name of the sender are looked up through DNS resolution and DNS reverse resolution. If the result does not match the Helo domain of the mail, the mail is identified as a spam mail.
DNS can be used for converting between domain name and IP address. DNS resolution is to look up the IP address to obtain the corresponding domain name when the IP address is registered. DNS reverse resolution is to look up the domain name to obtain the corresponding IP address when the domain name is registered. The Helo domain is the hostname declared by the MTA.
On the other hand, the principle of the second type lies in analyzing the MTA history behavior through a path message in the received field of the mail header. With reference to FIG. 2, FIG. 2 is a schematic diagram of a conventional mail header. Among the received fields of a received line 210 circled by the dotted line in FIG. 2, the received fields on the lower side are closer to the sender while the received fields on the upper side are closer to the recipient.
Mail sets that have been labeled may be divided into spam mails or legitimate mails. Next, the IP addresses corresponding to all the MTAs in the received fields may be obtained, and the frequencies that the IP addresses show in the spam mails and the legitimate mails are analyzed to obtain statistics to evaluate credibility of the MTAs. Then, if a mail is received from a MTA with higher credibility, the mail is labeled as a legitimate mail; otherwise, the mail is labeled as a spam mail.
According to the first type; however, DNS may misidentify some MTAs, which declare erroneous domain name setting, as spam mail servers. Meanwhile, the second type requires history evaluation (e.g., credibility) for determining whether a mail is a spam mail.
In fact, the domain names declared by many MTAs and the domains registered by the IP addresses may have errors due to mistakes made by the setting staff, which may result in misidentification of some mails as spam mails.