Abstract: When a user account is in an alternate (fault) state, communication or sync between an application provider and a device or client application typically is interrupted. When parties do not support rich fault messaging, communication of the reason for the interruption and remediation steps has been impossible. An application server provides rich fault messaging using applications that do not provide explicit error messaging and protocols that do not provide explicit error messaging without changing either the application or the protocol by additional interactions between an identity provider and the application server. The application server uses authentication state information provided by the identity server to generate a notification sync event that appears to the application and the protocol to be a normal sync event. The notification sync event is used to provide the user with information needed to determine what the problem with the account is and how to fix it.

Abstract: The filtering of activities generated by nodes of a network while interacting with a device may be performed by evaluating the desirability of the activities (e.g., a spam or not-spam determination of email messages sent by the node) and assigning a trust rating to the node. However, nodes are often identified by network address, and an operator of a node sending undesirable activities may reassign the network address of the node in order to avoid heavy filtering. Instead, nodes may be identified as being controlled by a network entity (e.g., an autonomous system identified in a border gateway protocol routing table.) The network entity is assigned a network entity trust rating based on the trust ratings of the nodes controlled thereby, and an appropriate level of activity filtering based on the network entity trust rating may be selected for subsequent activities received from all nodes controlled by the network entity.

Abstract: A system and method of managing unsolicited email sent to an email system over a network. Email messages are received at an message at an inbound mail transfer agent. A determination is made as to whether the email message is suspected to be an unsolicited suspect message. One or more queries for additional information on one or more characteristics of the message is initiated. Determinations are made based on replies to the queries before issuing a message accepted for delivery indication to a sending server.

Abstract: A computer implemented method for filtering unwanted bulk email in an email system and providing a positive user experience is provided. The method enables protection of email users from unsolicited bulk email using user-provided data on user interactions at both a user storage level and a global level with an email system. Metadata on user interactions with messages is collected. Messages are received by the system and evaluated using a global filter which assigns a score resulting in a message action. The action may be message delivery, message non-delivery or message routing, based on a score assigned by the global filter. When the message is delivered to user storage, the message may be examined relative to the metadata, and may alter the message action to an action different than the message action resulting from the score. Metadata for a plurality of users is returned to the global filter for use in making filtering future messages and modifies the global filter.

Abstract: A computer implemented system and method to enable protection of email users from unsolicited bulk email using a message delivery delay based on characteristics detected in selected messages. Messages are evaluated for characteristics resembling unsolicited bulk email. A determination is made whether a message passing through the email system exhibits such characteristics and whether to delay the message. Suspect messages may be delayed for a period of time, the delay period being dependent on the characteristics giving rise to a determination to delay. Following the period, additional information received during the delay period characterizing the message is used to determine whether to dispose or deliver the message. Messages evaluated can be inbound to the email system, outbound to other email systems, or moving within the email system.

Abstract: When a user account is in an alternate (fault) state, communication or sync between an application provider and a device or client application typically is interrupted. When parties do not support rich fault messaging, communication of the reason for the interruption and remediation steps has been impossible. An application server provides rich fault messaging using applications that do not provide explicit error messaging and protocols that do not provide explicit error messaging without changing either the application or the protocol by additional interactions between an identity provider and the application server. The application server uses authentication state information provided by the identity server to generate a notification sync event that appears to the application and the protocol to be a normal sync event. The notification sync event is used to provide the user with information needed to determine what the problem with the account is and how to fix it.

Abstract: A method for providing an additional layer of authentication prior to accessing a user's account even though the user's credentials have previously been verified. User accounts are often accessed via a sign-in page that verifies the user's credentials. Upon detecting a device accessing the sign-in page, an identifier associated with the device is obtained. One such type of identifier is the IP address assigned to the device. Based on the identifier, it is determined whether the device is trusted or not. Even thought the user's credentials are verified via the sign-in page, if the device is not trusted, a second authentication page is presented to the user prior to proceeding to the account. The second authentication page presents at least one security question. The security question is based on information contained in the user's account (e.g., contact information, event information, electronic messages, etc.). The user is required to correctly answer the security question in order to access the account.

Abstract: Network entities controlling a set of nodes may vary by trustworthiness, such as tolerance for nodes that send spam, distribute malware, or perform denial-of-service attacks. A device receiving such activities may identify a trust rating of the network entity and apply appropriately stringent filtering (such as spam evaluation) to activities received from nodes controlled by the network entity. However, a poor trust rating of a network entity may subject a legitimate node controlled by the network entity to inefficiently or unfairly stringent activity filtering. Instead, the device may evaluate the activities of a particular node, assign a trust rating to the node, and if the trust rating of the node is higher than the trust rating of the network entity, apply less stringent activity filtering to the activities of the node, thereby “rescuing” the node from the more stringent activity filtering applied to the other nodes of the network entity.

Abstract: Methods for assisting email users manage email messages received in an email account. An event is triggered by an action performed by an email user with respect to an email message in an email account. The event identifies an entity associated with the email message (e.g., sender address, domain, keyword, etc.). A determination is made whether to assist the user manage their email based on a heuristic. The heuristic assigns weights based on prior events associated with the same entity to determine whether the user is interested in receiving emails from the sender. Based on the heuristics, the method may add the sender to the user's block-list or unsubscribe the user from a mailing list.

Abstract: In a distributed email system, user preferences respected more effectively by presenting messages marked for deletion to secondary messaging servers having access to user preferences. Messages marked for deletion by inbound servers are presented to secondary level servers having access to user white lists and the choice of whether to delete the suspect message is made by the secondary server.

Abstract: A computer implemented system and method to enable protection of email users from unsolicited bulk email using a message delivery delay based on characteristics detected in selected messages. Messages are evaluated for characteristics resembling unsolicited bulk email. A determination is made whether a message passing through the email system exhibits such characteristics and whether to delay the message. Suspect messages may be delayed for a period of time, the delay period being dependent on the characteristics giving rise to a determination to delay. Following the period, additional information received during the delay period characterizing the message is used to determine whether to dispose or deliver the message. Messages evaluated can be inbound to the email system, outbound to other email systems, or moving within the email system.

Abstract: A computer implemented method for filtering unwanted bulk email in an email system and providing a positive user experience is provided. The method enables protection of email users from unsolicited bulk email using user-provided data on user interactions at both a user storage level and a global level with an email system. Metadata on user interactions with messages is collected. Messages are received by the system and evaluated using a global filter which assigns a score resulting in a message action. The action may be message delivery, message non-delivery or message routing, based on a score assigned by the global filter. When the message is delivered to user storage, the message may be examined relative to the metadata, and may alter the message action to an action different than the message action resulting from the score. Metadata for a plurality of users is returned to the global filter for use in making filtering future messages and modifies the global filter.

Abstract: The filtering of activities generated by nodes of a network while interacting with a device may be performed by evaluating the desirability of the activities (e.g., a spam or not-spam determination of email messages sent by the node) and assigning a trust rating to the node. However, nodes are often identified by network address, and an operator of a node sending undesirable activities may reassign the network address of the node in order to avoid heavy filtering. Instead, nodes may be identified as being controlled by a network entity (e.g., an autonomous system identified in a border gateway protocol routing table.) The network entity is assigned a network entity trust rating based on the trust ratings of the nodes controlled thereby, and an appropriate level of activity filtering based on the network entity trust rating may be selected for subsequent activities received from all nodes controlled by the network entity.

Abstract: Network entities controlling a set of nodes may vary by trustworthiness, such as tolerance for nodes that send spam, distribute malware, or perform denial-of-service attacks. A device receiving such activities may identify a trust rating of the network entity and apply appropriately stringent filtering (such as spam evaluation) to activities received from nodes controlled by the network entity. However, a poor trust rating of a network entity may subject a legitimate node controlled by the network entity to inefficiently or unfairly stringent activity filtering. Instead, the device may evaluate the activities of a particular node, assign a trust rating to the node, and if the trust rating of the node is higher than the trust rating of the network entity, apply less stringent activity filtering to the activities of the node, thereby “rescuing” the node from the more stringent activity filtering applied to the other nodes of the network entity.

Abstract: A system and method of managing unsolicited email sent to an email system over a network. Email messages are received at an message at an inbound mail transfer agent. A determination is made as to whether the email message is suspected to be an unsolicited suspect message. One or more queries for additional information on one or more characteristics of the message is initiated. Determinations are made based on replies to the queries before issuing a message accepted for delivery indication to a sending server.

Abstract: Methods for assisting email users manage email messages received in an email account. An event is triggered by an action performed by an email user with respect to an email message in an email account. The event identifies an entity associated with the email message (e.g., sender address, domain, keyword, etc.). A determination is made whether to assist the user manage their email based on a heuristic. The heuristic assigns weights based on prior events associated with the same entity to determine whether the user is interested in receiving emails from the sender. Based on the heuristics, the method may add the sender to the user's block-list or unsubscribe the user from a mailing list.

Abstract: A method for providing an additional layer of authentication prior to accessing a user's account even though the user's credentials have previously been verified. User accounts are often accessed via a sign-in page that verifies the user's credentials. Upon detecting a device accessing the sign-in page, an identifier associated with the device is obtained. One such type of identifier is the IP address assigned to the device. Based on the identifier, it is determined whether the device is trusted or not. Even thought the user's credentials are verified via the sign-in page, if the device is not trusted, a second authentication page is presented to the user prior to proceeding to the account. The second authentication page presents at least one security question. The security question is based on information contained in the user's account (e.g., contact information, event information, electronic messages, etc.). The user is required to correctly answer the security question in order to access the account.

Abstract: In a distributed email system, user preferences respected more effectively by presenting messages marked for deletion to secondary messaging servers having access to user preferences. Messages marked for deletion by inbound servers are presented to secondary level servers having access to user white lists and the choice of whether to delete the suspect message is made by the secondary server.

Abstract: A method for throttling inbound email messages in an enterprise email system including a plurality of inbound mail servers and at least one management server is provided. Policies defining message event limits for each unique sender are applied to messaging events from the unique sender at each inbound server. Feedback from each of the inbound mail servers to the management server is provided. When events from a unique sender exceed a threshold, as determined by the management server using the feedback, an alert is generated and a new, more restrictive policy for the unique sender is created. The more restrictive policy is broadcast the more restrictive policy to each of the inbound mail servers.

Abstract: Automatically determining the conformance of database server schema. Maintaining conformance of database schema helps manage and sustain database driven services and applications. Schema for a pair of randomly selected databases are generated and compared. A diffgram is generated from the difference of the database schema. An alarm message can then be sent to an alarm server with the differences of the comparable databases. A master schema dump can be compared to selected database servers within the database system concurrently with the comparable database pair schema processing. A diffgram is generated in response to the comparison between the selected database schema and the master schema.