US 11,943,193 B2
Misdirected email data loss prevention
Shalini Kamalapuram Sundaram, Sunnyvale, CA (US); Chris Moores, Owen Sound (CA); Durgaprasad Velagaleti, Sunnyvale, CA (US); Srikanth Konjarla, Sunnyvale, CA (US); and Harsh Doshi, Sunnyvale, CA (US)
Assigned to Proofpoint, Inc., Sunnyvale, CA (US)
Filed by Proofpoint, Inc., Sunnyvale, CA (US)
Filed on Jun. 7, 2022, as Appl. No. 17/834,902.
Claims priority of provisional application 63/208,481, filed on Jun. 8, 2021.
Prior Publication US 2022/0394008 A1, Dec. 8, 2022
Int. Cl. H04L 51/23 (2022.01); G06F 21/60 (2013.01); H04L 51/21 (2022.01); H04L 51/42 (2022.01); H04L 51/56 (2022.01)
CPC H04L 51/23 (2022.05) [G06F 21/606 (2013.01); H04L 51/21 (2022.05); H04L 51/42 (2022.05); H04L 51/56 (2022.05)] 20 Claims
OG exemplary drawing
 
1. A computing platform, comprising:
at least one processor;
a communication interface communicatively coupled to the at least one processor; and
memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
detect input of a first target recipient domain into a first email message;
identify, in real time and prior to sending the first email message, that the first target recipient domain comprises an unintended recipient domain instead of an intended recipient domain, wherein identifying that the first target recipient domain comprises an unintended recipient domain instead of an intended recipient domain comprises analyzing, using a user graph and a decision tree model, an identity of the first target recipient domain and a context of the first email message, wherein analyzing the first email message using the user graph and the decision tree model comprises:
identifying, using the user graph, a plurality of nearest neighbor recipients for a message sender of the first email message;
identifying that historical messages between the message sender and the first target recipient domain do not include a first level match of the context of the first email message by:
identifying that: a) the first target recipient domain corresponds to a user included in the plurality of nearest neighbor recipients, and b) the context of the first email message is a second level match with a context of one or more of historical messages between the message sender and the nearest neighbor recipients, and
identify, in real time and prior to sending the first email message, that the first target recipient domain comprises the unintended recipient domain;
identify, in real time and prior to sending the first email message, that the first email message violates one or more data loss prevention rules; and
based on identifying that the first target recipient domain comprises an unintended recipient domain and that the first email message violates the one or more data loss prevention rules, send a notification that the first target recipient domain is flagged as an unintended recipient domain and one or more commands directing a user device of the message sender to display the notification.