JP6149508B2 - Mail check program, mail check device and mail check system - Google Patents

Description

  The present invention relates to a mail check program, a mail check device, and a mail check system.

  In recent years, as the value of information has further increased, attacks by malicious emails such as targeted email attacks that send virus emails to terminals of specific organizations for the purpose of stealing confidential information are increasing. In order to protect the terminal from such malicious e-mail attacks, whether or not the received e-mail is malicious before the user opens the e-mail (hereinafter simply referred to as e-mail) on the terminal. A mail checker to verify is known. The mail checker installed in the terminal has a white list in which the sender address of a reliable sender is recorded. The mail checker determines that the received mail is safe when the source address of the received mail is registered in the white list. The mail checker issues an alert to the user of the terminal when the source address of the received mail is not registered in the white list.

JP 2009-175900 A

"Mail Missend Prevention Solution -ShieldMailChecker-" pamphlet, Fujitsu Social Science Laboratory, 2012 "Client countermeasure technology for targeted email" pamphlet, Fujitsu Limited, published in October 2012 “Industry's first! Development of technology that detects and alerts targeted email attacks in real time on the terminal side”, [Online], [Searched on January 28, 2013], Internet <http://pr.fujitsu.com/ jp / news / 2012/05 / 15-3.html> Yoshioka Takashi, Katayama Yoshinori, Tsuda Hiroshi, Morinaga Masanobu, Fukasawa Ryota, "Proposal of Client Countermeasure Technology for Targeted Email Using E-mail Feature Information" Vol.2012-CSEC-58 No. 37, issued on July 20, 2012

  However, if the source address of the received mail is not registered in the white list, for example, when receiving for the first time at the terminal, the mail checker issues an alert even if the mail is from a sender trusted by the user. End up.

  In one aspect, the present invention provides a mail check program, a mail check device, and a mail check system that can suppress an excessive alert at the time of first reception.

  In one embodiment, the mail check program has a predetermined communication history between the first address of the received mail including the first address and the second address as a destination and the source address of the received mail. If the standard is satisfied, the received mail is processed. Further, the mail check program transmits information related to the processing to the second address. In addition, the mail check program is configured to process the received mail based on the information about the process executed on the received mail received from the second address when the communication history does not satisfy the predetermined standard. Execute the process.

  The excessive alert at the first reception can be suppressed.

FIG. 1 is an explanatory diagram showing an example of the present invention. FIG. 2 is a block diagram illustrating an example of a hardware configuration of the terminal according to the present embodiment. FIG. 3 is a block diagram illustrating an example of a functional configuration of the terminal according to the present embodiment. FIG. 4 is an explanatory diagram illustrating an example of reliability determination. FIG. 5 is an explanatory diagram showing another example of reliability determination. FIG. 6 is an explanatory diagram showing another example of reliability determination. FIG. 7 is a flowchart showing an example of the operation of the mail checker on the process information providing side. FIG. 8 is a flowchart showing an example of the operation of the mail checker on the receiving side of processing information. FIG. 9 is an explanatory diagram showing an example of the operation of the mail check system of the present embodiment. FIG. 10 is a sequence diagram illustrating an example of the operation of the mail check system according to this embodiment. FIG. 11 is an explanatory diagram showing an example of the exchange of processing information of the mail check system of this embodiment.

  Hereinafter, embodiments of a mail check program, a mail check device, and a mail check system disclosed in the present application will be described in detail based on the drawings. The disclosed technology is not limited by the present embodiment. Further, the following embodiments may be appropriately combined within a consistent range.

  First, the outline of the present invention will be described with reference to FIG. FIG. 1 is an explanatory diagram showing an example of the present invention. FIG. 1 shows a case where a broadcast mail addressed to Mr. A, Mr. B, Mr. C, and Mr. D is received. The broadcast mail is a received mail including the first address and the second address as destinations, and is a mail having a plurality of destinations in destination types such as To and Cc. A mail checker that verifies whether or not the received mail is a malicious mail (spoofed mail) before the user opens the mail at the terminals is introduced into the terminals of Mr. A to D. Here, for example, a client PC can be used as the terminal, but any terminal such as a smartphone that can receive mail can be used.

  Upon receiving the broadcast mail, each of the mail checkers A to D generates a processing result with reference to a policy setting database (DB) or the like in which policy settings are stored. Each mail checker refers to the checker introduction database (DB) and provides a processing result to the mail checker of the recipient of the broadcast mail in which the mail checker is installed. For example, when Mr. A to Mr. C first process and open the broadcast mail, Mr. D can refer to the processing results of Mr. A to Mr. C.

  In this way, the recipients who have introduced the mail checker provide the processing results to each other. As a result, in response to a mail from a sender that is received for the first time, when a processing result is confirmed that the recipients of other broadcast mails are safe, alerting can be suppressed.

  FIG. 2 is a block diagram illustrating an example of a hardware configuration of the terminal according to the present embodiment. The terminal 1 shown in FIG. 2 includes a processor 11, a memory 12, a display unit 13, an operation unit 14, an auxiliary storage device 15, and a network interface 16. The processor 11 controls the entire terminal 1. The memory 12 stores various information of various programs. The display unit 13 displays various information to the user. The display unit 13 is a liquid crystal display device, for example. The operation unit 14 receives input from the user. The operation unit 14 is, for example, a keyboard, a mouse, a touch panel, or the like. The auxiliary storage device 15 stores various information related to mail such as a history database (hereinafter referred to as history DB) described later. The auxiliary storage device 15 is, for example, a flash memory. The network interface 16 is a communication interface connected to a network such as a local LAN and the Internet.

  FIG. 3 is a block diagram illustrating an example of a functional configuration of the terminal according to the present embodiment. The processor 11 configures functions that become various processes based on a program stored in the memory 12. As the mail checker 10 of this embodiment, the processor 11 includes a mail reception unit 20, a relationship determination unit 21, a check unit 22, an alert processing unit 23, a mail processing unit 24, a processing information transmission unit 25, a trust The degree determination unit 26 and the storage unit 27 function. The storage unit 27 manages a history DB 28, a policy setting 29, a reliability information database (hereinafter referred to as reliability information DB) 30, a checker introduction database (hereinafter referred to as checker introduction DB) 31, and the like. Further, the processor 11 functions as a mailer 40 and an outband processing unit 41. The out-band processing unit 41 manages an out-band white list database (hereinafter referred to as an out-band white list DB) 42 as a part thereof. In the following description, the first address is assumed to be a user's destination, and the second address is assumed to be another user's destination.

  The mail receiving unit 20 is connected to the network through the network interface 16. The mail receiving unit 20 receives a mail transmitted from a transmission source on the network. In addition, the mail receiving unit 20 receives processing information, which is information related to processing, transmitted as a mail from the mail checker 10 of the other terminal 1. As a mail protocol, for example, SMTP (Simple Mail Transfer Protocol) can be used. The mail receiving unit 20 transmits the received mail to the relationship determining unit 21 and stores it in the history DB 28. Further, the mail receiving unit 20 outputs the processing information to the check unit 22 and the reliability determination unit 26.

  The relationship determining unit 21 receives a received mail from the mail receiving unit 20. The relationship determination unit 21 refers to the header information of the received mail and the history DB 28, and determines the relationship between the sender of the source address of the received mail and the destination of the user that is the first address, that is, the receiver that is the user of the terminal 1. Determine the relationship. For example, when the recipient at the destination of the received mail has a communication history of receiving a mail from the sender at the source address in the past, the relationship determining unit 21 sends the sender at the source and the recipient at the destination. Is determined to satisfy a predetermined standard. That is, the predetermined criterion in this case is whether or not the recipient of the first address of the received mail has received a mail from the sender of the source address in the past. If the relationship determination unit 21 determines that the communication history between the sender and the receiver satisfies a predetermined criterion, the relationship determination unit 21 outputs the received mail to the check unit 22 together with the related information. In addition, the relationship determination unit 21 outputs related information to the reliability determination unit 26.

  In addition, for example, when the recipient of the received mail has never received a mail from the sender of the transmission source in the past, the relationship determination unit 21 determines whether the first recipient and the sender of the transmission source address It is determined that the communication history does not satisfy a predetermined criterion with a recipient as an address. If the relationship determination unit 21 determines that the communication history between the sender and the receiver does not satisfy a predetermined standard, the relationship determination unit 21 outputs the received mail to the check unit 22 together with irrelevant information. Further, the relationship determination unit 21 outputs irrelevant information to the reliability determination unit 26. Here, the header information of the received mail includes a transmission source (From, etc.), a destination type (To, Cc, etc.), a title (Subject), a transmission date / time (Date), a message ID (Message-Id), and the like.

  The check unit 22 receives the received mail and the related information or the non-related information from the relationship determination unit 21. The check unit 22 receives processing information from the mail receiving unit 20. When the relevant information is input, that is, when the communication history between the sender of the received mail and the receiver of the destination satisfies the predetermined standard, the check unit 22 receives the received mail by the mail checker 10. It is determined whether or not it is a check target. The check unit 22 determines that a check is performed by the mail checker 10 if, for example, one or more URLs and attached files exist in the received mail. The check unit 22 outputs the received mail to the alert processing unit 23 when it is a check target. In addition, for example, when the received mail is only a text message, the check unit 22 determines that it is not a check target. The check unit 22 outputs the received mail to the processing information transmission unit 25 when it is not a check target.

  When the irrelevant information is input, that is, when the communication history between the sender of the received mail and the receiver of the destination does not satisfy a predetermined standard, the check unit 22 determines that the received mail is the mail checker 10. It is determined whether or not it is a check target. The check unit 22 determines that a check is performed by the mail checker 10 if, for example, one or more URLs and attached files exist in the received mail. When the check unit 22 is the target of the check, the mail checker 10 of the terminal 1 used by the second recipient of the received mail (the recipient of another user), that is, the recipient of the broadcast recipient who is the recipient of the broadcast recipient. The mail receiving unit 20 waits to receive the processing information from. When receiving the processing information from the mail receiving unit 20, the check unit 22 outputs the received mail to the reliability determination unit 26. In addition, for example, when the received mail is only a text message, the check unit 22 determines that it is not a check target. The check unit 22 outputs the received mail to the processing information transmission unit 25 when it is not a check target.

  The alert processing unit 23 receives the received mail from the check unit 22. The alert processing unit 23 receives the received mail and the processing information from the reliability determination unit 26. The alert processing unit 23 acquires or generates processing information when the received mail is a check target by the mail checker 10. The alert processing unit 23 refers to the white list and policy setting stored in the policy setting 29. The alert processing unit 23 does not issue a warning to the user who is the recipient when the address of the transmission source is registered in the white list or conforms to the policy setting, and the through information is used as a through process. Generate. Here, the alert processing unit 23 may refer to the out-band white list stored in the out-band white list DB 42. Even when the transmission source address is registered in the out-of-band whitelist, the alert processing unit 23 does not issue a warning to the user who is the recipient, and generates through information as through processing. Further, in addition to the white list and policy setting, the alert processing unit 23 may refer to identifiers given to each other by transmission and reception, header information such as past received mail paths stored in the history DB 28, and the like. .

  When the transmission source address is not registered in the white list, or when processing information is received, the alert processing unit 23 performs alert processing for issuing a warning to the user who is the recipient. The alert process displays at least a part of the received mail, for example, the beginning of the text, and information on one or more of the URL and the attached file on the display unit 13 on a pop-up screen or the like, and the recipient of the received mail Information is presented to the user. The alert processing unit 23 displays an option on whether to secure the received mail in a pop-up screen or the like, and prompts the user to select. The user operates the operation unit 14 to select whether to secure the received mail. At this time, processing information for processing the received mail at the destination of another user may be displayed on the display unit 13.

  Based on the operation information of the operation unit 14, the alert processing unit 23 acquires the safety information indicating that the safety is performed or the confirmed information indicating that the user has received the confirmation as it is for the received mail. The alert processing unit 23 outputs the acquired or generated safety information, confirmed information, or through information as processing information to the mail processing unit 24 together with the received mail. In addition to the safety, the alert processing may output quarantine information indicating that the received mail is quarantined to a special folder to the mail processing unit 24 as processing information.

  The mail processing unit 24 receives the safety information, the confirmed information, or the through information as the received mail and the processing information from the alert processing unit 23 or the reliability determination unit 26. The mail processing unit 24 processes the received mail based on the input safety information, confirmed information, or through information.

  When the safety information is input, the mail processing unit 24 performs the safety processing based on the input safety information. In the security process, for example, one or more of the URL and the attached file are removed from the received mail. Here, in the security processing, for example, either or both of the URL and the attached file may be removed. Further, the URL security processing removes, for example, a URL including a keyword suspected of being malicious and a shortened URL. The attached file security processing removes attached files such as an execution file, a compressed file, a document file, and an image file, for example.

  When the confirmed information or the through information is input, the mail processing unit 24 outputs the confirmed information or the through information as processing information to the processing information transmitting unit 25 together with the received mail. Further, when the safety processing is completed, the mail processing unit 24 outputs the safety information as processing information to the processing information transmission unit 25 together with the processed received mail. Further, the mail processing unit 24 stores the processing information in the history DB 28. Note that when the quarantine information is input, the mail processing unit 24 may perform a quarantine process to quarantine the received mail in a special folder.

  The processing information transmission unit 25 receives the received mail and the processing information from the mail processing unit 24. The processing information transmission unit 25 refers to the checker introduction DB 31 to the terminal 1 of the broadcast recipient who has introduced the mail checker 10 among the broadcast recipients (addresses of other users) of the received mail. Then, the processing information is transmitted through the network interface 16. When the processing information transmission unit 25 completes the transmission of the processing information, the processing information transmission unit 25 outputs the received mail to the mailer 40.

  In addition, the processing information transmission unit 25 receives the received mail from the check unit 22. In this case, the processing information transmitting unit 25 outputs the received mail to the mailer 40 without transmitting the processing information to the other user's destination of the received mail. In addition, the processing information transmission unit 25 is a side where the mail checker 10 receives provision of processing information, and when the provided processing information is reliable, the processing information transmission unit 25 sends the received mail to other user destinations. The received mail is output to the mailer 40 without transmitting the processing information.

  When the irrelevant information is input from the relationship determination unit 21, the reliability determination unit 26 receives the processing information received from another user's destination from the mail reception unit 20. The reliability determination unit 26 refers to the history DB 28 and the reliability information DB 30 and determines the reliability of the processing information based on the information of the broadcast recipient that is the destination of another user of the received mail. When the reliability determination unit 26 determines that there is reliability, the reliability determination unit 26 outputs the received mail and the processing information to the mail processing unit 24. When the reliability determination unit 26 determines that there is no reliability, the reliability determination unit 26 outputs the received mail and the processing information to the alert processing unit 23. Here, in the determination of the reliability, an identifier given to each other by transmission and reception, header information such as a path of a past received mail stored in the history DB 28, and the like may be referred to. In addition, the reliability determination unit 26 stores the processing information in the reliability information DB 30.

  In addition, the reliability determination unit 26 may prompt the determination of the reliability of the processing information by providing the distribution of the processing information of the other user's destination to the user who is the recipient of the user's destination. . In addition, when the determination information of the determination result is greater than or equal to a predetermined ratio regarding the determination of the reliability of the processing information, the reliability determination unit 26 transmits the processing information of the determination result to the mail addressed to the user. You may employ | adopt as process information of the process performed by the checker 10. FIG.

  The reliability determination unit 26 receives a received mail from the check unit 22 when related information is input from the relationship determination unit 21. The reliability determination unit 26 stores information related to the other user's destination in the received mail in the reliability information DB 30.

  Here, an example of the reliability determination of the processing information performed by the reliability determination unit 26 will be described. FIG. 4 is an explanatory diagram illustrating an example of reliability determination. The example of FIG. 4 uses the number N of times that the mail checker 10 of each terminal 1 transmits / receives processing information to / from each other as a determination criterion for determining reliability. The determination criterion for the reliability determination in FIG. 4 is, for example, N = 3. Further, the mail checkers 10 of each terminal 1 of Mr. A, Mr. B, and Mr. C who are broadcast recipients share processing information with each other. At this time, it is assumed that processing information has been transmitted and received between Mr. A and Mr. B three times or more in the past. That is, in the reliability determination of the mail checker 10, the social relationship between Mr. A and Mr. B is utilized. The reliability determination unit 26 determines that Mr. A and Mr. B are in a trust relationship with reference to the reliability information DB 30. That is, the reliability determination unit 26 determines that the processing information transmitted and received between Mr. A and Mr. B has reliability. On the other hand, it is assumed that processing information has been transmitted and received between Mr. B and Mr. C less than three times in the past. The reliability determination unit 26 determines that Mr. A and Mr. B are not in a trust relationship with reference to the reliability information DB 30. That is, the reliability determination unit 26 determines that the processing information transmitted / received between Mr. B and Mr. C has no reliability.

  FIG. 5 is an explanatory diagram showing another example of reliability determination. In the example of FIG. 5, groups to which broadcast recipients A, B, C, and D belong are used as a criterion for determining reliability. The determination criteria of the reliability determination in FIG. 5 are, for example, whether or not they belong to the same belonging group, and the belonging group Y includes Mr. A, Mr. B, and Mr. C, and does not include Mr. D. . Also, the mail checkers 10 of each terminal 1 of Mr. A, Mr. B, and Mr. D who are broadcast recipients share processing information with each other. The reliability determination unit 26 refers to the reliability information DB 30 and determines that Mr. A and Mr. B are in a trust relationship because they belong to the same group. That is, the reliability determination unit 26 determines that the processing information transmitted and received between Mr. A and Mr. B has reliability. Further, the reliability determination unit 26 refers to the reliability information DB 30 and determines that Mr. A, Mr. B, and Mr. D are not in the same belonging group, and thus are not in a trust relationship. That is, the reliability determination unit 26 determines that the processing information transmitted / received between Mr. A or Mr. B and Mr. D has no reliability.

  FIG. 6 is an explanatory diagram showing another example of reliability determination. In the example of FIG. 6, the postal relationships of A, B, and C, who are broadcast recipients, are used as criteria for determining reliability. The determination criteria of the reliability determination in FIG. 6 are, for example, whether or not there is a job relationship such as a boss and a subordinate, Mr. A and Mr. B are in a job relationship between a boss and a subordinate, Assume that Mr. B has no job relationship. Further, the mail checkers 10 of each terminal 1 of Mr. A, Mr. B, and Mr. C who are broadcast recipients share processing information with each other. The reliability determination unit 26 refers to the reliability information DB 30 and determines that Mr. A and Mr. B are in a trust relationship because they are in a supervisory and subordinate job relationship. That is, the reliability determination unit 26 determines that the processing information transmitted and received between Mr. A and Mr. B has reliability. Further, the reliability determination unit 26 refers to the reliability information DB 30 and determines that Mr. A, Mr. B, and Mr. C are not in a trust relationship because there is no job relationship. That is, the reliability determination unit 26 determines that the processing information transmitted / received between Mr. A or Mr. B and Mr. C has no reliability.

  Returning to the description of FIG. 3, the history DB 28 stores the history of mail received in the past. The history to be stored stores, in addition to the received mail itself including the header information, the address of the transmission source, the sender, the organization of the sender, the number of received mails for each transmission date, and the like. The history to be stored may also store these statistical information.

  The policy setting 29 stores, as policy settings, a check policy used for determining whether or not the check unit 22 is a check target, and a reception white list used by the alert processing unit 23. For example, if one or more URLs and attached files exist, the check policy can be a check policy to be checked by the mail checker 10. The white list is a list of sender addresses with clear features, such as mailing lists and members of external committees. For policy setting, in addition to the white list, for example, an identifier or the like assigned to each of sent and received mails can be used.

  The reliability information DB 30 stores the transmission / reception history of mail and processing information with the broadcast recipient who is the destination of other users of the received mail, the affiliation group and title of the broadcast recipient (other users), and the like. . In addition, the reliability information DB 30 may store information on commonly used applications such as groupware and schedulers, reliability indicated by a third party organization, and the like for use in reliability determination. .

  The checker introduction DB 31 stores a destination of each user who uses the terminal 1 in which the mail checker 10 has been introduced. That is, the checker introduction DB 31 stores destinations of other users who can share processing information for received mail.

  The mailer 40 receives a received mail from the mail checker 10. The mailer 40 has a user interface so that the user of the terminal 1 can send and receive mail. That is, the mailer 40 allows the user to browse received mail, create outgoing mail, and the like. The mailer 40 outputs the outgoing mail to the out-band processing unit 41.

  The out-band processing unit 41 receives a transmission mail from the mailer 40. The outband processing unit 41 refers to the outband whitelist DB 42 and warns the user of the terminal 1 if there is a possibility of erroneous transmission or the like. If there is no possibility of erroneous transmission or the like, the out-band processing unit 41 transmits the transmission mail to the destination on the network through the network interface 16.

  The out-band white list DB 42 stores a white list for transmission. Similar to the white list for reception, the white list for transmission is a list of destinations with clear features, such as mailing lists and members of external committees.

  Next, the operation of the mail check system of this embodiment will be described. First, of the operations of the mail checker 10 according to the first embodiment, the mail checker 10 on the side that provides processing information will be described. FIG. 7 is a flowchart showing an example of the operation of the mail checker on the process information providing side. In the example of FIG. 7, it is assumed that the user of the terminal 1 has received a mail from the transmission source in the past.

  The relationship determination unit 21 of the mail checker 10 determines whether the communication history between the transmission source of the received mail received by the mail reception unit 20 and the user destination satisfies a predetermined criterion. The relationship determining unit 21 determines that the communication history satisfies a predetermined criterion because the user of the terminal 1 has received a mail from the transmission source in the past. The relationship determining unit 21 outputs the received mail together with related information to the check unit 22. The check unit 22 receives the received mail and the related information from the relationship determination unit 21. The check unit 22 refers to the check policy of the policy setting 29 and determines whether the received mail is a check target by the mail checker 10 (step S1). If the received mail is a check target (Yes at Step S1), the check unit 22 outputs the received mail to the alert processing unit 23. If the received mail is not a check target (No at Step S1), the check unit 22 outputs the received mail to the processing information transmitting unit 25, and the processing information transmitting unit 25 outputs the received mail to the mailer 40 (Step S17). .

  When the received mail is a check target, the alert processing unit 23 receives the received mail from the check unit 22 and acquires or generates processing information. The alert processing unit 23 refers to the white list and policy setting stored in the policy setting 29 in order to determine whether to perform the through process (step S2). When the transmission source is registered in the white list or matches the policy setting (Yes at Step S2), the alert processing unit 23 does not issue a warning to the destination user and sends through information as through processing. Generate (step S13). The alert processing unit 23 outputs the received mail and through information to the mail processing unit 24.

  The mail processing unit 24 outputs the through information as it is as processing information to the processing information transmitting unit 25 together with the received mail. Further, the mail processing unit 24 stores the processing information in the history DB 28.

  The processing information transmission unit 25 receives the received mail and the processing information from the mail processing unit 24. The processing information transmitting unit 25 refers to the checker introduction DB 31 and extracts a destination (broadcast recipient) of another user of the received mail (step S14). The process information transmission unit 25 determines whether the destination terminal of another user has installed the mail checker 10 (step S15). The processing information transmission unit 25 transmits through information, which is processing information, to the terminal 1 of the destination of another user who has introduced the mail checker 10 (Yes in step S15) through the network interface 16 (step S16). . Thereafter, the processing information transmitting unit 25 outputs the received mail to the mailer 40 (step S17). The processing information transmission unit 25 outputs the received mail to the mailer 40 without transmitting the through information as the processing information to the terminal of the destination of another user who has not introduced the mail checker 10 (No at Step S15). (Step S17).

  If the transmission source is not registered in the white list or does not conform to the policy setting (No at Step S2), the alert processing unit 23 performs an alert process for issuing a warning to the destination user (Step S3). ). The alert processing is a destination of the received mail on a pop-up screen or the like that displays at least a part of the received mail, for example, the beginning of the text, and information on one or more of the URL and the attached file on the display unit 13. Present information to the user. The alert processing unit 23 displays an option on whether to secure the received mail in a pop-up screen or the like, and prompts the user to select. The user operates the operation unit 14 to select whether or not to secure the received mail (step S4).

  Based on the operation information of the operation unit 14, the alert processing unit 23 acquires the safety information indicating that the safety is performed or the confirmed information indicating that the user has received the confirmation as it is for the received mail. When the alert processing unit 23 acquires the safety information (Yes at Step S4), the alert processing unit 23 outputs the acquired safety information as processing information to the mail processing unit 24 together with the received mail. When the confirmed information is acquired (No at Step S4), the alert processing unit 23 outputs the acquired confirmed information as processing information to the mail processing unit 24 together with the received mail.

  When the alert processing unit 23 acquires the safety information, the mail processing unit 24 receives the received mail and the processing information from the alert processing unit 23. The mail processing unit 24 performs a safety process for removing one or more of the URL and the attached file, for example, on the received mail based on the safety information that is the input process information (step S5). When the safety processing is completed, the mail processing unit 24 outputs the safety information as processing information to the processing information transmission unit 25 together with the processed received mail. Further, the mail processing unit 24 stores the processing information in the history DB 28.

  The processing information transmission unit 25 receives the received mail and the processing information from the mail processing unit 24. The processing information transmission unit 25 refers to the checker introduction DB 31 and extracts a destination (broadcast recipient) of another user of the received mail (step S6). The processing information transmission unit 25 determines whether the destination terminal of another user has installed the mail checker 10 (step S7). The processing information transmission unit 25 transmits the safety information, which is processing information, to the terminal 1 of the destination of another user who has installed the mail checker 10 (Yes in step S7) (step S8). ). Thereafter, the processing information transmitting unit 25 outputs the received mail to the mailer 40 (step S17). Further, the processing information transmitting unit 25 sends the received mail to the mailer without transmitting the safety information as the processing information to the destination terminal of another user who has not introduced the mail checker 10 (No at Step S7). 40 (step S17).

  When the alert processing unit 23 acquires the confirmed information, the mail processing unit 24 does nothing with respect to the received mail based on the confirmed information (step S9). The mail processing unit 24 outputs the received confirmed information as processing information to the processing information transmission unit 25 together with the received mail. Further, the mail processing unit 24 stores the processing information in the history DB 28.

  The processing information transmission unit 25 receives the received mail and the processing information from the mail processing unit 24. The processing information transmitting unit 25 refers to the checker introduction DB 31 and extracts a destination (broadcast recipient) of another user of the received mail (step S10). The processing information transmission unit 25 determines whether the destination terminal of another user has installed the mail checker 10 (step S11). The processing information transmission unit 25 transmits the confirmed information, which is processing information, to the terminal 1 of the destination of another user who has installed the mail checker 10 (Yes in Step S11) (Step S12). ). Thereafter, the processing information transmitting unit 25 outputs the received mail to the mailer 40 (step S17). The processing information transmitting unit 25 sends the received mail to the mailer 40 without transmitting the confirmed information that is the processing information to the terminal of the destination of another user who has not introduced the mail checker 10 (No at Step S11). Output (step S17). According to the processing of the mail checker 10 on the side providing the processing information, the processing information can be transmitted to the mail checker 10 of another destination.

  Next, of the operations of the mail checker 10 according to the first embodiment, the operations of the mail checker 10 on the receiving side of processing information will be described. FIG. 8 is a flowchart showing an example of the operation of the mail checker on the receiving side of processing information. In the example of FIG. 8, it is assumed that the user of the terminal 1 has never received a mail from the transmission source in the past.

  The relationship determination unit 21 of the mail checker 10 determines whether the communication history between the transmission source of the received mail received by the mail reception unit 20 and the user destination satisfies a predetermined criterion. The relationship determination unit 21 determines that the communication history does not satisfy a predetermined criterion because the user of the terminal 1 has never received a mail from the transmission source in the past. The relationship determination unit 21 outputs the received mail to the check unit 22 together with irrelevant information. Further, the relationship determining unit 21 outputs irrelevant information to the reliability determining unit 26. The check unit 22 receives the received mail and the irrelevant information from the relationship determination unit 21. The check unit 22 refers to the check policy of the policy setting 29 and determines whether or not the received mail is a check target by the mail checker 10 (step S51). If the received mail is a check target (Yes at Step S51), the check unit 22 outputs the received mail to the alert processing unit 23. If the received mail is not subject to check (No at Step S51), the check unit 22 outputs the received mail to the processing information transmitting unit 25, and the processing information transmitting unit 25 outputs the received mail to the mailer 40 (Step S65). .

  When the received mail is a check target, the check unit 22 waits for processing information to be transmitted from the mail checker 10 that is the destination of another user of the received mail, and for the mail receiving unit 20 to receive the processing information. When the mail receiving unit 20 receives the processing information, the check unit 22 outputs the received mail to the reliability determination unit 26 (step S52). Note that the check unit 22 may output the received mail to the reliability determination unit 26 without waiting for reception of the processing information. In this case, the check unit 22 outputs no reliability information to the reliability determination unit 26.

  The reliability determination unit 26 receives the received mail from the check unit 22 and receives processing information from the mail receiving unit 20. The reliability determination unit 26 refers to the history DB 28 and the reliability information DB 30 and determines the reliability of the processing information based on the information on the destination (broadcast recipient) of another user of the received mail (step S53). . When the reliability determination unit 26 determines that there is reliability (Yes in step S53), the reliability determination unit 26 outputs the received mail and the processing information to the mail processing unit 24. When the reliability determination unit 26 determines that there is no reliability (No at Step S53), the reliability determination unit 26 outputs the received mail and the processing information to the alert processing unit 23. In addition, the reliability determination unit 26 determines that there is no reliability even when information with no reliability is input from the check unit 22.

  When the reliability determination unit 26 determines that there is reliability, the mail processing unit 24 receives the received mail and the processing information from the reliability determination unit 26. The mail processing unit 24 processes the received mail based on the input safety information, the confirmed information, or the through information (Step S54).

  When the safety information is input (step S54 “safety information”), the mail processing unit 24 performs a safety process on the received mail based on the safety information (step S55). When the safety processing is completed, the mail processing unit 24 outputs the safety information as processing information to the processing information transmission unit 25 together with the processed received mail.

  The processing information transmission unit 25 is a side where the mail checker 10 receives provision of processing information, and the processing information thus received is reliable. The processing information is not transmitted, and the received mail is output to the mailer 40 (step S65).

  When the confirmed information is input (step S54 “confirmed information”), the mail processing unit 24 does nothing for the received mail (step S56). Here, the mail processing unit 24 may perform processing such as adding a confirmation message to the received mail. The mail processing unit 24 outputs the confirmed information as processing information to the processing information transmitting unit 25 together with the processed received mail.

  The processing information transmission unit 25 is the side where the mail checker 10 receives the processing information and the processing information received is reliable, so that the processing information is sent to another destination of the received mail. Is not transmitted, and the received mail is output to the mailer 40 (step S65).

  When the through information is input (step S54 “through information”), the mail processing unit 24 does nothing with the received mail (step S57). The mail processing unit 24 outputs the through information as processing information to the processing information transmission unit 25 together with the received mail.

  The processing information transmission unit 25 is the side where the mail checker 10 receives the processing information and the processing information received is reliable, so that the processing information is sent to another destination of the received mail. Is not transmitted, and the received mail is output to the mailer 40 (step S65).

  When the reliability determination unit 26 determines that there is no reliability, the alert processing unit 23 receives the received mail and the processing information from the reliability determination unit 26. The alert processing unit 23 performs an alert process for issuing a warning to the destination user (step S58). The alert processing is a destination of the received mail on a pop-up screen or the like that displays at least a part of the received mail, for example, the beginning of the text, and information on one or more of the URL and the attached file on the display unit 13. Present information to the user. The alert processing unit 23 displays an option on whether to secure the received mail in a pop-up screen or the like, and prompts the user to select. The user operates the operation unit 14 to select whether or not to secure the received mail (step S59).

  Based on the operation information of the operation unit 14, the alert processing unit 23 acquires the safety information indicating that the safety is performed or the confirmed information indicating that the user has received the confirmation as it is for the received mail. When the safety information is acquired (Yes at Step S59), the alert processing unit 23 outputs the acquired safety information as processing information to the mail processing unit 24 together with the received mail. When the alert processing unit 23 acquires the confirmed information (No at Step S59), the alert processing unit 23 outputs the acquired confirmed information as processing information to the mail processing unit 24 together with the received mail.

  When the alert processing unit 23 acquires the safety information, the mail processing unit 24 receives the received mail and the processing information from the alert processing unit 23. The mail processing unit 24 performs a safety process on the received mail based on the safety information that is the process information (step S64). When the safety processing is completed, the mail processing unit 24 outputs the safety information as processing information to the processing information transmission unit 25 together with the processed received mail. Further, the mail processing unit 24 stores the processing information in the history DB 28.

  The processing information transmission unit 25 receives the received mail and the processing information from the mail processing unit 24. The processing information transmission unit 25 outputs the received mail to the mailer 40 without transmitting the safety information that is the processing information to the destination terminal of the other user (step S65). The processing information transmission unit 25 may transmit the safety information to the mail checker 10 that is the destination of another user, similarly to the side that provides the processing information.

  When the alert processing unit 23 acquires the confirmed information, the mail processing unit 24 receives the received mail and the processing information from the alert processing unit 23. The mail processing unit 24 does nothing for the received mail based on the confirmed information (step S60). The mail processing unit 24 outputs the received confirmed information as processing information to the processing information transmission unit 25 together with the received mail. Further, the mail processing unit 24 stores the processing information in the history DB 28.

  The processing information transmission unit 25 receives the received mail and the processing information from the mail processing unit 24. The processing information transmitting unit 25 refers to the checker introduction DB 31 and extracts a destination (broadcast recipient) of another user of the received mail (step S61). The processing information transmission unit 25 determines whether or not another user's destination terminal has installed the mail checker 10 (step S62). The processing information transmission unit 25 transmits the confirmed information, which is processing information, to the terminal 1 of the destination of another user who has installed the mail checker 10 (Yes in step S62) (step S63). ). Thereafter, the processing information transmission unit 25 outputs the received mail to the mailer 40 (step S65). The processing information transmission unit 25 sends the received mail to the mailer 40 without transmitting the confirmed information that is the processing information to the terminal of the destination of another user who has not introduced the mail checker 10 (No at Step S62). Output (step S65). According to the processing of the mail checker 10 on the side where the processing information is provided, it is possible to receive the processing information of another user's destination and use it for the processing of the mail checker 10.

  Next, operations of the mail check system according to the present embodiment and the mail check system including the plurality of mail checkers 10 will be described. FIG. 9 is an explanatory diagram showing an example of the operation of the mail check system of the present embodiment. FIG. 10 is a sequence diagram illustrating an example of the operation of the mail check system according to this embodiment.

  In the example of the operation of the mail check system of FIGS. 9 and 10, a case where the sender X transmits mail to the receivers A, B, C, and E will be described. For example, it is assumed that the recipients A, B, and C use the terminal 1 in which the mail checker 10 is installed, and the terminal 100 used by the recipient E does not have the mail checker 10 installed. Here, for example, it is assumed that the recipient A has exchanged a lot of mail with the sender X in the past, that is, mail transmission / reception. For example, it is assumed that the recipient B has not exchanged mail with the sender X and the recipient A in the past. Further, for example, it is assumed that the recipient C has not exchanged mail with the sender X in the past, but has a trust relationship with the recipient A because of exchange of mail. Further, it is assumed that the mail includes one or more of, for example, a URL and an attached file to be checked by the mail checker 10.

  First, the sender X designates the destinations of the recipients A, B, C, and E as the destination type To and transmits the mail. The mail that reaches the terminals 1 and 100 of the recipients A, B, C, and E will be referred to as a received mail in the following description. Since the mail checker 10 is not installed in the terminal 100 of the recipient E, it is assumed that the recipient E makes a judgment on the mailer 40 and the description of the operation is omitted.

  The mail checker 10 of the terminal 1 of the recipient A receives the received mail (step S101). Similarly, the mail checkers 10 of the terminals 1 of the recipients B and C receive the received mail (steps S121 and S141). The mail receiving unit 20 of the recipient A receives the received mail and outputs it to the relationship determining unit 21. Similarly, the mail receiving units 20 of the recipients B and C receive the received mail and output the received mail to each relationship determining unit 21.

  The receiver A relationship determination unit 21 receives the received mail from the mail receiver 20, and determines the relationship between the sender X and the receiver A (step S102). The relationship determination unit 21 of the receiver A determines that the communication history between the sender X and the receiver A satisfies a predetermined criterion because the receiver A has a mail transmission / reception history in the past with the sender X. . The relationship determination unit 21 of the receiver A outputs the received mail to the check unit 22 together with related information.

  The recipient B and C relationship determination unit 21 receives a received mail from each mail receiver 20 and determines the relationship between the sender X and the recipient B or C (steps S122 and S142). The relationship determination unit 21 of the receivers B and C determines that the communication history does not satisfy a predetermined standard because the sender X and the receivers B or C have not sent and received mail in the past. The relationship determination unit 21 of the recipients B and C outputs the received mail to the check unit 22 together with irrelevant information.

  When the received mail and the related information are input from the relationship determining unit 21, the check unit 22 of the recipient A determines whether the received mail is a check target by the mail checker 10 (step S103). The check unit 22 of the recipient A determines that it is a check target because one or more of the URL and the attached file exists in the received mail (Yes in step S103). The checker 22 of the recipient A outputs the received mail to the alert processor 23. Although omitted in FIG. 10, the check unit 22 outputs the received mail to the processing information transmission unit 25 when the received mail is not a check target by the mail checker 10.

  When the received mail and the irrelevant information are input from the relationship determining unit 21, the check unit 22 of the recipients B and C determines whether the received mail is a check target by the mail checker 10 (Step S <b> 123). S143). The checking unit 22 of the recipients B and C determines that the received mail is a check target because one or more of the URL and the attached file exists in the received mail (Yes in steps S123 and S143). Although omitted in FIG. 10, the check unit 22 outputs the received mail to the processing information transmission unit 25 when the received mail is not a check target by the mail checker 10. The checking units 22 of the recipients B and C wait until the processing information is transmitted from the mail checker 10 of the recipient A of the received mail and the processing information is received by the mail receiving units 20 of the recipients B and C (step S124, S144).

  The alert processing unit 23 of the recipient A receives the received mail from the check unit 22 and acquires or generates processing information. The alert processing unit 23 of the recipient A refers to the white list and policy setting stored in the policy setting 29 (step S104). The alert processing unit 23 of the receiver A does not issue a warning to the receiver A when the address of the sender X is registered in the white list or matches the policy setting (Yes in step S104). Through information is generated as through processing. The image of the through process is, for example, as shown in (1) and (2) in FIG.

  If the sender address of the sender X is not registered in the white list (No at Step S104), the alert processing unit 23 of the receiver A performs an alert process for issuing a warning to the receiver A (Step S105). ). The alert processing unit 23 of the recipient A displays at least a part of the received mail, for example, the beginning of the text, and information on one or more of the URL and the attached file on the display unit 13 as a pop-up screen. The alert processing unit 23 of the recipient A also displays an option on whether to secure the received mail on the display unit 13 in a pop-up screen or the like.

  The alert processing unit 23 of the receiver A acquires processing information based on the operation information of the operation unit 14 when the option of whether or not to secure the received mail is selected by the receiver A. The processing information is, for example, safety information for safety, or confirmed information for confirmation that the user has received the received mail as it is. The alert processing unit 23 of the receiver A outputs the acquired or generated processing information to the mail processing unit 24 together with the received mail. Here, it is assumed that the processing information output by the alert processing unit 23 of the receiver A is, for example, safety information.

  The mail processing unit 24 of the recipient A receives the safety information from the alert processing unit 23 as the received mail and the processing information. The mail processing unit 24 of the recipient A processes the received mail based on the received safety information (Step S106). The mail processing unit 24 of the recipient A outputs the safety information as processing information to the processing information transmitting unit 25 together with the processed received mail.

  The processing information transmitting unit 25 of the recipient A receives the received mail and the processing information from the mail processing unit 24. The processing information transmission unit 25 of the recipient A refers to the checker introduction DB 31 and introduces the mail checker 10 to the terminal 1 among the recipients B, C, and E that are broadcast recipients of the received mail. Processing information is transmitted to the recipients B and C who are the report recipients (step S107). When the transmission of the processing information is completed, the processing information transmission unit 25 of the recipient A outputs the received mail to the mailer 40 (Step S108).

  Thereafter, processing at the receiver B is completed, and processing information at the mail checker 10 of the receiver B may be transmitted from the processing information transmission unit 25 of the receiver B. When the mail receiving unit 20 of the recipient A receives the processing information, the mail receiving unit 20 outputs the processing information to the reliability determination unit 26. The reliability determination unit 26 stores the input processing information in the reliability information DB 30 (step S109).

  Next, the operation of the mail checker 10 of the recipient B that has received the processing information from the mail checker 10 of the receiver A will be described.

  The mail receiver 20 of the receiver B receives the processing information transmitted from the mail checker 10 of the receiver A (Step S125). The mail receiving unit 20 of the recipient B outputs the processing information to the check unit 22 and the reliability determination unit 26.

  When the processing information is input from the mail receiving unit 20, the check unit 22 of the recipient B outputs the received mail to the reliability determination unit 26. The reliability determination unit 26 of the recipient B receives processing information from the mail receiving unit 20 and receives received mail from the check unit 22.

  The reliability determination unit 26 of the recipient B refers to the history DB 28 and the reliability information DB 30 for the recipient A who is a broadcast recipient of the received mail. The reliability determination unit 26 of the receiver B determines the reliability of the processing information based on the information of the receiver A acquired from the history DB 28 and the reliability information DB 30 (step S126). The reliability determination unit 26 of the receiver B determines that there is no reliability since the receiver B has not exchanged mail with the sender X and the receiver A in the past (No in step S126). The reliability determination unit 26 of the recipient B outputs the received mail and the processing information to the alert processing unit 23. In addition, description is abbreviate | omitted here, when the reliability determination part 26 of the receiver B determines with reliability.

  The alert processing unit 23 of the recipient B receives the received mail and the processing information from the reliability determination unit 26. When the received mail and the processing information are input, the alert processing unit 23 of the receiver B performs alert processing for issuing a warning to the user who is the receiver B (step S127). Here, the alert process is the same as the alert process of the recipient A. The alert processing unit 23 of the receiver B acquires the safety information or the confirmed information as a result of the alert processing. The alert processing unit 23 of the recipient B outputs the acquired safety information or confirmed information as processing information to the mail processing unit 24 together with the received mail. Here, for example, it is assumed that the processing information transmitted by the alert processing unit 23 of the receiver B is safety information.

  The mail processing unit 24 of the recipient B receives the safety information from the alert processing unit 23 as the received mail and the processing information. The mail processing unit 24 of the recipient B processes the received mail based on the received safety information (step S128). The mail processing unit 24 of the recipient B outputs the safety information as processing information to the processing information transmitting unit 25 together with the processed received mail.

  The recipient B's processing information transmission unit 25 receives the received mail and the processing information from the mail processing unit 24. The processing information transmission unit 25 of the recipient B refers to the checker introduction DB 31 and has introduced the mail checker 10 into the terminal 1 among the recipients A, C and E that are broadcast recipients of the received mail. The processing information is transmitted to the receivers A and C who are the report receivers (step S129). When the transmission of the processing information is completed, the processing information transmission unit 25 of the receiver B outputs the received mail to the mailer 40 (Step S130).

  Next, the operation of the mail checker 10 of the receiver C that has received the processing information from the mail checker 10 of the receiver A will be described.

  The mail receiving unit 20 of the receiver C receives the processing information transmitted from the mail checker 10 of the receiver A (Step S145). The mail receiving unit 20 of the recipient C outputs the processing information to the check unit 22 and the reliability determination unit 26. Note that the processing information received by the mail receiver 20 of the recipient C is safety information.

  When the processing information is input from the mail receiving unit 20, the check unit 22 of the recipient C outputs the received mail to the reliability determination unit 26. The reliability determination unit 26 of the recipient C receives processing information from the mail receiving unit 20 and receives received mail from the check unit 22.

  The reliability determination unit 26 of the recipient C refers to the history DB 28 and the reliability information DB 30 for the recipient A who is a broadcast recipient of the received mail. The reliability determination unit 26 of the receiver C determines the reliability of the processing information based on the information of the receiver A acquired from the history DB 28 and the reliability information DB 30 (step S146). The reliability determination unit 26 of the receiver C has the reliability that the receiver C has not exchanged mail with the sender X in the past, but has exchanged mail with the receiver A and has a trust relationship. Determine (Yes at step S146). The reliability determination unit 26 of the receiver C outputs the received mail and the processing information to the mail processing unit 24. Note that, when the reliability determination unit 26 of the receiver C determines that there is no reliability, the description is omitted here.

  The mail processing unit 24 of the recipient C receives the safety information as the received mail and the processing information from the reliability determination unit 26. The mail processing unit 24 of the recipient C processes the received mail based on the input safety information (step S147). The mail processing unit 24 of the recipient C outputs the processed received mail to the processing information transmission unit 25.

  The processing information transmission unit 25 of the recipient C receives the received mail from the mail processing unit 24. The processing information transmitter 25 of the receiver C outputs the received mail to the mailer 40 (step S148).

  Thereafter, processing at the receiver B is completed, and processing information at the mail checker 10 of the receiver B may be transmitted from the processing information transmission unit 25 of the receiver B. When the mail receiving unit 20 of the recipient C receives the processing information, the mail receiving unit 20 outputs the processing information to the reliability determination unit 26. The reliability determination unit 26 stores the input processing information in the reliability information DB 30 (step S149). According to the processing of the mail check system of this embodiment, the processing information can be shared by the mail checkers 10 of the plurality of terminals 1.

  Next, an example of processing information exchange in the mail check system of the present embodiment will be described. FIG. 11 is an explanatory diagram showing an example of the exchange of processing information of the mail check system of this embodiment.

  FIG. 11 shows a case where, for example, the sender X sends a mail whose destinations are Mr. A, Mr. B, Mr. C, and Mr. D. Assume that the destination types of the mail are “To” for Mr. A and Mr. C, and “Cc” for Mr. B and Mr. D. In addition, for example, the URL of the email is described in the text, and the email checker 10 installed in the terminals 1 of Mr. A, Mr. B, Mr. C, and Mr. D is basically responsible for the email. An alert shall be issued.

  First, an email is sent from the sender X. The mail checker 10 of the terminal 1 of Mr. A, Mr. B, Mr. C, and Mr. D receives the mail. Hereinafter, the mail checker 10 of each person's terminal 1 is simply referred to as a mail checker 10 and the mail is referred to as a received mail. When Mr. A performs an operation of receiving the received mail with the mailer 40 of the terminal 1, the mail checker 10 of Mr. A determines that the received mail is a check target mail based on the check policy.

  Mr. A's mail checker 10 performs an alert process, for example, pops up a warning screen on the display unit 13 of the terminal 1. For example, Mr. A operates to perform the safety process from the warning screen. Mr. A's mail checker 10 performs security processing on the received mail and outputs the received mail to the mailer 40. In addition, Mr. A's mail checker 10 transmits processing information to Mr. B, Mr. C, and Mr. D by mail. Here, the processing information mail for transmitting the processing information can be processed separately from a normal received mail by, for example, using a special title (Subject). In the example of FIG. 11, a message ID, a title, and a processing result are described as the contents of the processing information mail. In addition, as the processing information mail, the message ID may be entered in the title, and the processing result may be entered in the text.

  Mr. B's mail checker 10 performs a process similar to that of Mr. A's mail checker 10 and pops up a warning screen. At this time, Mr. B's mail checker 10 displays the processing information of Mr. A on the warning screen so that it can be referred to. For example, Mr. B performs an operation of performing the confirmed process in order to receive the message as it is from the warning screen while referring to the process information of Mr. A. Mr. B's mail checker 10 performs a confirmation process on the received mail and outputs the received mail to the mailer 40. In addition, Mr. B's mail checker 10 transmits processing information to Mr. A, Mr. C, and Mr. D by mail.

  Mr. C's mail checker 10 performs the same processing as Mr. A's mail checker 10 and pops up a warning screen. At this time, Mr. C's mail checker 10 displays the processing information of Mr. A and Mr. B on the warning screen so that they can be referred to. For example, Mr. C performs an operation of performing a confirmed process in order to receive the information as it is from the warning screen while referring to the processing information of Mr. A and Mr. B. Mr. C's mail checker 10 performs a confirmation process on the received mail and outputs the received mail to the mailer 40. In addition, Mr. C's mail checker 10 transmits processing information to Mr. A, Mr. B, and Mr. D by mail.

  Mr. D's mail checker 10 performs the same process as Mr. A's mail checker 10 and pops up a warning screen. At this time, Mr. D's mail checker 10 displays the processing information of Mr. A, Mr. B, and Mr. C on the warning screen so that they can be referred to. For example, Mr. D performs an operation of performing a confirmed process in order to receive the message as it is from the warning screen while referring to the process information of Mr. A, Mr. B, and Mr. C. Mr. D's mail checker 10 performs a confirmation process on the received mail and outputs the received mail to the mailer 40. In addition, Mr. D's mail checker 10 transmits processing information to Mr. A, Mr. B, and Mr. C by mail.

  As described above, the mail check system according to the present embodiment may be configured such that the processing result of the person who processed the received mail first can be referred to as processing information. That is, the mail check system according to the present embodiment not only uses processing information for processing in the mail checker 10 but also can check how received mail is processed by each destination user. More appropriate response. For example, if even one of the other destination users is performing the safety process, the safety process can be performed. New recipients can also accumulate new histories. Note that the mail checker 10 may postpone the received mail that is the subject of the alert, and process the received mail that is the through process from the past usage status first.

  Further, the processing information of the destinations of other users to be displayed may be changed depending on the destination type. For example, the processing information transmitted from the destination mail checker 10 whose destination type is “To” displays the recipient and the processing content. Further, the processing information transmitted from the destination mail checker 10 whose destination type is “Cc” displays only the processing content and the number of people or the ratio of the processing content.

  The mail checker 10 according to the present embodiment has a case where the communication history between the first address of the received mail including the first address and the second address as the destination and the transmission source address of the received mail satisfies a predetermined standard. Then, the process for the received mail is executed. Further, the mail checker 10 transmits information regarding the processing to the second address. In addition, when the communication history does not satisfy a predetermined standard, the mail checker 10 executes a process for the received mail based on the information regarding the process executed for the received mail received from the second address. As a result, a plurality of mail checkers 10 can share information related to processing on received mail by transmitting and receiving information related to processing.

  In addition, a mail check system can be configured by a plurality of mail checkers 10 sharing information related to processing. Further, by sharing information related to processing by a plurality of mail checkers 10, even when the mail checker 10 that is a destination of a certain user receives mail for the first time, excessive alerts at the time of first reception can be suppressed. In other words, the mail checker 10 according to the present embodiment can check the reliability of mail transmitted to a plurality of targets.

  The processing that the mail checker 10 performs on the received mail is alert processing that issues a warning to the user at the first address or through processing that does not issue a warning to the user at the first address. The alert process is a confirmed process indicating that the received mail has been confirmed, or a safety process indicating that the received mail has been secured. Further, the information regarding the process is the confirmed information that has been confirmed, the safety information that has been secured, or the through information that has been subjected to the through process. As a result, the mail checker 10 can appropriately issue a warning to the user.

  In addition, when the communication history does not satisfy the predetermined standard, the mail checker 10 determines the reliability of the information related to the received process based on the reliability information indicating the reliability of the second address, and the reliability The process for the received mail according to the determination result is executed. As a result, the received mail can be processed according to the reliability of the second address.

  Further, the mail checker 10 acquires confirmed information or safety information from the user at the first address by alert processing. As a result, the intention of the user can be reflected in the alert process.

  Further, the mail checker 10 checks whether or not the mail is a check target mail according to a predetermined policy setting, and determines the reliability of information related to processing based on the reliability information. As a result, it is possible to use only the information related to the processing of the second address in the trust relationship for the check target mail.

  Further, when the mail checker 10 determines that the information related to the received process is not reliable, the mail checker 10 acquires the safety information or the confirmed information from the user at the first address by the alert process. As a result, the intention of the user at the first address can be reflected in the alert process even if there is no reliability of the information regarding the received process.

  Further, the mail checker 10 includes, as a check policy, the presence or absence of one or more of URLs and attached files in mail. As a result, it is possible to warn the user of the first address only for a mail with a high degree of risk without warning the user of the first address for the mail containing only the text without the URL.

  Furthermore, the mail checker 10 receives, as reliability information, information based on the transmission / reception history of information related to processing with the second address, or the group or job title of the user at the first address and the user at the second address. Use. As a result, the presence or absence of reliability can be set appropriately.

  Further, the mail checker 10 refers to the out-band white list. As a result, it is possible to transmit a mail from the user at the first address, and to suppress the warning from being issued for the reply mail from the other party to the transmitted mail.

  In addition, the following points can be cited as challenges. For example, when white list information is shared using a shared server in a specific organization, the information of a reliable sender can be shared in the organization. However, for example, in a group or committee including other organizations or outside, it is often difficult to share reliable sender information using a shared server due to access restrictions or the like. Furthermore, distributing the functions of the shared server to each terminal is not easy to realize whitelist information sharing in real time due to the increase or decrease of the terminals.

  On the other hand, the mail check system including the plurality of mail checkers 10 according to the present embodiment can share the white list, that is, the information of the safe transmission source, with other users' destinations without using the shared server. it can. In addition, since the mail check system of this embodiment does not use a shared server, for example, whitelist information can be shared in real time among members of other organizations and groups including the outside and committees. Can do.

  In the above embodiment, the number of terminals 1 is three or four. However, the present invention is not limited to this. The number of terminals 1 may be appropriately increased or decreased as long as it is a plurality.

  Further, in the above embodiment, processing is performed separately on the side that provides the processing information and the side that is provided depending on whether or not mail has been exchanged between the transmission source and the user destination in the past. It is not limited to this. The processing on the side that provides the processing information and the processing on the side that provides the processing information may be determined according to other conditions. For example, when there are a plurality of users having the same degree of reliability, any user's mail checker may provide the processing information, or may be determined randomly by a random number or the like.

  Moreover, in the said Example, although determination of the reliability was made into two steps, it is not limited to this. The determination of the reliability may be performed by using the processing information of the user with high reliability as information with higher reliability, and the determination of the reliability may be made in three or more stages.

  Moreover, in the said Example, although the processing information with respect to a received mail was made into safety information, confirmed information, and through information, it is not limited to this. The processing information for the received mail may be quarantine information for quarantining the received mail, reception refusal information for refusing reception, or the like.

  In the above embodiment, the user of the destination terminal 1 may not process the received mail until a large amount of processing information is transmitted from another destination. However, the dummy processing information and a part of the received mail may not be processed. By processing information, the processing of received mail may be promoted.

  Moreover, in the said Example, although the reliability was determined automatically by the side provided with process information, it is not limited to this. For example, a mail checker uses L-DAP (Lightweight Directory Access Protocol) or the like to access a directory service and provide a destination user with an inquiry method such as mail or telephone of another destination user who provides processing information. You may make it do.

  In addition, each component of each part illustrated does not necessarily need to be physically configured as illustrated. In other words, the specific form of distribution / integration of each part is not limited to the one shown in the figure, and all or a part thereof may be functionally or physically distributed / integrated in arbitrary units according to various loads and usage conditions. Can be configured.

  As described above, the following supplementary notes are further disclosed regarding the embodiment including the present example.

(Supplementary note 1) When the communication history between the first address of the received mail including the first address and the second address as the destination and the transmission source address of the received mail satisfies a predetermined standard in the computer In addition, a process for the received mail is performed, information related to the process is transmitted to the second address,
When the communication history does not satisfy the predetermined standard, each process for executing the process for the received mail based on the information regarding the process executed for the received mail received from the second address A mail check program characterized by being executed.

(Additional remark 2) The process performed with respect to the said received mail is the alert process which issues a warning with respect to the user of the said 1st address, or the through process which does not issue a warning with respect to the user of the said 1st address The alert process is a confirmed process indicating that the received mail has been confirmed, or a safety process indicating that the received mail has been secured.
The mail check program according to appendix 1, wherein the information related to the processing is confirmed information that has been confirmed processing, safety information that has been secured processing, or through information that has been subjected to through processing. .

(Additional remark 3) When the said communication history does not satisfy | fill the said predetermined | prescribed reference | standard, based on the reliability information showing the reliability of the said 2nd address, the reliability of the information regarding the received said process is determined,
The mail check program according to appendix 1 or 2, further causing the computer to execute a process of executing a process on the received mail according to the reliability determination result.

(Additional remark 4) The said reliability information is based on the transmission / reception log | history of the information regarding the said process with the said 2nd address, or the affiliation group or post of the user of the said 1st address, and the user of the said 2nd address The mail check program according to appendix 3, which is information.

(Supplementary Note 5) When a communication history between the first address of the received mail including the first address and the second address as a destination and the transmission source address of the received mail satisfies a predetermined criterion, An alert processing unit that performs processing on received mail;
A transmission unit for transmitting information on the processing to the second address;
If the communication history does not satisfy the predetermined standard, a mail processing unit that executes processing on the received mail based on information about processing performed on the received mail received from the second address When,
A mail check apparatus characterized by comprising:

(Appendix 6) A mail check system having a plurality of mail check devices,
Each mail check device
Processing for the received mail when a communication history between the first address of the received mail including the first address and the second address as a destination and a transmission source address of the received mail satisfies a predetermined criterion An alert processing unit for executing
A transmission unit for transmitting information on the processing to the second address;
If the communication history does not satisfy the predetermined standard, a mail processing unit that executes processing on the received mail based on information about processing performed on the received mail received from the second address And having
A mail check system in which information related to the processing is shared between mail check devices.

(Appendix 7)
Processing for the received mail when a communication history between the first address of the received mail including the first address and the second address as a destination and a transmission source address of the received mail satisfies a predetermined criterion To send information about the process to the second address,
When the communication history does not satisfy the predetermined standard, each process for executing the process for the received mail based on the information regarding the process executed for the received mail received from the second address A mail check method characterized by being executed.

DESCRIPTION OF SYMBOLS 1 Terminal 10 Mail checker 11 Processor 12 Memory 13 Display part 14 Operation part 15 Auxiliary storage device 16 Network interface 20 Mail reception part 21 Relation determination part 22 Check part 23 Alert processing part 24 Mail processing part 25 Process information transmission part 26 Reliability determination Unit 27 Storage unit 28 History database (history DB)
29 Policy setting 30 Reliability information database (Reliability information DB)
31 Checker introduction database (Checker introduction DB)
40 Mailer 41 Out-Band Processing Unit 42 Out-Band White List Database (Out-Band White List DB)

Claims (6)

Processing for the received mail when a communication history between the first address of the received mail including the first address and the second address as a destination and a transmission source address of the received mail satisfies a predetermined criterion To send information about the process to the second address,
When the communication history does not satisfy a predetermined reference, when receiving suspends execution of processing for the received mail, the information on the processing performed on the received mail from the second address, the received based on the information about the processing performed on the received mail and executes the processing for the received mail which has been suspended,
A mail check program that causes a computer to execute processing . The process performed on the received mail is an alert process for issuing a warning to the user at the first address, or a through process for not issuing a warning to the user at the first address. Is a confirmed process indicating that the received mail has been confirmed, or a safety process indicating that the received mail has been secured,
The mail check according to claim 1, wherein the information related to the processing is confirmed information that has been confirmed processing, safety information that has been secured processing, or through information that has been subjected to through processing. program. When the communication history does not satisfy the predetermined criterion, the reliability of the information related to the received process is determined based on the reliability information indicating the reliability of the second address;
Executing processing on the received mail according to the reliability determination result ;
The mail check program according to claim 1 or 2, further causing the computer to execute processing.   The reliability information is information based on a transmission / reception history of information related to the processing with the second address, or a group or job title of the user at the first address and the user at the second address. The mail check program according to claim 3. Processing for the received mail when a communication history between the first address of the received mail including the first address and the second address as a destination and a transmission source address of the received mail satisfies a predetermined criterion An alert processing unit for executing
A transmission unit for transmitting information on the processing to the second address;
When the communication history does not satisfy a predetermined reference, when receiving suspends execution of processing for the received mail, the information on the processing performed on the received mail from the second address, the received a mail processing unit which was based on the information about the executed processing to the received mail and executes the processing for the received mail which has been suspended,
A mail check apparatus characterized by comprising: A mail check system having a plurality of mail check devices,
Each mail check device
Processing for the received mail when a communication history between the first address of the received mail including the first address and the second address as a destination and a transmission source address of the received mail satisfies a predetermined criterion An alert processing unit for executing
A transmission unit for transmitting information on the processing to the second address;
When the communication history does not satisfy a predetermined reference, when receiving suspends execution of processing for the received mail, the information on the processing performed on the received mail from the second address, the received based on the information about the processing performed on the received mail has a mail processing unit which executes processing for the received mail which has been suspended, and
A mail check system in which information related to the processing is shared between mail check devices.

Images