Abstract: A self training set of robots are configured to proactively search for selective communication abuses over a network. Robots may enter a chat room to proactively send messages. The robots then analyze patterns and/or content of a received message for potential abuse. Robots may also passively reside on/off line without publishing their network address. If a message is received, the message may be interpreted to be SPAM/SPIM. Robots may also perform a variety of other actions, such as access websites, and analyze received messages to determine if the messages indicate abuse. If abuse is detected, information may also be obtained to enable blocking or filtering of future messages from the sender, or access to/from an abusive website. The information also may be used to retrain robots, so that the robots may learn from and share their collective knowledge of abusive actions.

Abstract: A network device and method are directed towards detecting and blocking spam within a message by rapidly performing a predication analysis based on early received sender reputation reports. Reputation reports may be received from a plurality of users receiving messages that they interpret as either spam or non-spam. A reputation report rate prediction table is employed to predict the total number of user reports that will occur. The total number of spam reports and not spam (ham) reports for may then be used with a sender categorization model to rapidly predict whether the sender is likely to be a spammer. If the sender is determined to be a spammer, various preventative actions may be taken, including, but not limited to blocking messages from the sender to users, alerting third party filter generators of the spammer, or the like.

Abstract: The invention is directed to a system and method for determining if a “spam” message is originating from a messaging account by challenging a particular client's outbound email usage with a test that requires verification of content that is easily understood by a human being, not an automated computer program such as those used by “spammers.” If a limit on the number of recipients for outbound messages has been exceeded, a test is presented the next time a client attempts to send a message. The client must successfully answer the test within a relatively short period of time or else the ability to send messages will be disabled. Once disabled, the client can reinstate the ability to send messages by contacting a representative of the message system out of band, e.g., a telephone call to confirm legitimate outbound email use.

Abstract: A network device and method are directed towards detecting and blocking spam within a message by rapidly performing a predication analysis based on early received sender reputation reports. Reputation reports may be received from a plurality of users receiving messages that they interpret as either spam or non-spam. A reputation report rate prediction table is employed to predict the total number of user reports that will occur. The total number of spam reports and not spam (ham) reports for may then be used with a sender categorization model to rapidly predict whether the sender is likely to be a spammer. If the sender is determined to be a spammer, various preventative actions may be taken, including, but not limited to blocking messages from the sender to users, alerting third party filter generators of the spammer, or the like.

Abstract: Method, apparatus, and systems are directed to phishing detection and prevention in Instant Messaging (IM) environments. A variety of sources provide phishing data to a client phishing engine (CAE). The CAE may receive data from various applications local to the client device, from sources external to the client device, user input, and data from a plurality of other client devices. The CAE may employ the data to block access to a site and/or provide a warning message. At least some of the phishing data is provided to a centralized anti-phishing server (CAS) from a plurality of client devices. The CAS then attempts to use the received phishing data to search for the originator of the phishing site, and prevent future messages associated with the site. CAS will provide information about the detected phishing sites to a filtering application, such that the phishing site may be appropriately blocked.

Abstract: A self training set of robots are configured to proactively search for selective communication abuses over a network. Robots may enter a chat room to proactively send messages. The robots then analyze patterns and/or content of a received message for potential abuse. Robots may also passively reside on/off line without publishing their network address. If a message is received, the message may be interpreted to be SPAM/SPIM. Robots may also perform a variety of other actions, such as access websites, and analyze received messages to determine if the messages indicate abuse. If abuse is detected, information may also be obtained to enable blocking or filtering of future messages from the sender, or access to/from an abusive website. The information also may be used to retrain robots, so that the robots may learn from and share their collective knowledge of abusive actions.

Abstract: A phishing detection agent is provided. In one embodiment, a user's browser includes a plug-in application or agent that may capture a visual record of a webpage and, with a cached copy of known, authentic websites provided to it via periodic updates, perform a series of image comparison functions to determine if the suspected website is attempting to deceive the user. The phishing detection agent is capable of performing an image recognition algorithm, such as logo recognition algorithm, optical character recognition, an image similarity algorithm, or combination of two or more of the above. If the suspected webpage corresponds to one of the authentic web pages, but the domain name of the suspected web page does not match the domain name of one of the authentic web pages, the suspected web page is flagged as a phishing web site.

Abstract: A method and system directed to the communication of the trust characteristics of electronic messages using visual and audio postmarks. The postmarks may represent a particular trust level on a continuum that can range from suspicious to trusted. A message system may determine the baseline trust level of a message and assign a postmark to the message. The postmark can communicate the trust level of the message to a user without requiring the message to be opened or read. In one embodiment of the invention the user can create rules and filters to classify messages by trust level.

Abstract: A method, apparatus, and system are directed towards providing a Disposable Email Address (DEA) that may be employed, in part, to manage email spam. The DEA may be generated based, in part, on an end-user profile, a keyword, and a domain address. The DEA may be distinguishable from a non-DEA by a selection of at least one preserved character, such as a dash. Moreover, the DEA may be discarded at some time later, without affecting an end-user's ‘permanent’ email address.

Abstract: The invention relates to determining electronic text communication distributed in bulk is likely solicited. In one step, a first electronic and a second electronic submission are received. It is determined that the first electronic submission is likely solicited. A first portion is extracted from the first electronic submission and a second portion from the second electronic submission. The content of the first electronic submission influences extraction of the first portion, and the content of the second electronic submission influences extraction of the second portion. A first code is determined for the first portion and a second code is determined for the second portion, where the first code is indicative of the first portion and the second code is indicative of the second portion. The first code is compared to the second code. It is determined that the second electronic submission is likely solicited, at least in part, in response to comparing the first code to the second code.

Abstract: A method, apparatus, and system are directed towards managing unsolicited email messages, and the like, in part, by providing segmentation of an email inbox. In one embodiment, the email inbox is segmented into segments associated with a message from a trusted, trusted email address, an untrusted email address, and a segment for a bulk email message, such as spam, and the like. A determination that the message is from a trusted email address may be made based, in part, on whether the email address is associated with one's address book, a degree of separation that may be determined based on an association with another's address book, whether the email address was a sent email address, and the like. By segmenting the email inbox, the invention minimizes a risk associated with incorrectly discarding a message from a desired, but untrusted source.

Abstract: The invention is directed to a system and method for determining if a “spam” message is originating from a messaging account by challenging a particular client's outbound email usage with a test that requires verification of content that is easily understood by a human being, not an automated computer program such as those used by “spammers.” If a limit on the number of recipients for outbound messages has been exceeded, a test is presented the next time a client attempts to send a message. The client must successfully answer the test within a relatively short period of time or else the ability to send messages will be disabled. Once disabled, the client can reinstate the ability to send messages by contacting a representative of the message system out of band, e.g., a telephone call to confirm legitimate outbound email use.