Abstract: Described is a technology by which phishing-related data sources are processed into aggregated data and a given site evaluated the aggregated data using a predictive model to automatically determine whether the given site is likely to be a phishing site. The predictive model may be built using machine learning based on training data, e.g., including known phishing sites and/or known non-phishing sites. To determine whether an object corresponding to a site is likely a phishing-related object are described, various criteria are evaluated, including one or more features of the object when evaluated. The determination is output in some way, e.g., made available to a reputation service, used to block access to a site or warn a user before allowing access, and/or used to assist a hand grader in being more efficient in evaluating sites.

Abstract: Embodiments of proofs to filter spam are presented herein. Proofs are utilized to indicate a sender used a set amount of computer resources in sending a message in order to demonstrate the sender is not a “spammer”. Varying the complexity of the proofs, or the level of resources used to send the message, will indicate to the recipient the relative likelihood the message is spam. Higher resource usage indicates that the message may not be spam, while lower resource usage increases the likelihood a message is spam. Also, if the recipient requires a higher level of proof than received, the receiver may request the sender send additional proof to verify the message is not spam.

Abstract: Identification of email forwarders is described. In an implementation, a method includes using heuristics to identify email forwarders for use in a reputation system for locating spammers. In another implementation, a method includes determining a likelihood that a particular Internet Protocol (IP) address corresponds to an email forwarder and processing email originating from the particular IP address based on the determined likelihood. In a further implementation, a method includes collecting heuristic data that describes characteristics of emails sent from one or more Internet Protocol (IP) addresses and constructing a model from the heuristic data for identifying whether at least one of the IP address is an email forwarder. In yet a further implementation, a method includes identifying that a particular Internet Protocol (IP) address likely corresponds to an email forwarder and processing email from the particular IP address based on an implied sender of the email.

Abstract: Disclosed are systems and methods that facilitate securing communication channels used in a challenge-response system to mitigate spammer intrusion or deception. The systems and methods make use of unique IDs that can be added to outbound messages originating from a sender, a recipient, and a third-party server. The IDs can be correlated according to the relevant parties. Thus, for example, a sender can add a signed ID to an outgoing message. A challenge sent back to the sender for that particular message can echo the same ID or a new ID derived from the original ID to allow a sender to verify that the challenge corresponds to an actual message. The IDs can include cookies as well to facilitate correlation of messages and to facilitate the retrieval of messages once a sender is determined to be legitimate.

Abstract: Techniques for protecting personally identifiable information are described. In an implementation, a method is described which includes analyzing heuristics which correspond to a communication to determine a likelihood that the communication relates to a fraudulent attempt to obtain personally identifiable information. A determination is made based on the determined likelihood of whether to perform one or more actions in conjunction with the communication.

Abstract: Described is a technology by which phishing-related data sources are processed into aggregated data and a given site evaluated the aggregated data using a predictive model to automatically determine whether the given site is likely to be a phishing site. The predictive model may be built using machine learning based on training data, e.g., including known phishing sites and/or known non-phishing sites. To determine whether an object corresponding to a site is likely a phishing-related object are described, various criteria are evaluated, including one or more features of the object when evaluated. The determination is output in some way, e.g., made available to a reputation service, used to block access to a site or warn a user before allowing access, and/or used to assist a hand grader in being more efficient in evaluating sites.

Abstract: Embodiment of proofs to filter spam are presented herein.

Abstract: Techniques for protecting personally identifiable information are described. In an implementation, a method is described which includes analyzing heuristics which correspond to a communication to determine a likelihood that the communication relates to a fraudulent attempt to obtain personally identifiable information. A determination is made based on the determined likelihood of whether to perform one or more actions in conjunction with the communication.

Abstract: Disclosed are systems and methods that facilitate securing communication channels used in a challenge-response system to mitigate spammer intrusion or deception. The systems and methods make use of unique IDs that can be added to outbound messages originating from a sender, a recipient, and a third-party server. The IDs can be correlated according to the relevant parties. Thus, for example, a sender can add a signed ID to an outgoing message. A challenge sent back to the sender for that particular message can echo the same ID or a new ID derived from the original ID to allow a sender to verify that the challenge corresponds to an actual message. The IDs can include cookies as well to facilitate correlation of messages and to facilitate the retrieval of messages once a sender is determined to be legitimate.