Abstract: Disclosed are systems and methods that facilitate securing communication channels used in a challenge-response system to mitigate spammer intrusion or deception. The systems and methods make use of unique IDs that can be added to outbound messages originating from a sender, a recipient, and a third-party server. The IDs can be correlated according to the relevant parties. Thus, for example, a sender can add a signed ID to an outgoing message. A challenge sent back to the sender for that particular message can echo the same ID or a new ID derived from the original ID to allow a sender to verify that the challenge corresponds to an actual message. The IDs can include cookies as well to facilitate correlation of messages and to facilitate the retrieval of messages once a sender is determined to be legitimate.

Abstract: Email spam filtering is performed based on a sender reputation and message features. When an email message is received, a preliminary spam determination is made based, at least in part, on a combination of a reputation associated with the sender of the email message and one or more features of the email message. If the preliminary spam determination indicates that the message is spam, then a secondary spam determination is made based on one or more features of the received email message. If both the preliminary and secondary spam determinations indicate that the received email message is likely spam, then the message is treated as spam.

Abstract: A system described herein includes a receiver component that receives a dataset that is stored in a computer-readable medium of a computing device, wherein the dataset includes a plurality of queries issued by users to a search engine and a plurality of search results selected by the users upon issuing the plurality of queries. A distribution determiner component determines click distributions over the search results selected by the users with respect to the plurality of queries. A labeler component labels at least two queries in the plurality of queries as being substantially similar to one another based at least in part upon the click distributions over the search results selected by the users with respect to the plurality of queries.

Abstract: The automatic search engine recommendation technique described herein automatically recommends topic-specific search engines for user queries. In one embodiment, it automatically matches each query submitted to a non-topic specific or general search engine with one or more vertical search engines using a recommendation model and a set of features. For a given query, one embodiment of the technique suggests vertical search engines and topic-specific search results along with the search results from the general search engine.

Abstract: Functionality is described for identifying a discussion topic based on user interest information. The user interest information may originate from one or more sources, such as the user's search-related behavior. The functionality then provides an opportunity for the user to engage in a communication exchange associated with the identified discussion topic.

Abstract: A unique ranking system and method that facilitates improving the ranking and ordering of objects to further enhance the quality, accuracy, and delivery of search results in response to a search query. The system and method involve monitoring and tracking an object in terms of the number of times it's been accessed and optionally by whom, when, for how long, and an access rate. The user's interaction with the object can be tracked as well. By tracking the objects, a popularity measure can be determined. Popularity based rankings can be computed based on the popularity measure or some function thereof. The popularity measure can be affected by the access time, who accessed it, access duration or the user's interaction with the object upon access. The popularity based rankings can be utilized by a search component to improve the quality and retrieval of search results.

Abstract: A system described herein includes analyzer component that analyzes queries submitted by users and corresponding URLs selected by the users, wherein the queries include a first query and a second query, and wherein the analyzer component determines that the first query and the second query are substantially similar queries. The system additionally includes a correlator component that, responsive to the analyzer component determining that the first query and the second query are substantially similar, generates correlation data that indicates that the first and second queries are substantially similar.

Abstract: The subject invention provides for a system and method that facilitates detecting and preventing spam in a variety of networked communication environments. In particular, the invention provides several techniques for monitoring outgoing communications to identify potential spammers. Identification of potential spammers can be accomplished at least in part by a detection component that monitors per sender at least one of volume of outgoing messages, volume of recipients, and/or rate of outgoing messages. In addition, outgoing messages can be scored based at least in part on their content. The scores can be added per message per sender and if the total score(s) per message or per sender exceeds some threshold, then further action can be taken to verify whether the potential spammer is a spammer. Such actions include human-inspecting a sample of the messages, sending challenges to the account, sending a legal notice to warn potential spammers and/or shutting down the account.

Abstract: Architecture for detecting and removing obfuscating clutter from the subject and/or body of a message, e.g., e-mail, prior to filtering of the message, to identify junk messages commonly referred to as spam. The technique utilizes the powerful features built into an HTML rendering engine to strip the HTML instructions for all non-substantive aspects of the message. Pre-processing includes pre-rendering of the message into a final format, which final format is that which is displayed by the rendering engine to the user. The final format message is then converted to a text-only format to remove graphics, color, non-text decoration, and spacing that cannot be rendered as ASCII-style or Unicode-style characters. The result is essentially to reduce each message to its common denominator essentials so that the junk mail filter can view each message on an equal basis.

Abstract: A component presents access to a recommended search provider via a user interface element. In an example embodiment, a device-implemented method for recommending a search provider includes acts of receiving, ascertaining, and modifying. A search query input is received. A recommended search provider is ascertained at least partially responsive to the search query input. A user interface is modified to indicate the recommended search provider.

Abstract: The present invention involves a system and method that facilitate extracting data from messages for spam filtering. The extracted data can be in the form of features, which can be employed in connection with machine learning systems to build improved filters. Data associated with origination information as well as other information embedded in the body of the message that allows a recipient of the message to contact and/or respond to the sender of the message can be extracted as features. The features, or a subset thereof, can be normalized and/or deobfuscated prior to being employed as features of the machine learning systems. The (deobfuscated) features can be employed to populate a plurality of feature lists that facilitate spam detection and prevention. Exemplary features include an email address, an IP address, a URL, an embedded image pointing to a URL, and/or portions thereof.

Abstract: The present invention provides a unique system and method that facilitates incrementally updating spam filters in near real time or real time. Incremental updates can be generated in part by difference learning. Difference learning involves training a new spam filter based on new data and then looking for the differences between the new spam filter and the existing spam filter. Differences can be determined at least in part by comparing the absolute values of parameter changes (weight changes of a feature between the two filters). Other factors such as frequency of parameters can be employed as well. In addition, available updates with respect to particular features or messages can be looked up using one or more lookup tables or databases. When incremental and/or feature-specific updates are available, they can be downloaded such as by a client for example. Incremental updates can be automatically provided or can be provided by request according to client or server preferences.

Abstract: Methods and systems are disclosed for learning a regression decision graph model using a Bayesian model selection approach. In a disclosed aspect, the model structure and/or model parameters can be learned using a greedy search algorithm applied to grow the model so long as the model improves. This approach enables construction of a decision graph having a model structure that includes a plurality of leaves, at least one of which includes a non-trivial linear regression. The resulting model thus can be employed for forecasting, such as for time series data, which can include single or multi-step forecasting.

Abstract: The present invention relates to a system and methodology to facilitate automated error correction of user input data via an analysis of the input data in accordance with an automatically generated and filtered database of processed structural groupings or formulations selected and filtered from past user activities. The filtered database provides a relevant foundation of potential phrases, topics, symbols, speech and/or colloquial structures of interest to users—which are automatically determined from previous user activity, and employed to facilitate automated error checking in accordance with the user's current input, command and/or request for information.

Abstract: Disclosed are signature-based systems and methods that facilitate spam detection and prevention at least in part by calculating hash values for an incoming message and then determining a probability that the hash values indicate spam. In particular, the signatures generated for each incoming message can be compared to a database of both spam and good signatures. A count of the number of matches can be divided by a denominator value. The denominator value can be an overall volume of messages sent to the system per signature for example. The denominator value can be discounted to account for different treatments and timing of incoming messages. Furthermore, secure hashes can be generated by combining portions of multiple hashing components. A secure hash can be made from a combination of multiple hashing components or multiple combinations thereof. The signature based system can also be integrated with machine learning systems to optimize spam prevention.

Abstract: The invention relates to a system for filtering messages—the system includes a seed filter having associated therewith a false positive rate and a false negative rate. A new filter is also provided for filtering the messages, the new filter is evaluated according to the false positive rate and the false negative rate of the seed filter, the data used to determine the false positive rate and the false negative rate of the seed filter are utilized to determine a new false positive rate and a new false negative rate of the new filter as a function of threshold. The new filter is employed in lieu of the seed filter if a threshold exists for the new filter such that the new false positive rate and new false negative rate are together considered better than the false positive and the false negative rate of the seed filter.

Abstract: Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.

Abstract: Secure safe sender lists are described. In an implementation, a method includes determining which of a plurality of hierarchical levels corresponds to a message received via a network. Each of the hierarchical level is defined by mechanisms for identifying a sender of the message. The message is routed according to the corresponding one of the hierarchical levels.

Abstract: Techniques for protecting personally identifiable information are described. In an implementation, a method is described which includes analyzing heuristics which correspond to a communication to determine a likelihood that the communication relates to a fraudulent attempt to obtain personally identifiable information. A determination is made based on the determined likelihood of whether to perform one or more actions in conjunction with the communication.

Abstract: Secure safe sender lists are described. In an implementation, a method includes examining a message received from a sender via a network to determine which identifying mechanisms are available for verifying an identity of the sender. When one or more available identifying mechanisms are deemed sufficient to verify the identity, a description of the identity and a description of the one or more said available identifying mechanisms are added to a safe senders list.