A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by any one of the patent disclosure, as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all copyright rights whatsoever.
1. Field of the Invention
The present invention relates to computer security, and more particularly, to an apparatus and method for managing electronic mail message processing.
2. Background Information
Electronic mail is becoming a more integral means of communication for everything from students exchanging messages with each other and their teachers to highly sensitive business and governmental communications. Communication technology has expanded to where anyone with a personal computer, minimal software and a modem can connect to the Internet and send mail to any other computer, whether it is across the street or around the world. Because anyone can send mail to anyone else, many sites have begun establishing security policies which specify how mail sent to and received from external locations should be handled. These sites use mail messsaging systems to analyze incoming and outgoing messages and determine whether information concerning the message should be recorded or reviewed, or whether the message should be allowed to be delivered at all.
Every customer has different needs. Commercial security policy different for different business types and installations, and different from government and educational institution needs. To date, however, conventional systems have implicit assumptions about the security to be enforced built in, based on the rules of the security policy to be enforced. Thus, where a site is big enough to have departments with different needs, or where one filter is being developed for a number of clients, either a separate system must be developed and installed for each site/department, or the system must be written to enforce the lowest common denominator of the rules specified by each site/department.
In addition, systems constructed to date often require an independent computer system located such that all mail passing between external and internal locations passes through the filter system. Such systems typically are limited to looking for a specified set of keywords, making processing decisions based on whether the keyword is present or missing, depending on the rule.
Finally, conventional systems provided to date are only capable of a yes/no decision, providing only one option at each decision point. The message (or response to the message) must go down only one path--forwarded to the destination, returned to the source, or rerouted to a different destination. What is needed is functionality supporting multiple addresses for a single message. It is therefore difficult to implement a policy of, for example, forwarding questionable messages on to their original destination but also forwarding a copy to an internal auditor or logging system. Conventional systems cannot support this requirement.
What is needed is a way of structuring an electronic mail messaging system that is flexible enough to implement a variety of security policies but which is also simple for a network administrator to configure. Such a system would preferably provide multiple routing paths form each decision point.