| CPC H04L 63/1416 (2013.01) [H04L 51/21 (2022.05); H04L 51/212 (2022.05); H04L 51/224 (2022.05); H04L 51/42 (2022.05)] | 20 Claims |
|
1. A computer-implemented method comprising:
performing, during offline analysis, processing of email data associated with a plurality of email messages to identify historical patterns and outliers in the plurality of email messages;
generating, independent of the processing of the email data, behavior patterns based on historical behavior of at least a subset of the plurality of email messages;
generating cached analytics from the historical patterns, the outliers, and the behavior patterns, wherein the generating includes discarding corresponding historical patterns, corresponding outliers, and corresponding behavior data associated with the email data that is older than a predetermined time period;
receiving an email message from a first sender, wherein the email message is withheld from delivery to a recipient;
extracting features from the email message;
providing the extracted features as input to a machine-learning model, wherein the machine-learning model is trained using the cached analytics;
comparing, with the machine-learning model, the extracted features to the cached analytics by:
determining whether content of the email message matches at least one criterion for suspicious content; and
determining a reputation score associated with the first sender based on a comparison of the extracted features with the behavior patterns and an association of the first sender to an other sender with a low reputation score, wherein the extracted features include an identity of the first sender; and
responsive to the content of the email message not matching the at least one criterion for suspicious content and the reputation score meeting a reputation threshold, delivering the email message to the recipient.
|