Sender MTA Reputation Analysis
Definition
Characterizing the reputation of mail transfer agents (MTA) to determine the security risk in emails.
How it works
The sender message transfer agent (MTA) trust rating can be considered an indicator of the level of security risk and/or a trust level associated with sender MTAs in an email header.
The features considered in determining the trust rating may include:
- Length of time MTA has interacted with the enterprise
- Number of sender domains sending emails from the MTA
- Number of recipients in the enterprise the MTA sends emails to
- Number of emails received from this MTA
- Number of email replies received from this MTA
For example, higher values for the length of time an MTA has interacted with the enterprise, or number of emails received from an MTA can result in a higher trust rating. The trust rating categorizes the sender MTA as unrated, neutral, trusted, suspicious, or malicious.
Considerations
Legitimate emails from a sender MTA may receive a lower trust rating over time if the sender's domain gets spoofed and is used to send unauthorized emails.
References
The following references were used to develop the Sender MTA Reputation Analysis knowledge-base article.
(Note: the consideration of references does not imply specific functionality exists in an offering.)
Systems and methods for detecting and/or handling targeted attacks in the email channel
MITRE Comments
The patent describes using sender trust rating and sender MTA trust rating as an indicator of level of email security risk.
Sender Reputation explanation
This patent includes Sender Reputation because it describes sender trust rating being used as an indicator of the level of security risk and/or trust level associated with an email sender. The sender trust rating may be determined based on one or more of:
- length of time sender has known the enterprise
- number of recipients in the enterprise the sender interacts with
- sender vs. enterprise originated message ratio
- sender messages open vs. not-open ratio
- number of emails received from this sender
- number of emails replied for this sender
- number of emails from this sender not opened
- number of emails from this sender not opened that contain an attachment
- number of emails from this sender not opened that contain a URL
- number of emails sent to this sender
- number of email replies received from this sender
Based on the trust rating an alert is generated identifying the incoming email message as a security risk.
Sender MTA Reputation explanation
This patent includes Sender MTA Reputation because it describes sender MTA trust rating as an indicator of the level of security risk and/or trust level associated with a sender MTA. The trust rating may be determined based on one or more of:
- length of time MTA has interacted with the enterprise
- number of sender domains sending emails from the MTA
- number of recipients in the enterprise the MTA sends emails to
- number of emails received from this MTA
- number of email replies received from this MTA
Based on the trust rating an alert is generated identifying the incoming email message as a security risk.