The Web    Google
A Pattern Language For Spam

A Pattern Language For Spam
September 14, 2004

Anti-spam vendor Commtouch said it has acquired a patent covering a method of identifying and eliminating spam.

William Cotten, a private inventor who was awarded the original patent (U.S. Patent No. 6,330,590) in 2001, was not using it in an anti-spam service.

The patent covers a system that monitors live e-mail, identifies certain characteristics of the e-mail message that appear in more than one e-mail, and blocks other e-mails with the same pattern.

Commtouch's own anti-spam services feature what it calls Recurrent Pattern Detection (RPD), a similar scheme. Commtouch also has a patent pending on its RPD technology.

"The patent we acquired covers some of the processes we are using today," said Avner Amram, Commtouch executive vice president. He said the company felt more comfortable owning the patent, and that this one seemed to be the earliest to cover analyzing patterns in e-mail. "Based on our understanding of other patents and prior art applications, this patent stood out as the earliest and most important patent in the field," he said.

He said Commtouch will begin offering licenses of the patent to other anti-spam companies; the starting date for the licensing push and the terms have not been decided.

Next week, Commtouch will announce Commtouch Enterprise Gateway 4.0, software that works with all enterprise-messaging platforms. Enhancements include quicker deployment -- the company claims it can be deployed in just 20 minutes -- and Lightweight Directory Access Protocol integration so that an administrator can provision individual users with different policies.

There also are differences in the way the new version handles quarantines. In version 3.5, suspect files were held within the user's e-mail client. Now, the quarantine folder resides within the gateway, so that administrators can easily view the files and change policies if necessary.

The RPD process begins on Commtouch's spam detention center, which receives millions of e-mails each hour. The software looks for recurrent patterns of the message, Lev said. "When we see lots of a recurrent pattern, we start to suspect it's spam." Because the software doesn't depend on text analysis or key words, he said, it's not fooled by, for example, randomly generated misspellings of terms like Viagra.

As e-mail comes into the gateway, the gateway attempts to figure out locally if it's spam. If it can't make that determination, the gateway generates a signature of the message and sends it to the detention center, which responds with a spam or not-spam designation. If a message is determined to be spam, the enterprise gateway can delete it, send it to quarantine or to user quarantine, as defined by the IT department.

"Because we analyze so much traffic in real time, we detect outbreaks in less than one minute," Lev said. "From the moment we have the classification in our data center, it's available to protect our customers."

The 13-year-old company Commtouch is headquartered in Netanya, Israel, with a subsidiary Commtouch based in Mountain View, Calif. Commtouch anti-spam technologies are incorporated in software applications of security and messaging OEMs , including Sybari Software and Blue Cat Networks.

According to Commtouch statistics, there are over 600,000 unique spam outbreaks each day, with each lasting about eight hours.

  • 2/28: Elitper-A Worm Uses MAPI
  • Exploring Windows 2003 Security: IP Security
  • 2/7: Traxg-C is a Mass-Mailing Worm
  • One in Three Companies Lack Disaster Recovery Strategy
  • NIKSUN offers a security camera for your network
  • 3/1: Bagle-BE Worm a 'Medium Risk Alert'
  • 3/8: Kelvir-D an IM Worm
  • Netsky-D Ranked as High Risk
  • CERT Issues Warning for OpenSSH Flaw
  • Virus Alert: Macro Virus Targets 2 Specific Dates
  • ISPs Band Together Against Spam
  • Security Camera Related Information