Abstract: The invention provides for at least three processes for detecting the probability of abusive use of a message account for sending large amounts of unsolicited messages, such as spam, to other message accounts. For example, information provided at registration for a new message account can be processed to determine the likelihood of abusive use of that message account. Also, inbound messages can be processed to determine if the message account that sent the inbound message is abusing the use of that message account. Additionally, outbound messages can be processed to determine if the message account that is attempting to send an outbound message is abusing the use of that message account. Each of these three processes can operate separately or in any combination with each other to further improve the probability that abusive use of a message account will be detected promptly and accurately.

Abstract: The invention provides for at least three processes for detecting the probability of abusive use of a message account for sending large amounts of unsolicited messages, such as spam, to other message accounts. For example, information provided at registration for a new message account can be processed to determine the likelihood of abusive use of that message account. Also, inbound messages can be processed to determine if the message account that sent the inbound message is abusing the use of that message account. Additionally, outbound messages can be processed to determine if the message account that is attempting to send an outbound message is abusing the use of that message account. Each of these three processes can operate separately or in any combination with each other to further improve the probability that abusive use of a message account will be detected promptly and accurately.

Abstract: The invention provides for at least three processes for detecting the probability of abusive use of a message account for sending large amounts of unsolicited messages, such as spam, to other message accounts. For example, information provided at registration for a new message account can be processed to determine the likelihood of abusive use of that message account. Also, inbound messages can be processed to determine if the message account that sent the inbound message is abusing the use of that message account. Additionally, outbound messages can be processed to determine if the message account that is attempting to send an outbound message is abusing the use of that message account. Each of these three processes can operate separately or in any combination with each other to further improve the probability that abusive use of a message account will be detected promptly and accurately.

Abstract: Embodiments are directed towards identifying auto-folder tags for messages by using a combinational optimization approach of bi-clustering folder names and features of messages based on relationship strengths. The combinational optimization approach of bi-clustering, generally, groups a plurality of folder names and a plurality of features into one or more metafolders to optimize a cost. The cost is based on an aggregate of cut relationship strengths, where a cut results when a relationship folder name and feature are grouped in separate metafolders. Furthermore, the plurality of folder names and the plurality of features are obtained by monitoring actions of a plurality of users, where the folder names are user generated folder names and features are from a plurality of messages. The metafolders may be used to tag new user messages with an auto-folder tag.

Abstract: Embodiments are directed towards detecting and reporting use by a domain of a message authentication mechanism, such as DomainKeys (DK), and/or DomainKeys Identified Mail (DKIM), and enabling subsequent blocking of messages based, in part, on its usage. When a message is received by an inbound message server, a message source is determined for the message. In one embodiment, the message source is a domain name associated with the sender of the message. Statistics are recorded about the message, including the message source, whether the message is suspect, includes a forged source identifier, employs DK/DKIM message authentication, and the like. The reports may then be sent to various message sources to enable them to determine the extent of use of DK/DKIM message authentication, and to selectively block, re-direct, or forward the messages based, in part, on the use of DK/DKIM message authentication mechanism.

Abstract: Embodiments are directed towards classifying messages as spam using a two phased approach. The first phase employs a statistical classifier to classify messages based on message content. The second phase targets specific message types to capture dynamic characteristics of the messages and identify spam messages using a token frequency based approach. A client component receives messages and sends them to the statistical classifier, which determines a probability that a message belongs to a particular type of class. The statistical classifier further provides other information about a message, including, a token list, and token thresholds. The message class, token list, and thresholds are provided to the second phase where a number of spam tokens in a given message for a given message class are determined. Based on the threshold, the client component then determines whether the message is spam or non-spam.

Abstract: Embodiments are directed towards identifying auto-folder tags for messages by using a combinational optimization approach of bi-clustering folder names and features of messages based on relationship strengths. The combinational optimization approach of bi-clustering, generally, groups a plurality of folder names and a plurality of features into one or more metafolders to optimize a cost. The cost is based on an aggregate of cut relationship strengths, where a cut results when a relationship folder name and feature are grouped in separate metafolders. Furthermore, the plurality of folder names and the plurality of features are obtained by monitoring actions of a plurality of users, where the folder names are user generated folder names and features are from a plurality of messages. The metafolders may be used to tag new user messages with an auto-folder tag.

Abstract: Disclosed are apparatus and methods for annotating an electronic mail message and processing the annotated electronic mail message. More particularly, an electronic mail message may be generated and annotated such that the electronic mail message includes metadata identifying data provided in the electronic mail message. The electronic mail message may then be transmitted. When the annotated electronic mail message is received, at least a portion of the metadata may be obtained from the electronic mail message. At least a portion of the data in the electronic mail message may be identified using at least a portion of the metadata. At least a portion of the identified data in the electronic mail message may then be processed.

Abstract: Embodiments are directed towards detecting and reporting use by a domain of a message authentication mechanism, such as DomainKeys (DK), and/or DomainKeys Identified Mail (DKIM), and enabling subsequent blocking of messages based, in part, on its usage. When a message is received by an inbound message server, a message source is determined for the message. In one embodiment, the message source is a domain name associated with the sender of the message. Statistics are recorded about the message, including the message source, whether the message is suspect, includes a forged source identifier, employs DK/DKIM message authentication, and the like. The reports may ten be sent to various message sources to enable them to determine the extent of use of DK/DKIM message authentication, and to selectively block, re-direct, or forward the messages based, in part, on the use of DK/DKIM message authentication mechanism.

Abstract: Embodiments are directed towards classifying messages as spam using a two phased approach. The first phase employs a statistical classifier to classify messages based on message content. The second phase targets specific message types to capture dynamic characteristics of the messages and identify spam messages using a token frequency based approach. A client component receives messages and sends them to the statistical classifier, which determines a probability that a message belongs to a particular type of class. The statistical classifier further provides other information about a message, including, a token list, and token thresholds. The message class, token list, and thresholds are provided to the second phase where a number of spam tokens in a given message for a given message class are determined. Based on the threshold, the client component then determines whether the message is spam or non-spam.

Abstract: The invention provides for at least three processes for detecting the probability of abusive use of a message account for sending large amounts of unsolicited messages, such as spam, to other message accounts. For example, information provided at registration for a new message account can be processed to determine the likelihood of abusive use of that message account. Also, inbound messages can be processed to determine if the message account that sent the inbound message is abusing the use of that message account. Additionally, outbound messages can be processed to determine if the message account that is attempting to send an outbound message is abusing the use of that message account. Each of these three processes can operate separately or in any combination with each other to further improve the probability that abusive use of a message account will be detected promptly and accurately.

Abstract: The invention provides for at least three processes for detecting the probability of abusive use of a message account for sending large amounts of unsolicited messages, such as spam, to other message accounts. For example, information provided at registration for a new message account can be processed to determine the likelihood of abusive use of that message account. Also, inbound messages can be processed to determine if the message account that sent the inbound message is abusing the use of that message account. Additionally, outbound messages can be processed to determine if the message account that is attempting to send an outbound message is abusing the use of that message account. Each of these three processes can operate separately or in any combination with each other to further improve the probability that abusive use of a message account will be detected promptly and accurately.

Abstract: The invention provides for at least three processes for detecting the probability of abusive use of a message account for sending large amounts of unsolicited messages, such as spam, to other message accounts. For example, information provided at registration for a new message account can be processed to determine the likelihood of abusive use of that message account. Also, inbound messages can be processed to determine if the message account that sent the inbound message is abusing the use of that message account. Additionally, outbound messages can be processed to determine if the message account that is attempting to send an outbound message is abusing the use of that message account. Each of these three processes can operate separately or in any combination with each other to further improve the probability that abusive use of a message account will be detected promptly and accurately.

Abstract: Embodiments are directed towards detecting and reporting use by a domain of a message authentication mechanism, such as DomainKeys (DK), and/or DomainKeys Identified Mail (DKIM), and enabling subsequent blocking of messages based, in part, on its usage. When a message is received by an inbound message server, a message source is determined for the message. In one embodiment, the message source is a domain name associated with the sender of the message. Statistics are recorded about the message, including the message source, whether the message is suspect, includes a forged source identifier, employs DK/DKIM message authentication, and the like. The reports may ten be sent to various message sources to enable them to determine the extent of use of DK/DKIM message authentication, and to selectively block, re-direct, or forward the messages based, in part, on the use of DK/DKIM message authentication mechanism.

Abstract: Embodiments are directed towards detecting and reporting use by a domain of a message authentication mechanism, such as DomainKeys (DK), and/or DomainKeys Identified Mail (DKIM), and enabling subsequent blocking of messages based, in part, on its usage. When a message is received by an inbound message server, a message source is determined for the message. In one embodiment, the message source is a domain name associated with the sender of the message. Statistics are recorded about the message, including the message source, whether the message is suspect, includes a forged source identifier, employs DK/DKIM message authentication, and the like. The reports may then be sent to various message sources to enable them to determine the extent of use of DK/DKIM message authentication, and to selectively block, re-direct, or forward the messages based, in part, on the use of DK/DKIM message authentication mechanism.