Sender Reputation Analysis
Definition
Ascertaining sender reputation based on information associated with a message (e.g. email/instant messaging).
How it works
Sender trust rating can be considered an indicator of the level of security risk and/or a trust level associated with a sender. The features considered in determining the trust rating include:
- Length of time sender has sent emails to the enterprise
- Number of recipients in the enterprise the sender interacts with
- Sender vs. enterprise originated message ratio
- Sender messages opened vs. not-opened ratio
- Number of emails received from this sender
- Number of emails replied to this sender
- Number of emails from this sender not opened
- Number of emails from this sender not opened that contain an attachment
- Number of emails from this sender not opened that contain a URL
- Number of emails sent to this sender
- Number of email replies received from this sender.
Higher values for the number of recipients the sender has interacted with or the number of emails received from the sender, for example, results in a higher trust rating. The trust rating can categorize the sender as unrated, neutral, trusted, suspicious, or malicious.
Considerations
Legitimate emails from a sender may receive a lower trust rating over time if the sender's domain gets spoofed and is used to send unauthorized emails.
References
The following references were used to develop the Sender Reputation Analysis knowledge-base article.
(Note: the consideration of references does not imply specific functionality exists in an offering.)
Systems and methods for detecting and/or handling targeted attacks in the email channel
MITRE Comments
The patent describes using sender trust rating and sender MTA trust rating as an indicator of level of email security risk.
Sender Reputation explanation
This patent includes Sender Reputation because it describes sender trust rating being used as an indicator of the level of security risk and/or trust level associated with an email sender. The sender trust rating may be determined based on one or more of:
- length of time sender has known the enterprise
- number of recipients in the enterprise the sender interacts with
- sender vs. enterprise originated message ratio
- sender messages open vs. not-open ratio
- number of emails received from this sender
- number of emails replied for this sender
- number of emails from this sender not opened
- number of emails from this sender not opened that contain an attachment
- number of emails from this sender not opened that contain a URL
- number of emails sent to this sender
- number of email replies received from this sender
Based on the trust rating an alert is generated identifying the incoming email message as a security risk.
Sender MTA Reputation explanation
This patent includes Sender MTA Reputation because it describes sender MTA trust rating as an indicator of the level of security risk and/or trust level associated with a sender MTA. The trust rating may be determined based on one or more of:
- length of time MTA has interacted with the enterprise
- number of sender domains sending emails from the MTA
- number of recipients in the enterprise the MTA sends emails to
- number of emails received from this MTA
- number of email replies received from this MTA
Based on the trust rating an alert is generated identifying the incoming email message as a security risk.