The approaches described in this section could be pursued, but are not necessarily approaches that have previously been conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
Electronic mail messages, hereinafter “email”, are now widely used to exchange messages between users or computing systems. The email can be transmitted over the Internet or other communications networks and has grown increasingly popular due to, among other things, its speed, efficiency, and low cost. However, these very qualities have made the email particularly susceptible to abuse by advertisers and others trying to reach large “audiences” without having to incur the costs of postage and paper handling associated with the regular, so called “snail”, mail. Thus, email users face a growing problem in which their email addresses and identities may be collected in various databases which are used (or sold to third parties) to generate unwanted mail. This problem results in email users receiving increasing quantities of unwanted and unsolicited emails, which are also known as “spam”, “junk”, or “malicious” emails. The growing number of such emails requires email users to spend significant time searching for legitimate communications. In some cases, email users feel that the only solution to this problem is changing email addresses, but this is only a temporary measure until spam emails resume which also makes it difficult for legitimate mail to find its addressees.
Furthermore, malicious emails may often lead to significant damage to computing systems and data and property loss due to spread of computer viruses and malware. For example, an email “phishing” technique may be used to acquire information including usernames, passwords, credit card details, and other sensitive data by email. Such phishing emails may contain links to websites infected with malware.
As a result, the increasing number of unsolicited emails is a major problem for email users, service providers, companies, and other involved parties. There exist various approaches for filtering and blocking unwanted emails. For example, in one approach, an email user who is the recipient of unwanted emails can reconfigure his email client, email transfer agent, or webmail service to filter emails from offending email addresses. While this approach may work against specific spammers, it requires that the email user take action every time a new spammer is identified.
Another approach utilizes various software tools which attempt to eliminate spam emails automatically. Typically, these software tools will examine incoming email messages and search for indications of spam. For example, an incoming email may be classified as spam if a large number of messages have been sent from the same sender, the email contains a suspicious attachment, a suspicious combination of words, or the Internet Protocol (IP) address associated with the sender is blacklisted. Once such emails classified as spam, they may be either automatically deleted by the software tools or placed in a “quarantine” zone. This approach may be effective against some spam.
However, despite various measures, the number of sophisticated and targeted email attacks has been increasing significantly in part because spam emails are now more targeted towards specific recipients and take various countermeasures to circumvent conventional filtering techniques. Conventional security architectures are not keeping pace with evolving malicious emails attacks.