1. Field of the Invention
The present invention is directed to distinguishing legitimate messages from spam messages.
2. Description of the Related Art
While spam is generally thought of as unsolicited email transmitted on the Internet, spam can be transmitted by any messaging medium. Because of the volume of email spam now sent on the Internet, spam has become a major problem for Internet users. To combat this problem, spam filters have been implemented at various parts of the messaging path. Spam filters can be run by users when incorporated into their mail user agent (MUA), enterprises when incorporated into or operated in conjunction with a message transfer agent (MTA), Internet Service Providers and other email domains.
A spam filter is a program that is used to detect unsolicited and unwanted massages and prevent those messages from getting to a user's inbox. A spam filter looks for certain criteria on which it bases judgments on whether a message comprises spam or not. The simplest spam filters watch for particular words in the subject line of messages and to exclude these messages matching the watch words from a user's inbox. This method is not especially effective, too often omitting perfectly legitimate messages (called false positives) and letting actual spam through. More sophisticated programs, such as Bayesian filters or other heuristic filters, attempt to identify spam through suspicious word patterns or word frequency. Bayesian filters look for suspicious sets of message attributes that include, in part, word patterns and word frequency as well as fishy header fields, spoofed return addresses, and the like. Current-generation filters look at the aggregate of all these flags
Certain types of messages are not spam at all, but may be identified as such by spam filters. For example, if a user sends an email to another user, and the other user sends a reply, a spam filter may render a false positive on the reply email. In addition, the purveyors of spam have become more sophisticated in hiding spam. Some spam takes the appearance of a reply message from a particular user, or falsely inserts a user's email into the “from” field of a message. This may appear to a spam filter as a legitimate email. Another technique, common to transmitting messaging viruses, is for spammers to use an impersonated email address in the from line of an email message, send the message with the impersonated “from” address to a user, which generates a non-delivery report (NDR) which returns with the virus to the impersonated user. In this technique, the virus is provided as an attachment to the non-delivery report. Email viruses also spread themselves to people in user address books by sending themselves and impersonating other users in the address book. Such viruses may be caught by the recipient's agent and generate an NDR with the virus stripped out.
Hence, in messaging environments, a method for verifying the authenticity of an inbound message would be useful.