Abstract: A method and apparatus are described for user protection from external e-mail attack. Some embodiments pertain to receiving a first e-mail at an e-mail client, receiving a detection of a suspicious element in the first e-mail from a detection system, flagging the first e-mail as suspicious with a first flag and a first warning level in response to receiving the detection, flagging a second e-mail with a second flag and a second warning level, displaying the first and second flags with explanatory text in a mailbox view of the e-mail client without opening the first and second e-mail for display to the user, the suspicious element not being selectable in the mailbox view, and sorting the first and the second e-mail with other e-mails of the mailbox view based on the flag warning levels.

Abstract: Polymorphic encryption is described in a way to restrict access and enhance security of a data vault. In an example, the data vault has a primary partition with a first subset of records having an encrypted value for each of at least a portion of the fields encrypted according to a first encryption scheme. A secondary partition has a second subset of the records encrypted according to a second encryption scheme that is different from the first encryption scheme. The first encryption scheme is configured to permit a first set of operations on the values when the values are encrypted and the second encryption scheme is configured to permit a second set of operations on the values when the values are encrypted.

Abstract: External messaging attacks are detected using trust relationships. A profile is built for each target within an organization using extracted header data from multiple prior messages. Trust scores are derived for each sender of a message for each target profile, each trust score is derived from a degree and a quantity of communication between the respective sender and the target in the extracted header data. Incoming messages are received and a target and a sender of each incoming message is determined. A trust score is retrieved for the sender from the profile of the target for each incoming message, labels are generated for each of incoming message based on the respective trust score, and the respective label is applied to be visible to the target in association with the message for each respective message.

Abstract: External messaging attacks are detected using trust relationships. A profile is built for each target within an organization using extracted header data from multiple prior messages. Trust scores are derived for each sender of a message for each target profile, each trust score is derived from a degree and a quantity of communication between the respective sender and the target in the extracted header data. Incoming messages are received and a target and a sender of each incoming message is determined. A trust score is retrieved for the sender from the profile of the target for each incoming message, labels are generated for each of incoming message based on the respective trust score, and the respective label is applied to be visible to the target in association with the message for each respective message.

Abstract: A method and apparatus are described for user protection from external e-mail attack. Some embodiments pertain to receiving a first e-mail at an e-mail client, receiving a detection of a suspicious element in the first e-mail from a detection system, flagging the first e-mail as suspicious with a first flag and a first warning level in response to receiving the detection, flagging a second e-mail with a second flag and a second warning level, displaying the first and second flags with explanatory text in a mailbox view of the e-mail client without opening the first and second e-mail for display to the user, the suspicious element not being selectable in the mailbox view, and sorting the first and the second e-mail with other e-mails of the mailbox view based on the flag warning levels.

Abstract: A method and apparatus are described for user protection from external e-mail attack. Some embodiments pertain to receiving an e-mail, detecting a suspicious element in the e-mail, disabling the suspicious element of the e-mail, flagging the suspicious element of the e-mail, displaying the e-mail in an e-mail user interface with the disabled element and the flag, receiving a user command to enable the disabled element of the displayed e-mail, and enabling the disabled element.

Abstract: A method and apparatus are described for user protection from external e-mail attack. Some embodiments pertain to receiving an e-mail, detecting a suspicious element in the e-mail, disabling the suspicious element of the e-mail, flagging the suspicious element of the e-mail, displaying the e-mail in an e-mail user interface with the disabled element and the flag, receiving a user command to enable the disabled element of the displayed e-mail, and enabling the disabled element.

Abstract: Methods and systems are described for shared data sets with user-specific changes in an on-line services environment. In one embodiment, a method includes, receiving a request for data stored in a shared database from a user, identifying the requesting user, retrieving the requested data from the shared database, determining whether there are user-specific changes for the retrieved data, changing the retrieved data using the user-specific changes, and supplying the requested data to the user.

Abstract: A user-extensible common schema is described in the context of a shared database. In one example, an apparatus includes a shared database organized around a common schema. First and second applications provides access to the shared database using the common schema, the first and second applications having first and second schema extensions having first and second sets of additional objects, defined by the first and second applications, respectively. The first and second applications present views of and operations on the shared database that are extended by the respective schema extension.

Abstract: Methods and systems are described for shared data sets combined with purchased data sets in an on-line services environment. In one embodiment, a method includes, identifying a user, associating the user with data in a shared database, and receiving a purchased dataset from the identified user. The method further includes adding the purchased dataset to a delta table associated with the shared database based on determined record relationships and field relationship, and providing access to the purchased dataset to the user through requests for data in the shared database.

Abstract: Methods and systems are described for shared data sets in an on-line services environment. In one embodiment, a method includes, receiving a request for data stored in a shared database from a user, identifying the requesting user, retrieving the requested data from the shared database, determining whether there are user-specific changes for the retrieved data, changing the retrieved data using the user-specific changes, and supplying the requested data to the user.