Abstract: A domain name registrar may provide a service for a domain name registrant to automatically and without further action by the domain name registrant (other than possibly paying for the service) enable secure socket layer (SSL) for a domain name to a third party hosting service, even when the domain name registrar does not own or control the third party hosting service. The invention allows a user (that may or may not be the domain name registrant) to use the domain name registered to the domain name registrant to communicate with a domain name registrant account (possibly a website) on the third party hosting service via a proxy server. The communication between the user and the proxy server may be encrypted such as by the SSL protocol.

Abstract: A domain name registrar may provide a service for a domain name registrant to automatically and without further action by the domain name registrant (other than possibly paying for the service) enable secure socket layer (SSL) for a domain name to a third party hosting service, even when the domain name registrar does not own or control the third party hosting service. The invention allows a user (that may or may not be the domain name registrant) to use the domain name registered to the domain name registrant to communicate with a domain name registrant account (possibly a website) on the third party hosting service via a proxy server. The communication between the user and the proxy server may be encrypted such as by the SSL protocol.

Abstract: A domain name registrar may provide a service for a domain name registrant to automatically and without further action by the domain name registrant (other than possibly paying for the service) enable secure socket layer (SSL) for a domain name to a third party hosting service, even when the domain name registrar does not own or control the third party hosting service. The invention allows a user (that may or may not be the domain name registrant) to use the domain name registered to the domain name registrant to communicate with a domain name registrant account (possibly a website) on the third party hosting service via a proxy server. The communication between the user and the proxy server may be encrypted such as by the SSL protocol.

Abstract: The claimed subject matter relates to an architecture that can determine costs associated with updating file formats. In particular, the architecture can interface with a network-accessible data storage service in order to determine a cost-benefit to the data storage service for a wide variety of conversion scenarios applicable to the particular topology of the data storage service. For example, the cost-benefit can differ for storage services configured according to a client-server model relative to storage services configured according to a distributed topology. Regardless, the architecture can identify a legacy format, select a converter for converting the legacy format to the updated format, and then determine the cost-benefit for a variety of conversion or migration scenarios.

Abstract: The claimed subject matter relates to an architecture that can determine costs associated with updating file formats. In particular, the architecture can interface with a network-accessible data storage service in order to determine a cost-benefit to the data storage service for a wide variety of conversion scenarios applicable to the particular topology of the data storage service. For example, the cost-benefit can differ for storage services configured according to a client-server model relative to storage services configured according to a distributed topology. Regardless, the architecture can identify a legacy format, select a converter for converting the legacy format to the updated format, and then determine the cost-benefit for a variety of conversion or migration scenarios.

Abstract: Automated file distribution is described. A member of a peer-to-peer network receives from a file server, a file to be distributed. The file is then distributed via the peer-to-peer network to other members of the peer-to-peer network. Members of the peer-to-peer network can choose whether or not to receive a file from another member based on a trust level or reputation associated with the member. The trust level may be based, at least in part, on a number of degrees of separation between the members. Furthermore the file is verified, for example, by validating a digital signature associated with the file.

Abstract: A method and system for authenticating that a user responding to a HIP challenge is the user that was issued the challenge is provided. Upon receiving information from a sender purporting to be a particular user, the authentication system generates a HIP challenge requesting information based on the user's identity. Upon receiving a response to the challenge, the authentication system compares the response with the correct response previously stored for that user. If the two responses match, the authentication system identifies the user as the true source of the information.

Abstract: Various embodiments provide integrated solutions for detecting and treating undesirable activities. Detection and treatment solutions are integrated with software entities, such as applications, DLLs and the like, and provide status notifications for the user as to the status of the detection and treatment activities. In at least some embodiments, an integrated user interface is provided and gives the user the option to provide input and affect at least some of the treatment options.

Abstract: Secure extensibility access to application program interfaces (APIs) is described. Techniques are described in which trust indicia are used determine relative trustworthiness of an extensibility module attempting to access of APIs of an application module. Access to APIs of the application module is managed based upon trustworthiness of the extensibility module.

Abstract: A method and system for determining the reputation of a sender for sending desirable communications is provided. The reputation system identifies senders of communications by keys sent along with the communications. The reputation system then may process a communication to determine whether it is a desirable communication. The reputation system then establishes a reputation for the sender of the communication based on the assessment of whether that communication and other communications sent by that sender are desirable. Once the reputation of a sender is established, the reputation system can discard communications from senders with undesired reputations, provide to the recipient communications from senders with desired reputations, and place in a suspect folder communications from senders with an unknown reputation.

Abstract: Distributed sender reputations are described. In an implementation, a method includes evaluating multiple characteristics of message delivery to establish a reputation for a sender of the message by a mail transfer agent and sharing data which describes the evaluation with another mail transfer agent.

Abstract: Authorization of a file on a computer is provided for using a cryptographic hash of the file or other identifier to find one or more content ratings. Content ratings, coupled with source and publisher ratings, are used to evaluate the file against an authorization policy set up by a user, manufacturer, or corporate IT department. Files which are suspect due to low ratings are not authorized to run on the computer. Files for which little information can be found are left to the user to decide whether to authorize. Rating services provide aggregated content ratings based on editorial or user reviews, and index their searchable ratings based on cryptographic hashes of the files being evaluated. Rating services provide allow lists and exclude lists or may provide individual responses to queries containing cryptographic hashes of files.

Abstract: Email spam filtering is performed based on a combination of IP address and domain. When an email message is received, an IP address and a domain associated with the email message are determined. A cross product of the IP address (or portions of the IP address) and the domain (or portions of the domain) is calculated. If the email message is known to be either spam or non-spam, then a spam score based on the known spam status is stored in association with each (IP address, domain) pair element of the cross product. If the spam status of the email message is not known, then the (IP address, domain) pair elements of the cross product are used to lookup previously determined spam scores. A combination of the previously determined spam scores is used to determine whether or not to treat the received email message as spam.

Abstract: Secure safe sender lists are described. In an implementation, a method includes determining which of a plurality of hierarchical levels corresponds to a message received via a network. Each of the hierarchical level is defined by mechanisms for identifying a sender of the message. The message is routed according to the corresponding one of the hierarchical levels.

Abstract: Disclosed are signature-based systems and methods that facilitate spam detection and prevention at least in part by calculating hash values for an incoming message and then determining a probability that the hash values indicate spam. In particular, the signatures generated for each incoming message can be compared to a database of both spam and good signatures. A count of the number of matches can be divided by a denominator value. The denominator value can be an overall volume of messages sent to the system per signature for example. The denominator value can be discounted to account for different treatments and timing of incoming messages. Furthermore, secure hashes can be generated by combining portions of multiple hashing components. A secure hash can be made from a combination of multiple hashing components or multiple combinations thereof. The signature based system can also be integrated with machine learning systems to optimize spam prevention.

Abstract: Disclosed are systems and methods that facilitate securing communication channels used in a challenge-response system to mitigate spammer intrusion or deception. The systems and methods make use of unique IDs that can be added to outbound messages originating from a sender, a recipient, and a third-party server. The IDs can be correlated according to the relevant parties. Thus, for example, a sender can add a signed ID to an outgoing message. A challenge sent back to the sender for that particular message can echo the same ID or a new ID derived from the original ID to allow a sender to verify that the challenge corresponds to an actual message. The IDs can include cookies as well to facilitate correlation of messages and to facilitate the retrieval of messages once a sender is determined to be legitimate.

Abstract: The present invention provides a unique system and method that facilitates incrementally updating spam filters in near real time or real time. Incremental updates can be generated in part by difference learning. Difference learning involves training a new spam filter based on new data and then looking for the differences between the new spam filter and the existing spam filter. Differences can be determined at least in part by comparing the absolute values of parameter changes (weight changes of a feature between the two filters). Other factors such as frequency of parameters can be employed as well. In addition, available updates with respect to particular features or messages can be looked up using one or more lookup tables or databases. When incremental and/or feature-specific updates are available, they can be downloaded such as by a client for example. Incremental updates can be automatically provided or can be provided by request according to client or server preferences.