摘要 |
Methods and systems for detecting suspicious traffic patterns in electronic communications are provided. According to one embodiment, an electronic mail (email) message is received by a mail filter (milter), which evaluates a traffic pattern represented by the email message by scanning information associated with the email message and comparing it to information associated with one or more traffic analysis profiles. If the email message is identified by the milter as being inconsistent with normal email traffic patterns as represented by the one or more traffic analysis profiles, then the milter causes the email message to be handled in accordance with an email security policy associated with suspicious traffic patterns. For example, in the context of an outbound message, the originator may be alerted to a factor contributing to the identification and the originator may be provided with an opportunity to address the factor.
|