The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
One of the largest threats to computing devices includes malicious messages sent over a network. Often these threats appear in the form of a message containing attachments with malicious code and/or hyperlinks to malicious uniform resource locators (URLs). The malicious code and/or malicious URLs may cause a computing device to download viruses or to send personal data to other computing devices.
Due to the increased usage of electronic messaging and the increased threat of malicious messages, message security has become extremely important for computing devices. Many messaging security systems can analyze hyperlinks and attachments to determine if they contain any known viruses or links to known malicious URLs.
While virus scanners may identify malicious attachments in messages, many types of malicious messages are more difficult to identify. A malicious message may include no attachments or hyperlinks, but instead convince the recipient to send a response or to perform a particular action. For instance, a malicious message may identify the sender as a security company and request remote access to the computing device of the recipient to fix an invented problem with the computing device. These types of messages, also known as phishing messages, are more difficult to identify as malicious as they may not contain URLs or attachments.
The malicious message problem is most prevalent in e-mail systems as identifiers of recipient e-mail accounts are readily available. The malicious message problem additionally exists in various messaging services, such as dating applications where fake accounts may be easily generated for sending phishing messages.
One solution to the malicious message problem is to track the names of messaging accounts that have sent out phishing messages. If a computing device can determine that a message has been sent to many recipients or that a messaging account has sent out phishing messages in the past, the account and/or the domain for the account may be added to a blacklist. Future messages received from a blacklisted account may be immediately quarantined or deleted, thereby protecting the computing device associated with the recipient account.
The approach of blacklisting known phishing accounts was most effective when messaging accounts were relatively difficult to obtain. As storage capacity has increased, messaging account providers have made the process of obtaining a messaging account relatively simple. Thus, the prior system of identifying phishing accounts based on the number of messages they have sent can be overcome by obtaining individual accounts for sending a relatively small number of phishing messages. If an account has only sent a single message, the account may be identified as having a clean sending reputation even though the account was created for sending a malicious message.
Thus, there is a need for a system or method which can identify phishing accounts and/or malicious messages from a generated account with a clean sending reputation.