U.S. patent application number 14/425476 was filed with the patent office on 2015-09-10 for electronic mail monitoring.
This patent application is currently assigned to BIGLOBE Inc.. The applicant listed for this patent is BIGLOBE Inc.. Invention is credited to Rihito Kato.
Application Number | 20150256505 14/425476 |
Document ID | / |
Family ID | 50236871 |
Filed Date | 2015-09-10 |
United States Patent
Application |
20150256505 |
Kind Code |
A1 |
Kato; Rihito |
September 10, 2015 |
ELECTRONIC MAIL MONITORING
Abstract
An extraction section (102) extracts user identification
information and communication terminal identification information
from electronic mails acquired by an acquisition section (101).
Then, a calculation section (103) calculates a uniqueness number of
the communication terminal identification information for each of
the extracted user identification information. Then, a verification
section (104) judges whether the uniqueness number of communication
terminal identification information for each of the calculated user
identification information has exceeded a predetermined threshold.
Then, for each case, a notification section (105) performs
predetermined notification to a notification destination set up in
advance.
Inventors: |
Kato; Rihito; (Shinagawa-ku,
JP) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
BIGLOBE Inc. |
Tokyo |
|
JP |
|
|
Assignee: |
BIGLOBE Inc.
Tokyo
JP
|
Family ID: |
50236871 |
Appl. No.: |
14/425476 |
Filed: |
May 9, 2013 |
PCT Filed: |
May 9, 2013 |
PCT NO: |
PCT/JP2013/063010 |
371 Date: |
March 3, 2015 |
Current U.S.
Class: |
709/206 |
Current CPC
Class: |
H04L 67/306 20130101;
G06Q 10/107 20130101; H04L 67/22 20130101; H04L 63/1425 20130101;
H04L 51/24 20130101; H04L 51/34 20130101; H04L 51/20 20130101; H04L
51/12 20130101; H04L 63/1441 20130101 |
International
Class: |
H04L 12/58 20060101
H04L012/58 |
Foreign Application Data
Date |
Code |
Application Number |
Sep 4, 2012 |
JP |
2012-193748 |
Claims
1. An electronic mail monitoring apparatus comprising: an
acquisition section for acquiring electronic mails transmitted from
communication terminals; an extraction section for, from the
electronic mail acquired by the acquisition section, extracting
user identification information indicating a user having
transmitted the electronic mail and communication terminal
identification information imparted to the communication terminal
having transmitted the electronic mail; a calculation section for,
for each user identification information extracted by the
extraction section within a unit time, calculating a uniqueness
number of the communication terminal identification information; a
verification section for judging whether the uniqueness number of
communication terminal identification information for each of the
user identification information calculated by the calculation
section has exceeded a predetermined first threshold; and a
notification section for, when the verification section has judged
that the uniqueness number of communication terminal identification
information for each of the user identification information
calculated by the calculation section has exceeded the first
threshold, performing predetermined first notification to a
notification destination set up in advance.
2. The electronic mail monitoring apparatus according to claim 1,
wherein: when the verification section has judged that the
uniqueness number of communication terminal identification
information for each of the user identification information
calculated by the calculation section has exceeded the first
threshold, the calculation section calculates a uniqueness number
of countries or regions on the basis of the communication terminal
identification information for each user identification information
extracted by the extraction section within a unit time; the
verification section judges whether the uniqueness number of
countries or regions for each of the user identification
information calculated by the calculation section has exceeded a
predetermined second threshold; and the notification section does
not perform the first notification and, when the verification
section has judged that the uniqueness number of countries or
regions for each of the user identification information calculated
by the calculation section has exceeded the second threshold,
performs predetermined second notification to the notification
destination.
3. The electronic mail monitoring apparatus according to claim 2,
comprising a transmission control section for stopping transmission
of electronic mails having a transmission source equal to the user
identification information whose uniqueness number of the
communication terminal identification information has been judged
by the verification section as having exceeded the first threshold
or, alternatively, equal to the user identification information
whose uniqueness number of countries or regions has been judged by
the verification section as having exceeded the second
threshold.
4. The electronic mail monitoring apparatus according to claim 2,
wherein: the acquisition section acquires member identification
information of the user having transmitted the electronic mail,
from a transmission mail server connected to the electronic mail
monitoring apparatus; and the calculation section calculates the
uniqueness number of communication terminal identification
information or, alternatively, the uniqueness number of countries
or regions, for each of the member identification information.
5. An electronic mail monitoring apparatus comprising: an
acquisition section for acquiring electronic mails transmitted from
communication terminals; an extraction section for, from the
electronic mail acquired by the acquisition section, extracting
user identification information indicating a user having
transmitted the electronic mail and communication terminal
identification information imparted to the communication terminal
having transmitted the electronic mail; a calculation section for
calculating a uniqueness number of countries or regions
corresponding to the communication terminal identification
information for each user identification information extracted by
the extraction section within a unit time; a verification section
for judging whether the uniqueness number of countries or regions
for each of the user identification information calculated by the
calculation section has exceeded a predetermined second threshold;
and a notification section for, when the verification section has
judged that the uniqueness number of countries or regions for each
of the user identification information calculated by the
calculation section has exceeded the second threshold, performing
predetermined second notification to a notification destination set
up in advance.
6. The electronic mail monitoring apparatus according to any one of
claim 1, wherein the extraction section extracts an electronic mail
address or member identification information as the user
identification information and extracts an IP address as the
communication terminal identification information.
7. A transmission mail server comprising: an authentication section
for authenticating a user; a storage section for storing
authentication information used for the authentication; an
acquisition section for, when the authentication section has
succeeded in authentication of the user by using the authentication
information stored in the storage section, acquiring electronic
mails transmitted from communication terminals; an extraction
section for extracting user identification information indicating
the user having transmitted the electronic mail, from the
authentication information and then extracting communication
terminal identification information imparted to the communication
terminal having transmitted the electronic mail, from the
electronic mail acquired by the acquisition section or connection
processing with the communication terminal; a calculation section
for, for each user identification information extracted by the
extraction section within a unit time, calculating a uniqueness
number of the communication terminal identification information; a
verification section for judging whether the uniqueness number of
communication terminal identification information for each of the
user identification information calculated by the calculation
section has exceeded a predetermined first threshold; and a
notification section for, when the verification section has judged
that the uniqueness number of communication terminal identification
information for each of the user identification information
calculated by the calculation section has exceeded the first
threshold, performing predetermined first notification to a
notification destination set up in advance.
8. A transmission mail server comprising: an authentication section
for authenticating a user; a storage section for storing
authentication information used for the authentication; an
acquisition section for, when the authentication section has
succeeded in authentication of the user by using the authentication
information stored in the storage section, acquiring electronic
mails transmitted from communication terminals; an extraction
section for extracting user identification information indicating
the user having transmitted the electronic mail, from the
authentication information and then extracting communication
terminal identification information imparted to the communication
terminal having transmitted the electronic mail, from the
electronic mail acquired by the acquisition section or connection
processing with the communication terminal; a calculation section
for calculating a uniqueness number of countries or regions
corresponding to the communication terminal identification
information for each user identification information extracted by
the extraction section within a unit time; a verification section
for judging whether the uniqueness number of countries or regions
for each of the user identification information calculated by the
calculation section has exceeded a predetermined second threshold;
and a notification section for, when the verification section has
judged that the uniqueness number of countries or regions for each
of the user identification information calculated by the
calculation section has exceeded the second threshold, performing
predetermined second notification to a notification destination set
up in advance.
9. An electronic mail monitoring method of monitoring electronic
mails transmitted from communication terminals, performing: the
processing of acquiring electronic mails transmitted from the
communication terminals; the processing of, from the acquired
electronic mail, extracting user identification information
indicating a user having transmitted the electronic mail and
communication terminal identification information imparted to the
communication terminal having transmitted the electronic mail; the
processing of, for each of the user identification information
extracted within a unit time, calculating a uniqueness number of
the communication terminal identification information; the
processing of judging whether the uniqueness number of
communication terminal identification information for each of the
calculated user identification information has exceeded a
predetermined first threshold; and the processing of, when it has
been judged that the uniqueness number of communication terminal
identification information for each of the calculated user
identification information has exceeded the first threshold,
performing predetermined first notification to a notification
destination set up in advance.
10. An electronic mail monitoring method of monitoring electronic
mails transmitted from communication terminals, performing: the
processing of acquiring electronic mails transmitted from the
communication terminals; the processing of, from the acquired
electronic mail, extracting user identification information
indicating a user having transmitted the electronic mail and
communication terminal identification information imparted to the
communication terminal having transmitted the electronic mail; the
processing of calculating a uniqueness number of countries or
regions corresponding to the communication terminal identification
information for each user identification information extracted
within a unit time; the processing of judging whether the
uniqueness number of countries or regions for each of the
calculated user identification information has exceeded a
predetermined second threshold; and the processing of, when it has
been judged that the uniqueness number of countries or regions for
each of the calculated user identification information has exceeded
the second threshold, performing predetermined second notification
to a notification destination set up in advance.
11. A program for causing a computer to execute: the procedure of
acquiring electronic mails transmitted from communication
terminals; the procedure of, from the acquired electronic mail,
extracting user identification information indicating a user having
transmitted the electronic mail and communication terminal
identification information imparted to the communication terminal
having transmitted the electronic mail; the procedure of, for each
of the user identification information extracted within a unit
time, calculating a uniqueness number of the communication terminal
identification information; the procedure of judging whether the
uniqueness number of communication terminal identification
information for each of the calculated user identification
information has exceeded a predetermined first threshold; and the
procedure of, when it has been judged that the uniqueness number of
communication terminal identification information for each of the
calculated user identification information has exceeded the first
threshold, performing predetermined first notification to a
notification destination set up in advance.
12. A program for causing a computer to execute: the procedure of
acquiring electronic mails transmitted from communication
terminals; the procedure of, from the acquired electronic mail,
extracting user identification information indicating a user having
transmitted the electronic mail and communication terminal
identification information imparted to the communication terminal
having transmitted the electronic mail; the procedure of
calculating a uniqueness number of countries or regions
corresponding to the communication terminal identification
information for each user identification information extracted
within a unit time; the procedure of judging whether the uniqueness
number of countries or regions for each of the calculated user
identification information has exceeded a predetermined second
threshold; and the procedure of, when it has been judged that the
uniqueness number of countries or regions for each of the
calculated user identification information has exceeded the second
threshold, performing predetermined second notification to a
notification destination set up in advance.
Description
TECHNICAL FIELD
[0001] The present invention relates to an electronic mail
monitoring apparatus, a transmission mail server, an electronic
mail monitoring method, and a program for monitoring transmitted
electronic mails.
BACKGROUND ART
[0002] In recent years, the act of using an electronic mail address
of another person from an evil intention so as to spoof the person
of transmission (sending) of an electronic mail and thereby
transmitting so-called junk mails is causing problems. In many
cases, junk mails are transmitted in a large number. This causes a
possibility of occurrence of a busy state in the communication
line.
[0003] In order to reduce transmission of such junk mails, a
technique of restricting the number of mails that can be
transmitted from the same electronic mail address per day is
considered (for example, see Patent Document 1). By virtue of this,
transmission of junk mails transmitted in a large number can be
suppressed.
PRIOR ART REFERENCE
Patent Document
[0004] Patent Document 1: Japanese Patent Laid-Open Publication No.
2006-128917
SUMMARY OF INVENTION
Problems to be Solved by the Invention
[0005] Nevertheless, such a technique described in Patent Document
1 has a problem that transmission of electronic mails transmitted
in a large number is suppressed even when they are transmitted by
an authorized user.
[0006] An object of the present invention is to provide an
electronic mail monitoring apparatus, a transmission mail server,
an electronic mail monitoring method, and a program for resolving
the above-mentioned problem.
Means for Solving to the Problems
[0007] The electronic mail monitoring apparatus of the present
invention includes:
[0008] an acquisition section for acquiring electronic mails
transmitted from communication terminals;
[0009] an extraction section for, from the electronic mail acquired
by the acquisition section, extracting user identification
information indicating a user having transmitted the electronic
mail and communication terminal identification information imparted
to the communication terminal having transmitted the electronic
mail;
[0010] a calculation section for, for each user identification
information extracted by the extraction section within a unit time,
calculating a uniqueness number of the communication terminal
identification information;
[0011] a verification section for judging whether the uniqueness
number of communication terminal identification information for
each of the user identification information calculated by the
calculation section has exceeded a predetermined first threshold;
and
[0012] a notification section for, when the verification section
has judged that the uniqueness number of communication terminal
identification information for each of the user identification
information calculated by the calculation section has exceeded the
first threshold, performing predetermined first notification to a
notification destination set up in advance.
[0013] Further, the electronic mail monitoring apparatus of the
present invention includes:
[0014] an acquisition section for acquiring electronic mails
transmitted from communication terminals;
[0015] an extraction section for, from the electronic mail acquired
by the acquisition section, extracting user identification
information indicating a user having transmitted the electronic
mail and communication terminal identification information imparted
to the communication terminal having transmitted the electronic
mail;
[0016] a calculation section for calculating a uniqueness number of
countries or regions corresponding to the communication terminal
identification information for each user identification information
extracted by the extraction section within a unit time;
[0017] a verification section for judging whether the uniqueness
number of countries or regions for each of the user identification
information calculated by the calculation section has exceeded a
predetermined second threshold; and
[0018] a notification section for, when the verification section
has judged that the uniqueness number of countries or regions for
each of the user identification information calculated by the
calculation section has exceeded the second threshold, performing
predetermined second notification to a notification destination set
up in advance.
[0019] Further, the transmission mail server of the present
invention includes:
[0020] an authentication section for authenticating a user,
[0021] a storage section for storing authentication information
used for the authentication;
[0022] an acquisition section for, when the authentication section
has succeeded in authentication of the user by using the
authentication information stored in the storage section, acquiring
electronic mails transmitted from communication terminals;
[0023] an extraction section for extracting user identification
information indicating the user having transmitted the electronic
mail, from the authentication information and then extracting
communication terminal identification information imparted to the
communication terminal having transmitted the electronic mail, from
the electronic mail acquired by the acquisition section or
connection processing with the communication terminal;
[0024] a calculation section for, for each user identification
information extracted by the extraction section within a unit time,
calculating a uniqueness number of the communication terminal
identification information;
[0025] a verification section for judging whether the uniqueness
number of communication terminal identification information for
each of the user identification information calculated by the
calculation section has exceeded a predetermined first threshold;
and
[0026] a notification section for, when the verification section
has judged that the uniqueness number of communication terminal
identification information for each of the user identification
information calculated by the calculation section has exceeded the
first threshold, performing predetermined first notification to a
notification destination set up in advance.
[0027] Further, the transmission mail server of the present
invention includes:
[0028] an authentication section for authenticating a user;
[0029] a storage section for storing authentication information
used for the authentication;
[0030] an acquisition section for, when the authentication section
has succeeded in authentication of the user by using the
authentication information stored in the storage section, acquiring
electronic mails transmitted from communication terminals;
[0031] an extraction section for extracting user identification
information indicating the user having transmitted the electronic
mail, from the authentication information and then extracting
communication terminal identification information imparted to the
communication terminal having transmitted the electronic mail, from
the electronic mail acquired by the acquisition section or
connection processing with the communication terminal;
[0032] a calculation section for calculating a uniqueness number of
countries or regions corresponding to the communication terminal
identification information for each user identification information
extracted by the extraction section within a unit time;
[0033] a verification section for judging whether the uniqueness
number of countries or regions for each of the user identification
information calculated by the calculation section has exceeded a
predetermined second threshold; and
[0034] a notification section for, when the verification section
has judged that the uniqueness number of countries or regions for
each of the user identification information calculated by the
calculation section has exceeded the second threshold, performing
predetermined second notification to a notification destination set
up in advance.
[0035] Further, the electronic mail monitoring method of the
present invention is
[0036] an electronic mail monitoring method of monitoring
electronic mails transmitted from communication terminals,
performing:
[0037] the processing of acquiring electronic mails transmitted
from the communication terminals;
[0038] the processing of, from the acquired electronic mail,
extracting user identification information indicating a user having
transmitted the electronic mail and communication terminal
identification information imparted to the communication terminal
having transmitted the electronic mail;
[0039] the processing of, for each of the user identification
information extracted within a unit time, calculating a uniqueness
number of the communication terminal identification
information;
[0040] the processing of judging whether the uniqueness number of
communication terminal identification information for each of the
calculated user identification information has exceeded a
predetermined first threshold; and
[0041] the processing of, when it has been judged that the
uniqueness number of communication terminal identification
information for each of the calculated user identification
information has exceeded the first threshold, performing
predetermined first notification to a notification destination set
up in advance.
[0042] Further, the electronic mail monitoring method of the
present invention is
[0043] an electronic mail monitoring method of monitoring
electronic mails transmitted from communication terminals,
performing:
[0044] the processing of acquiring electronic mails transmitted
from the communication terminals;
[0045] the processing of, from the acquired electronic mail,
extracting user identification information indicating a user having
transmitted the electronic mail and communication terminal
identification information imparted to the communication terminal
having transmitted the electronic mail;
[0046] the processing of calculating a uniqueness number of
countries or regions corresponding to the communication terminal
identification information for each user identification information
extracted within a unit time;
[0047] the processing of judging whether the uniqueness number of
countries or regions for each of the calculated user identification
information has exceeded a predetermined second threshold; and
[0048] the processing of, when it has been judged that the
uniqueness number of countries or regions for each of the
calculated user identification information has exceeded the second
threshold, performing predetermined second notification to a
notification destination set up in advance.
[0049] Further, the program of the present invention is
[0050] a program for causing a computer to execute:
[0051] the procedure of acquiring electronic mails transmitted from
communication terminals;
[0052] the procedure of, from the acquired electronic mail,
extracting user identification information indicating a user having
transmitted the electronic mail and communication terminal
identification information imparted to the communication terminal
having transmitted the electronic mail;
[0053] the procedure of, for each of the user identification
information extracted within a unit time, calculating a uniqueness
number of the communication terminal identification
information;
[0054] the procedure of judging whether the uniqueness number of
communication terminal identification information for each of the
calculated user identification information has exceeded a
predetermined first threshold; and
[0055] the procedure of, when it has been judged that the
uniqueness number of communication terminal identification
information for each of the calculated user identification
information has exceeded the first threshold, performing
predetermined first notification to a notification destination set
up in advance.
[0056] Further, the program of the present invention is
[0057] a program for causing a computer to execute:
[0058] the procedure of acquiring electronic mails transmitted from
communication terminals;
[0059] the procedure of, from the acquired electronic mail,
extracting user identification information indicating a user having
transmitted the electronic mail and communication terminal
identification information imparted to the communication terminal
having transmitted the electronic mail;
[0060] the procedure of calculating a uniqueness number of
countries or regions corresponding to the communication terminal
identification information for each user identification information
extracted within a unit time;
[0061] the procedure of judging whether the uniqueness number of
countries or regions for each of the calculated user identification
information has exceeded a predetermined second threshold; and
[0062] the procedure of, when it has been judged that the
uniqueness number of countries or regions for each of the
calculated user identification information has exceeded the second
threshold, performing predetermined second notification to a
notification destination set up in advance.
Advantageous Effects of the Invention
[0063] As described above, according to the present invention,
transmission of junk mails can be detected more accurately.
BRIEF DESCRIPTION OF THE DRAWINGS
[0064] FIG. 1 is a diagram showing an embodiment of a communication
system including an electronic mail monitoring apparatus of the
present invention.
[0065] FIG. 2 is a diagram showing an example of internal
configuration of an electronic mail monitoring apparatus shown in
FIG. 1.
[0066] FIG. 3 is a diagram showing an example of correspondence
stored in a storage section shown in FIG. 2.
[0067] FIG. 4 is a diagram showing another example of
correspondence stored in a storage section shown in FIG. 2.
[0068] FIG. 5 is a flow chart for describing an example of an
electronic mail monitoring method in an electronic mail monitoring
apparatus shown in FIG. 1.
[0069] FIG. 6 is a diagram showing an example of country
information stored in a storage section shown in FIG. 2.
[0070] FIG. 7 is a flow chart for describing an example of an
electronic mail monitoring method employing country information in
an electronic mail monitoring apparatus shown in FIG. 1.
[0071] FIG. 8 is a diagram showing an embodiment of a communication
system including a transmission mail server of the present
invention.
[0072] FIG. 9 is a diagram showing an example of internal
configuration of a transmission mail server shown in FIG. 8.
[0073] FIG. 10 is a diagram showing an example of authentication
information stored in a storage section shown in FIG. 9.
[0074] FIG. 11 is a flow chart for describing an example of an
electronic mail monitoring method in a transmission mail server
shown in FIG. 8.
[0075] FIG. 12 is a flow chart for describing an example of an
electronic mail monitoring method employing country information in
a transmission mail server shown in FIG. 8.
DESCRIPTION OF THE EMBODIMENTS
[0076] Embodiments of the present invention are described below
with reference to the drawings.
First Embodiment
[0077] FIG. 1 is a diagram showing an embodiment of a communication
system including an electronic mail monitoring apparatus of the
present invention.
[0078] As shown in FIG. 1, the present mode is constructed from an
electronic mail monitoring apparatus 100 of the present invention,
a transmission mail server 200, a receiving mail server 300, an
administrator terminal 400, and communication terminals 500-1 to
500-n (n is an integer).
[0079] The electronic mail monitoring apparatus 100 monitors
electronic mails transmitted from the communication terminals 500-1
to 500-n.
[0080] FIG. 2 is a diagram showing an example of the internal
configuration of the electronic mail monitoring apparatus 100 shown
in FIG. 1.
[0081] As shown in FIG. 2, the electronic mail monitoring apparatus
100 shown in FIG. 1 is provided with an acquisition section 101, an
extraction section 102, a calculation section 103, a verification
section 104, a notification section 105, a transmission control
section 106, and a storage section 107.
[0082] The acquisition section 101 acquires electronic mails
transmitted from the communication terminals 500-1 to 500-n through
the transmission mail server 200 to the receiving mail server
300.
[0083] From the electronic mail acquired by the acquisition section
101, the extraction section 102 extracts: user identification
information such as the electronic mail address of transmission
source indicating the user having transmitted the electronic mail;
and communication terminal identification information such as the
IP (Internet Protocol) address imparted to the communication
terminal having transmitted the electronic mail. In general, these
information pieces are contained in the header of the electronic
mail acquired by the acquisition section 101. Further, the
extraction section 102 writes the user identification information
and the communication terminal identification information having
been extracted, into the storage section 107 in correspondence to
date and time information.
[0084] The calculation section 103 calculates the uniqueness number
of IP addresses (the number of mutually different IP addresses) for
each electronic mail address extracted by the extraction section
102. Here, the calculation section 103 calculates the uniqueness
number of IP addresses of the electronic mails acquired by the
acquisition section 101 within a unit time (e.g., 1 minute and 1
hour) set up in advance. Further, the calculation section 103
outputs the calculated uniqueness number of IP addresses to the
verification section 104.
[0085] The verification section 104 compares the uniqueness number
of IP addresses outputted from the calculation section 103 with a
threshold (a first threshold) set up in advance. Further, as a
result of comparison, the verification section 104 judges whether
the uniqueness number of IP addresses has exceeded the first
threshold. The first threshold is stored in the storage section
107. Further, the verification section 104 notifies the result of
judgment to the notification section 105 and the transmission
control section 106.
[0086] When the notification from the verification section 104
indicates that the uniqueness number of IP addresses has exceeded
the first threshold, the notification section 105 performs
predetermined notification (first notification) to the
administrator terminal 400 serving as a notification destination
set up in advance. This notification contains the mail address of
the electronic mail whose uniqueness number of IP addresses has
exceeded the first threshold. Further, the IP address and the date
and time information thereof may also be contained.
[0087] When the notification from the verification section 104
indicates that the uniqueness number of IP addresses has exceeded
the first threshold, the transmission control section 106 stops
transmission of electronic mails having a transmission source equal
to the mail address of the electronic mail whose uniqueness number
of IP addresses has exceeded the first threshold. Further, when the
notification from the verification section 104 indicates that the
uniqueness number of IP addresses does not exceed the first
threshold, the transmission control section 106 transmits
electronic mails having a transmission source equal to the mail
address of the electronic mail, to the receiving mail server
300.
[0088] Further, the storage section 107 stores the user
identification information and the communication terminal
identification information having been written in by the extraction
section 102, in correspondence to the date and time
information.
[0089] FIG. 3 is a diagram showing an example of correspondence
stored in the storage section 107 shown in FIG. 2.
[0090] As shown in FIG. 3, the storage section 107 shown in FIG. 2
stores a mail address serving as the user identification
information of the transmission source of the electronic mail, an
IP address serving as the communication terminal identification
information of the transmission source of the electronic mail, and
date and time information in correspondence to each other. Further,
the number of destinations of the electronic mail may also be in
correspondence to the above-mentioned information. As shown in FIG.
3, some electronic mails transmitted from mutually the same mail
address have mutually different IP addresses. Further, the date and
time information indicates the date and time at which the
transmission mail server 200 has received the electronic mail, the
date and time at which the transmission mail server 200 has
transmitted the electronic mail, the date and time at which the
acquisition section 101 has acquired the electronic mail, the date
and time at which the storage section 107 has stored the
correspondence, or the like.
[0091] Further, the acquisition section 101 may acquire a member ID
corresponding to the mail address from the transmission mail server
200 and then the storage section 107 may store the member ID, the
IP address, and the date and time information in correspondence to
each other.
[0092] FIG. 4 is a diagram showing another example of
correspondence stored in the storage section 107 shown in FIG.
2.
[0093] As shown in FIG. 4, the storage section 107 shown in FIG. 2
stores a member ID serving as the user identification information
of the transmission source of the electronic mail, an IP address
serving as the communication terminal identification information of
the transmission source of the electronic mail, and date and time
information in correspondence to each other. Further, the number of
destinations of the electronic mail may also be in correspondence
to the above-mentioned information.
[0094] Here, the member ID may be one not acquired from the
transmission mail server 200 by the acquisition section 101. For
example, a member ID corresponding to the mail address may be
registered in advance and then the member ID may be stored in the
storage section 107 in correspondence to the mail address.
[0095] The transmission mail server 200 authenticates a user who
uses the communication terminals 500-1 to 500-n having performed
connection. At that time, the transmission mail server 200
authenticates the user by using authentication information
consisting of an electronic mail address or a member ID (member
identification information) of the user set up in advance and a
password. Further, when having succeeded in authentication, the
transmission mail server 200 transmits electronic mails transmitted
from the communication terminals 500-1 to 500-n, to the electronic
mail monitoring apparatus 100. Here, FIG. 1 shows an example that
only one transmission mail server 200 is provided. However, a
plurality may be provided.
[0096] The receiving mail server 300 transmits the electronic mail
transmitted from the communication terminals 500-1 to 500-n through
the transmission mail server 200 and the electronic mail monitoring
apparatus 100, to a destination indicated by the destination
information contained in the header of the electronic mail.
[0097] The administrator terminal 400 is a communication device
operated by an administrator who administers the electronic mail
monitoring apparatus 100. The administrator terminal 400 includes
an output section such as a display and a speaker. This output
section outputs a notification from the notification section 105.
By virtue of this, the administrator can recognize the notification
from the notification section 105.
[0098] The communication terminals 500-1 to 500-n are communication
devices that are operated by users and thereby can transmit
electronic mails. Further, the communication terminals 500-1 to
500-n are operated by an authorized user in some cases and, in
other some cases, operated by a user having an evil intention of
transmitting junk mails as described above.
[0099] An electronic mail monitoring method in the electronic mail
monitoring apparatus 100 shown in FIG. 1 is described below.
[0100] FIG. 5 is a flow chart for describing an example of an
electronic mail monitoring method in the electronic mail monitoring
apparatus 100 shown in FIG. 1.
[0101] First, when the electronic mail monitoring apparatus 100
receives through the transmission mail server 200 an electronic
mail transmitted from the communication terminals 500-1 to 500-n,
the acquisition section 101 at step 1 acquires the received
electronic mail. Then, at step 2, the extraction section 102
extracts the mail address of transmission source and the IP address
of transmission source from the electronic mail acquired by the
acquisition section 101. The extraction section 102 writes the mail
address and the IP address having been extracted, into the storage
section 107 in correspondence to the date and time information.
[0102] At step 3, the calculation section 103 refers to the storage
section 107 for each unit time and thereby calculates the
uniqueness number of IP addresses extracted by the extraction
section 102 within the unit time, for each mail address. Then, at
step 4, the verification section 104 judges whether the uniqueness
number of IP addresses for each mail address calculated by the
calculation section 103 has exceeded a first threshold set up in
advance.
[0103] For example, when the correspondence written into the
storage section 107 by the extraction section 102 is premised to be
as shown in FIG. 3 and the unit time is 5 seconds (in this example,
5 seconds from 10:01:25 to 10:01:30 on Jul. 1, 2012), the
calculation section 103 calculates the uniqueness number of IP
addresses for the mail address "aaa@mail.***.jp" as being "4".
Further, the calculation section 103 calculates the uniqueness
number of IP addresses for the mail address "bbb@mail.***.jp" as
being "2". Then, when the first threshold is "3", the verification
section 104 judges that the uniqueness number of IP addresses for
the mail address "aaa@mail.***.jp" exceeds the first threshold.
Further, the verification section 104 judges that the uniqueness
number of IP addresses for the mail address "bbb@mail.***.jp" does
not exceed the first threshold.
[0104] When the verification section 104 has judged that the
uniqueness number of IP addresses for each mail address calculated
by the calculation section 103 has exceeded the first threshold,
the notification section 105 at step 5 performs notification (first
notification) indicating a possibility that junk mails (spoofing
mails) have been transmitted, to the administrator terminal 400
serving as the notification destination. This notification contains
the mail address of the corresponding transmission source. Further,
this notification may contain the IP address and the date and time
information of the transmission source.
[0105] Further, when the verification section 104 has judged that
the uniqueness number of IP addresses for each mail address
calculated by the calculation section 103 has exceeded the first
threshold, the transmission control section 106 at step 6 may stop
transmission of electronic mails having been transmitted from the
corresponding mail address. On the other hand, when the
verification section 104 has judged that the uniqueness number of
IP addresses for each mail address calculated by the calculation
section 103 does not exceed the first threshold, the transmission
control section 106 at step 7 performs transmission of electronic
mails having been transmitted from the corresponding mail
address.
[0106] In communication in which the communication terminals 500-1
to 500-n are fixed PCs (personal computers) or the like or,
alternatively, in data communication performed such that the
communication terminals 500-1 to 500-n perform connection (login)
to the server by using the use member ID and the password, the IP
addresses imparted to the communication terminals 500-1 to 500-n
are semi-fixed. Thus, when a plurality of electronic mails have the
same mail address of transmission source but have mutually
different IP addresses, a high possibility is concluded that
another person has maliciously used the mail address. Further, when
the electronic mails have a high transmission frequency (the number
of times of transmission within a unit time), a high possibility
can be concluded that these electronic mails are junk mails
(spoofing mails). The above-mentioned processing is performed by
using these properties so that identification of junk mails
(spoofing mails) can easily be achieved.
[0107] Further, in addition to a configuration that the judgment
criterion for junk mails (spoofing mails) is the uniqueness number
of IP addresses as described above, the country of transmission
source may also be employed. In general, in the IP address, a
usable range is determined for each country. That is, when
predetermined bits of the IP address is referred to, the country
where the IP address is used can be judged. The range of IP address
and information (a country identifier) indicating the country in
correspondence to each other may be stored in advance in the
storage section 107 as country information and then, on the basis
of the country information, the verification section 104 may judge
a possibility that the transmitted electronic mails are junk mails
(spoofing mails).
[0108] FIG. 6 is a diagram showing an example of the country
information stored in the storage section 107 shown in FIG. 2.
[0109] As shown in FIG. 6, the storage section 107 shown in FIG. 2
stores a range of IP address and a country identifier in
correspondence to each other. The range of IP address corresponding
to each country is determined in advance for the world. Further, it
is sufficient that the country identifier can identify the country.
That is, a country code or the like set up in advance for each
country may be employed.
[0110] An electronic mail monitoring method employing country
information in the electronic mail monitoring apparatus 100 shown
in FIG. 1 is described below.
[0111] FIG. 7 is a flow chart for describing an example of the
electronic mail monitoring method employing country information in
the electronic mail monitoring apparatus 100 shown in FIG. 1.
[0112] First, when the electronic mail monitoring apparatus 100
receives through the transmission mail server 200 an electronic
mail transmitted from the communication terminals 500-1 to 500-n,
the acquisition section 101 at step 11 acquires the received
electronic mail. Then, at step 12, the extraction section 102
extracts the mail address of transmission source and the IP address
of transmission source from the electronic mail acquired by the
acquisition section 101. The extraction section 102 writes the mail
address and the IP address having been extracted, into the storage
section 107 in correspondence to the date and time information.
[0113] Then, at step 13, the calculation section 103 calculates the
uniqueness number of IP addresses extracted by the extraction
section 102 within the unit time, for each mail address. Then, at
step 14, the verification section 104 judges whether the uniqueness
number of IP addresses for each mail address calculated by the
calculation section 103 has exceeded a first threshold set up in
advance.
[0114] When the verification section 104 has judged that the
uniqueness number of IP addresses for each mail address calculated
by the calculation section 103 has exceeded the first threshold,
the calculation section 103 at step 15 extracts the country
information corresponding to the IP address on the basis of the IP
address corresponding to the mail address extracted by the
extraction section 102 within a unit time and the country
information stored in the storage section 107, and then calculates
the uniqueness number of countries of transmission source within a
unit time, for each mail address. Then, at step 16, the
verification section 104 judges whether the uniqueness number of
countries for each mail address calculated by the calculation
section 103 has exceeded a second threshold set up in advance.
[0115] When the verification section 104 has judged that the
uniqueness number of countries for each mail address calculated by
the calculation section 103 has exceeded the second threshold, the
notification section 105 at step 17 performs notification (second
notification) indicating a possibility that junk mails (spoofing
mails) have been transmitted, to the administrator terminal 400
serving as the notification destination. This notification contains
the mail address of the corresponding transmission source. Further,
this notification may contain the IP address, the date and time
information, and the country name of the transmission source.
[0116] For example, it is premised that the first threshold is "5"
and the second threshold is "3". Then, a case is considered that
the IP addresses of electronic mails transmitted from the mail
address "aaa@mail.***.jp" within a unit time are two items of
"133.***.***.010(JP)", one item of "133.***.***.012(JP)", one item
of "134.**, ***.023(DE)", one item of "134.***.***.024(DE)", two
items of "135.***.***.009(US)", and one item of
"139.***.***.123(DE)". In this case, the uniqueness number of IP
addresses is "6" and the uniqueness number of countries is "4".
Thus, the notification section 105 performs notification. Further,
a case is considered that the IP addresses of electronic mails
transmitted from the mail address "aaa@mail.***.jp" within a unit
time are two items of "133.***.***.014(JP)", one item of
"133.***.***.018(JP)", two item of "133.***, ***.015(JP)", one item
of "133.***.***.024(JP)", two items of "133.***.***.033(JP)", and
one item of "133.***.***.123(JP)". In this case, the uniqueness
number of IP addresses is "6" and the uniqueness number of
countries is "1". Thus, the notification section 105 does not
perform notification.
[0117] Further, when the verification section 104 has judged that
the uniqueness number of countries for each mail address calculated
by the calculation section 103 has exceeded the second threshold,
the transmission control section 106 at step 18 may stop
transmission of electronic mails having been transmitted from the
corresponding mail address.
[0118] On the other hand, when the verification section 104 has
judged that the uniqueness number of IP addresses for each mail
address calculated by the calculation section 103 does not exceed
the first threshold or, alternatively, when the verification
section 104 has judged that the uniqueness number of countries for
each mail address calculated by the calculation section 103 does
not exceed the second threshold, the transmission control section
106 at step 19 performs transmission of electronic mails having
been transmitted from the corresponding mail address.
[0119] Here, after the processing of step 12, the processing may be
such that: the extraction section 102 writes the mail address and
the IP address having been extracted, into the storage section 107
in correspondence to the date and time information; then the
processing of steps 13 and 14 are not performed; and then at step
15, on the basis of the IP address corresponding to the mail
address extracted by the extraction section 102 within a unit time
and the country information stored in the storage section 107, the
calculation section 103 extracts the country information
corresponding to the IP address and then calculates the uniqueness
number of countries of transmission source within a unit time, for
each mail address. By virtue of this, even when the uniqueness
number of IP addresses of transmission source for each mail address
does not exceed the first threshold, the verification section 104
can judge whether the uniqueness number of countries of
transmission source for each mail address has exceeded the second
threshold.
[0120] As such, in addition to the uniqueness number of IP
addresses, the uniqueness number of countries is employed as the
judgment criterion so that the identification accuracy for junk
mails (spoofing mails) can be improved. That is, it is difficult to
transmit electronic mails from a plurality of countries within a
short time. Thus, when the unit time is set short and then the
country of transmission source is judged on the basis of the range
to which the IP address belongs, electronic mails transmitted from
countries in a number greater than or equal to a predetermined
number can be concluded as having a high possibility of junk mails
(spoofing mails).
[0121] Here, the example given above has been described for a case
that the mail address is employed as the user identification
information. Instead, the user identification information may be
the member ID acquired by the acquisition section 101 from the
transmission mail server 200 with using the mail address as a
key.
[0122] Further, as for the judgment criterion for junk mails
(spoofing mails), in addition to the country of transmission
source, the region may be employed in a case that the region (e.g.,
the Kanto district and the Asia region) of transmission source can
be identified on the basis of the IP address of transmission
source.
Second Embodiment
[0123] The function of the electronic mail monitoring apparatus 100
described above may be provided in the transmission mail server
200.
[0124] FIG. 8 is a diagram showing an embodiment of a communication
system including a transmission mail server of the present
invention.
[0125] As shown in FIG. 8, the present mode is constructed from a
transmission mail server 210 of the present invention, a receiving
mail server 300, an administrator terminal 400, and communication
terminals 500-1 to 500-n (n is an integer).
[0126] The receiving mail server 300, the administrator terminal
400 and the communication terminals 500-1 to 500-n are respectively
the same as those shown in FIG. 1.
[0127] The transmission mail server 210 is a communication device
having both of the function owned by the transmission mail server
200 shown in FIG. 1 and the function owned by the electronic mail
monitoring apparatus 100.
[0128] FIG. 9 is a diagram showing an example of the internal
configuration of the transmission mail server 210 shown in FIG.
8.
[0129] As shown in FIG. 9, the transmission mail server 210 shown
in FIG. 8 is provided with an acquisition section 201, an
extraction section 202, a calculation section 203, a verification
section 204, a notification section 205, a transmission control
section 206, a storage section 207, and an authentication section
208. Here, FIG. 9 shows an example of main components concerning
the present embodiment among the components provided in the
transmission mail server 210 shown in FIG. 8.
[0130] The extraction section 202 has the same function as the
extraction section 102 shown in FIG. 2.
[0131] The calculation section 203 has the same function as the
calculation section 103 shown in FIG. 2.
[0132] The verification section 204 has the same function as the
verification section 104 shown in FIG. 2.
[0133] The notification section 205 has the same function as the
notification section 105 shown in FIG. 2.
[0134] The transmission control section 206 has the same function
as the transmission control section 106 shown in FIG. 2.
[0135] The authentication section 208 authenticates a user who
operates the communication terminals 500-1 to 500-n. At that time,
the authentication section 208 authenticates the user by comparing
the authentication information transmitted from the communication
terminals 500-1 to 500-n with the authentication information stored
in the storage section 207. This authentication information is the
user identification information such as the mail address and the
member ID of the user and the password. Further, the detailed
authentication method may be the same as general one.
[0136] In addition to the information stored in the storage section
107 shown in FIG. 2, the storage section 207 may store
authentication information used for authenticating a user who
operates the communication terminals 500-1 to 500-n.
[0137] FIG. 10 is a diagram showing an example of authentication
information stored in the storage section 207 shown in FIG. 9.
[0138] As shown in FIG. 10, the storage section 207 shown in FIG. 9
stores the mail address, the member ID, and the password as the
authentication information. These are stored in advance.
[0139] When the authentication section 208 has succeeded in
authentication of a user by using the authentication information
stored in the storage section 207, the acquisition section 201
acquires electronic mails transmitted from the communication
terminals 500-1 to 500-n.
[0140] An electronic mail monitoring method in the transmission
mail server 210 shown in FIG. 8 is described below.
[0141] FIG. 11 is a flow chart for describing an example of the
electronic mail monitoring method in the transmission mail server
210 shown in FIG. 8.
[0142] First, when authentication information (a member ID or a
mail address plus a password) has been transmitted from the
communication terminals 500-1 to 500-n, the authentication section
208 at step 21 compares the transmitted authentication information
with the authentication information stored in advance in the
storage section 207 and thereby authenticates the user.
[0143] When the authentication section 208 has succeeded in the
authentication, the electronic mail transmitted from the
communication terminals 500-1 to 500-n is received by the
transmission mail server 210. At step 22, the acquisition section
201 acquires the received electronic mail. Then, at step 23, the
extraction section 202 extracts the IP address of transmission
source from the electronic mail acquired by the acquisition section
201 or from connection processing (e.g., an SMTP session) with the
communication terminals 500-1 to 500-n. The extraction section 202
writes the extracted IP address and the mail address or the member
ID (the member ID is employed as an example in the following
description) used for authentication by the authentication section
208, into the storage section 207 in correspondence to the date and
time information (e.g., the correspondence shown in FIG. 4). This
date and time information indicates the date and time at which the
transmission mail server 210 has received the electronic mail, the
date and time at which the transmission mail server 210 has
transmitted the electronic mail, the date and time at which the
acquisition section 201 has acquired the electronic mail, the date
and time at which the storage section 207 has stored the
correspondence, or the like.
[0144] Then, at step 24, the calculation section 203 calculates the
uniqueness number of IP addresses extracted by the extraction
section 202 within the unit time, for each member ID. Then, at step
25, the verification section 204 judges whether the uniqueness
number of IP addresses for each member ID calculated by the
calculation section 203 has exceeded a first threshold set up in
advance.
[0145] When the verification section 204 has judged that the
uniqueness number of IP addresses for each member ID calculated by
the calculation section 203 has exceeded the first threshold, the
notification section 205 at step 26 performs notification (first
notification) indicating a possibility that junk mails (spoofing
mails) have been transmitted, to the administrator terminal 400
serving as the notification destination. This notification contains
the mail address of the corresponding transmission source. Further,
this notification may contain the IP address and the date and time
information of the transmission source.
[0146] Further, when the verification section 204 has judged that
the uniqueness number of IP addresses for each member ID calculated
by the calculation section 203 has exceeded the first threshold,
the transmission control section 206 at step 27 may stop
transmission of electronic mails having been transmitted from the
mail address corresponding to the corresponding member ID. On the
other hand, when the verification section 204 has judged that the
uniqueness number of IP addresses for each member ID calculated by
the calculation section 203 does not exceed the first threshold,
the transmission control section 206 at step 28 performs
transmission of electronic mails having been transmitted from the
mail address corresponding to the corresponding member ID.
[0147] Further, similarly to the first embodiment, in addition to a
configuration that the judgment criterion for junk mails (spoofing
mails) is the uniqueness number of IP addresses, the country of
transmission source may also be employed.
[0148] An electronic mail monitoring method employing country
information in the transmission mail server 210 shown in FIG. 8 is
described below.
[0149] FIG. 12 is a flow chart for describing an example of the
electronic mail monitoring method employing country information in
the transmission mail server 210 shown in FIG. 8.
[0150] First, when authentication information (a member ID or a
mail address plus a password) has been transmitted from the
communication terminals 500-1 to 500-n, the authentication section
208 at step 31 compares the transmitted authentication information
with the authentication information stored in advance in the
storage section 207 and thereby authenticates the user.
[0151] When the authentication section 208 has succeeded in the
authentication, the electronic mail transmitted from the
communication terminals 500-1 to 500-n is received by the
transmission mail server 210. At step 32, the acquisition section
201 acquires the received electronic mail. Then, at step 33, the
extraction section 202 extracts the IP address of transmission
source from the electronic mail acquired by the acquisition section
201. The extraction section 202 writes the extracted IP address and
the mail address or the member ID used for authentication by the
authentication section 208, into the storage section 207 in
correspondence to the date and time information. This date and time
information is the same as that is written into the storage section
207 by the extraction section 202 after step 23.
[0152] Then, at step 34, the calculation section 203 calculates the
uniqueness number of IP addresses extracted by the extraction
section 202 within the unit time, for each member ID. Then, at step
35, the verification section 204 judges whether the uniqueness
number of IP addresses for each member ID calculated by the
calculation section 203 has exceeded a first threshold set up in
advance.
[0153] When the verification section 204 has judged that the
uniqueness number of IP addresses for each member ID calculated by
the calculation section 203 has exceeded the first threshold, the
calculation section 203 at step 36, on the basis of the IP address
extracted by the extraction section 202 within a unit time and the
country information stored in the storage section 207, extracts the
country information corresponding to the IP address and then
calculates the uniqueness number of countries of transmission
source within a unit time, for each member ID. Then, at step 37,
the verification section 204 judges whether the uniqueness number
of countries for each member ID calculated by the calculation
section 203 has exceeded a second threshold set up in advance.
[0154] When the verification section 204 has judged that the
uniqueness number of countries for each member ID calculated by the
calculation section 203 has exceeded the second threshold, the
notification section 205 at step 38 performs notification (second
notification) indicating a possibility that junk mails (spoofing
mails) have been transmitted, to the administrator terminal 400
serving as the notification destination. This notification contains
the mail address of transmission source corresponding to the
corresponding member ID. Further, this notification may contain the
IP address, the date and time information, and the country name of
the transmission source.
[0155] Further, when the verification section 204 has judged that
the uniqueness number of countries for each member ID calculated by
the calculation section 203 has exceeded the second threshold, the
transmission control section 206 at step 39 may stop transmission
of electronic mails having been transmitted from the mail address
corresponding to the corresponding member ID. On the other hand,
when the verification section 204 has judged that the uniqueness
number of countries for each member ID calculated by the
calculation section 203 does not exceed the second threshold, the
transmission control section 206 at step 40 performs transmission
of electronic mails having been transmitted from the mail address
corresponding to the corresponding member ID.
[0156] Here, after the processing of step 33, the processing may be
such that: the extraction section 202 writes the extracted IP
address and the member ID used for authentication, into the storage
section 207 in correspondence to the date and time information;
then the processing of steps 34 and 35 is not performed; and then
at step 36, on the basis of the IP address extracted by the
extraction section 202 within a unit time and the country
information stored in the storage section 207, the calculation
section 203 extracts the country information corresponding to the
IP address and then calculates the uniqueness number of countries
of transmission source within a unit time, for each member ID. By
virtue of this, even when the uniqueness number of IP addresses of
transmission source for each member ID does not exceed the first
threshold, the verification section 204 can judge whether the
uniqueness number of countries of transmission source for each
member ID has exceeded the second threshold.
[0157] Further, similarly to the first embodiment, as for the
judgment criterion for junk mails (spoofing mails), in addition to
the country of transmission source, the region may be employed in a
case that the region (e.g., the Kanto district and the Asia region)
of transmission source can be identified on the basis of the IP
address of transmission source.
[0158] As such, when the function of the electronic mail monitoring
apparatus 100 in the first embodiment is imparted to the
transmission mail server 210 in the second embodiment, an effect
similar to that in the first embodiment can be obtained also in the
second embodiment.
[0159] Here, in the embodiments given above, the processing of
calculating the uniqueness number of IP addresses for each mail
address or member ID and the processing of calculating the
uniqueness number of countries or regions for each mail address or
member ID may be performed for each predetermined unit time
(periodically). Further, these processing pieces may be performed
at each timing that the acquisition section 101 or 201 has acquired
an electronic mail and then the extraction section 102 or 202 has
extracted the IP address (at each time of receiving an electronic
mail). In a case that these processing pieces are to be performed
at each time of receiving an electronic mail, the uniqueness number
of IP addresses or of countries or regions is calculated for the
mail addresses (the member IDs) of the electronic mails having
already been received within a predetermined time (e.g., 5 seconds)
counted from the date and time of having received the electronic
mail.
[0160] As described above, the processing performed by each
component provided respectively in the electronic mail monitoring
apparatus 100 and the transmission mail server 210 may be performed
by a logic circuit fabricated in accordance with the individual
object. Further, a computer program (referred to as a program,
hereinafter) describing the contents of processing as a procedure
may be recorded on a recording medium readable individually by the
electronic mail monitoring apparatus 100 and the transmission mail
server 210. Then, the program recorded on the recording medium may
be read and executed individually by the electronic mail monitoring
apparatus 100 and the transmission mail server 210. The recording
medium readable individually by the electronic mail monitoring
apparatus 100 and the transmission mail server 210 indicates a
portable recording medium such as a floppy (registered trademark)
disc, a magneto-optical disc, a DVD, and a CD as well as a memory
such as a ROM and a RAM and an HDD built individually in the
electronic mail monitoring apparatus 100 and the transmission mail
server 210. The program recorded on the recording medium is read by
a CPU (not shown) provided individually in the electronic mail
monitoring apparatus 100 and the transmission mail server 210.
Then, by virtue of the control by the CPU, similar processing to
that described above is achieved. Here, the CPU operates as a
computer for executing the program read from the recording medium
on which the program is recorded.
[0161] A part or all of the embodiments given above may be
described as the following additional descriptions. However, the
present invention is not limited to these.
[0162] (Additional description 1) An electronic mail monitoring
apparatus including:
[0163] an acquisition section for acquiring electronic mails
transmitted from communication terminals;
[0164] an extraction section for, from the electronic mail acquired
by the acquisition section, extracting user identification
information indicating a user having transmitted the electronic
mail and communication terminal identification information imparted
to the communication terminal having transmitted the electronic
mail;
[0165] a calculation section for, for each user identification
information extracted by the extraction section within a unit time,
calculating a uniqueness number of the communication terminal
identification information;
[0166] a verification section for judging whether the uniqueness
number of communication terminal identification information for
each of the user identification information calculated by the
calculation section has exceeded a predetermined first threshold;
and
[0167] a notification section for, when the verification section
has judged that the uniqueness number of communication terminal
identification information for each of the user identification
information calculated by the calculation section has exceeded the
first threshold, performing predetermined first notification to a
notification destination set up in advance.
[0168] (Additional description 2) The electronic mail monitoring
apparatus according to additional description 1, wherein:
[0169] when the verification section has judged that the uniqueness
number of communication terminal identification information for
each of the user identification information calculated by the
calculation section has exceeded the first threshold, the
calculation section calculates a uniqueness number of countries or
regions on the basis of the communication terminal identification
information for each user identification information extracted by
the extraction section within a unit time;
[0170] the verification section judges whether the uniqueness
number of countries or regions for each of the user identification
information calculated by the calculation section has exceeded a
predetermined second threshold; and
[0171] the notification section does not perform the first
notification and, when the verification section has judged that the
uniqueness number of countries or regions for each of the user
identification information calculated by the calculation section
has exceeded the second threshold, performs predetermined second
notification to the notification destination.
[0172] (Additional description 3) The electronic mail monitoring
apparatus according to additional description 2, including
[0173] a transmission control section for stopping transmission of
electronic mails having a transmission source equal to the user
identification information whose uniqueness number of the
communication terminal identification information has been judged
by the verification section as having exceeded the first threshold
or, alternatively, equal to the user identification information
whose uniqueness number of countries or regions has been judged by
the verification section as having exceeded the second
threshold.
[0174] (Additional description 4) The electronic mail monitoring
apparatus according to additional description 2 or 3, wherein:
[0175] the acquisition section acquires member identification
information of the user having transmitted the electronic mail,
from a transmission mail server connected to the electronic mail
monitoring apparatus; and
[0176] the calculation section calculates the uniqueness number of
communication terminal identification information or,
alternatively, the uniqueness number of countries or regions, for
each of the member identification information.
[0177] (Additional description 5) An electronic mail monitoring
apparatus including: an acquisition section for acquiring
electronic mails transmitted from communication terminals;
[0178] an extraction section for, from the electronic mail acquired
by the acquisition section, extracting user identification
information indicating a user having transmitted the electronic
mail and communication terminal identification information imparted
to the communication terminal having transmitted the electronic
mail;
[0179] a calculation section for calculating a uniqueness number of
countries or regions corresponding to the communication terminal
identification information for each user identification information
extracted by the extraction section within a unit time;
[0180] a verification section for judging whether the uniqueness
number of countries or regions for each of the user identification
information calculated by the calculation section has exceeded a
predetermined second threshold; and
[0181] a notification section for, when the verification section
has judged that the uniqueness number of countries or regions for
each of the user identification information calculated by the
calculation section has exceeded the second threshold, performing
predetermined second notification to a notification destination set
up in advance.
[0182] (Additional description 6) The electronic mail monitoring
apparatus according to any one of additional descriptions 1 to 5,
wherein
[0183] the extraction section extracts an electronic mail address
or member identification information as the user identification
information and extracts an IP address as the communication
terminal identification information.
[0184] (Additional description 7) A transmission mail server
including:
[0185] an authentication section for authenticating a user;
[0186] a storage section for storing authentication information
used for the authentication;
[0187] an acquisition section for, when the authentication section
has succeeded in authentication of the user by using the
authentication information stored in the storage section, acquiring
electronic mails transmitted from communication terminals;
[0188] an extraction section for extracting user identification
information indicating the user having transmitted the electronic
mail, from the authentication information and then extracting
communication terminal identification information imparted to the
communication terminal having transmitted the electronic mail, from
the electronic mail acquired by the acquisition section or
connection processing with the communication terminal;
[0189] a calculation section for, for each user identification
information extracted by the extraction section within a unit time,
calculating a uniqueness number of the communication terminal
identification information;
[0190] a verification section for judging whether the uniqueness
number of communication terminal identification information for
each of the user identification information calculated by the
calculation section has exceeded a predetermined first threshold;
and
[0191] a notification section for, when the verification section
has judged that the uniqueness number of communication terminal
identification information for each of the user identification
information calculated by the calculation section has exceeded the
first threshold, performing predetermined first notification to a
notification destination set up in advance.
[0192] (Additional description 8) A transmission mail server
including:
[0193] an authentication section for authenticating a user;
[0194] a storage section for storing authentication information
used for the authentication;
[0195] an acquisition section for, when the authentication section
has succeeded in authentication of the user by using the
authentication information stored in the storage section, acquiring
electronic mails transmitted from communication terminals;
[0196] an extraction section for extracting user identification
information indicating the user having transmitted the electronic
mail, from the authentication information and then extracting
communication terminal identification information imparted to the
communication terminal having transmitted the electronic mail, from
the electronic mail acquired by the acquisition section or
connection processing with the communication terminal;
[0197] a calculation section for calculating a uniqueness number of
countries or regions corresponding to the communication terminal
identification information for each user identification information
extracted by the extraction section within a unit time;
[0198] a verification section for judging whether the uniqueness
number of countries or regions for each of the user identification
information calculated by the calculation section has exceeded a
predetermined second threshold; and
[0199] a notification section for, when the verification section
has judged that the uniqueness number of countries or regions for
each of the user identification information calculated by the
calculation section has exceeded the second threshold, performing
predetermined second notification to a notification destination set
up in advance.
[0200] (Additional description 9) An electronic mail monitoring
method of monitoring electronic mails transmitted from
communication terminals, performing:
[0201] the processing of acquiring electronic mails transmitted
from the communication terminals;
[0202] the processing of, from the acquired electronic mail,
extracting user identification information indicating a user having
transmitted the electronic mail and communication terminal
identification information imparted to the communication terminal
having transmitted the electronic mail;
[0203] the processing of, for each of the user identification
information extracted within a unit time, calculating a uniqueness
number of the communication terminal identification
information;
[0204] the processing of judging whether the uniqueness number of
communication terminal identification information for each of the
calculated user identification information has exceeded a
predetermined first threshold; and
[0205] the processing of, when it has been judged that the
uniqueness number of communication terminal identification
information for each of the calculated user identification
information has exceeded the first threshold, performing
predetermined first notification to a notification destination set
up in advance.
[0206] (Additional description 10) An electronic mail monitoring
method of monitoring electronic mails transmitted from
communication terminals, performing:
[0207] the processing of acquiring electronic mails transmitted
from the communication terminals;
[0208] the processing of, from the acquired electronic mail,
extracting user identification information indicating a user having
transmitted the electronic mail and communication terminal
identification information imparted to the communication terminal
having transmitted the electronic mail;
[0209] the processing of calculating a uniqueness number of
countries or regions corresponding to the communication terminal
identification information for each user identification information
extracted within a unit time;
[0210] the processing of judging whether the uniqueness number of
countries or regions for each of the calculated user identification
information has exceeded a predetermined second threshold; and
[0211] the processing of, when it has been judged that the
uniqueness number of countries or regions for each of the
calculated user identification information has exceeded the second
threshold, performing predetermined second notification to a
notification destination set up in advance.
[0212] (Additional description 11) A program for causing a computer
to execute:
[0213] the procedure of acquiring electronic mails transmitted from
communication terminals;
[0214] the procedure of, from the acquired electronic mail,
extracting user identification information indicating a user having
transmitted the electronic mail and communication terminal
identification information imparted to the communication terminal
having transmitted the electronic mail;
[0215] the procedure of, for each of the user identification
information extracted within a unit time, calculating a uniqueness
number of the communication terminal identification
information;
[0216] the procedure of judging whether the uniqueness number of
communication terminal identification information for each of the
calculated user identification information has exceeded a
predetermined first threshold; and
[0217] the procedure of, when it has been judged that the
uniqueness number of communication terminal identification
information for each of the calculated user identification
information has exceeded the first threshold, performing
predetermined first notification to a notification destination set
up in advance.
[0218] (Additional description 12) A program for causing a computer
to execute:
[0219] the procedure of acquiring electronic mails transmitted from
communication terminals;
[0220] the procedure of, from the acquired electronic mail,
extracting user identification information indicating a user having
transmitted the electronic mail and communication terminal
identification information imparted to the communication terminal
having transmitted the electronic mail;
[0221] the procedure of calculating a uniqueness number of
countries or regions corresponding to the communication terminal
identification information for each user identification information
extracted within a unit time;
[0222] the procedure of judging whether the uniqueness number of
countries or regions for each of the calculated user identification
information has exceeded a predetermined second threshold; and
[0223] the procedure of, when it has been judged that the
uniqueness number of countries or regions for each of the
calculated user identification information has exceeded the second
threshold, performing predetermined second notification to a
notification destination set up in advance.
[0224] The present invention has been described above with
reference to the embodiments. However, the present invention is not
limited to the embodiments given above. Various changes which can
be understood by the person skilled in the art within the scope of
the present invention may be made on the configurations and the
details of the present invention.
[0225] This application is based upon and claims the benefit of
priority from Japanese patent application No. 2012-193748, filed on
Sep. 4, 2012, the disclosure of which is incorporated herein its
entirety by reference.
* * * * *