DETAILED ACTION
	Claims 1-20 are pending. This is in response to the application filed on August 28, 2020 which is a Divisional of 17/006,739 filed on August 28, 2020, granted under Patent 11,063,986 which has Provisional 62/895,638 filed on September 04, 2019
and Provisional 62/893,526 filed on August 28, /2019.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Election/Restriction
 	During a telephone conversation with Yuri L. Eliezer on November 9, 2022 a provisional election was made without traverse to prosecute the invention of verifying outbound email message using Sender Policy Framework (SPF) policy for claims 2-17 with no key is used. Affirmation of this election must be made by applicant in replying to this Office action. Although both claim sets belong to same CPC subgroups under H04L63/08, H04l63/30, claim 1 is withdrawn from further consideration by the examiner since it requires a burden of further search for the invention with further use of DKIM (Domain Keys Identified Mail) protocol with a public key being utilized, 37 CFR 1.142(b), as being drawn to a non-elected invention.

Claim Objections
	Claims 2 and 3 recite “logging a received SPF customized queries” which is grammatically incorrect. Correction is required.
	Claim 3 recites the limitation “performing, upon a determination that the individual is authorized to utilize the vendor, a function to authorize the outbound messaging. wherein performing the function to authorize the outbound messaging comprises providing an affirmative response to an authentication request in accordance with a corresponding messaging protocol utilized, at least in part, to perform a message request.” which contain the period before the wherein clause. Correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 2 and 3 recite the limitation "the DNS".  There is insufficient antecedent basis for this limitation in the claim.
Claims 2 and 3 recite the limitation "extracting data from the received SPF customized queries, the extracted data having been populated by the macro mechanism associated with the SPF customized query”. There is insufficient antecedent basis for this limitation in the claim.
Claims 9 and 18 recite the limitation " the query”. There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 2-5 and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over PG Pub 20160315969 (Hereinafter Goldstein) in view of Pub 20180083999 (hereinafter Cherian) and further in view of Pub 20170093772 (hereinafter Gupta)
 	Regarding claim 2, Goldstein discloses a method comprising: 
 	receiving a configuration individual user authorizations for allowing outbound messaging through a specification of one or more authorized vendors; 
 	publishing a customized sender policy framework (SPF) policy to the DNS, the customized SPF policy comprising a macro-endowed mechanism for obtaining at least one of the following: a username, an IP address, and a domain (Figs. 2-3 and par. [0049]-[0079] discloses an email validation system to prevent fraudulent/spoofing messages by querying DNS for any email validation records for the email domain. The email system parses an email validation record, and generates a target domain query. This process may include evaluating the “include” directive with the target domain SPF specification in the returned DNS record using values for the current SMTP connection (e.g., EHLO, IP address). The record is an SPF record and is constructed so that it may incorporate a specific "include" directive. The “include” directive may indicate a targeted SPF domain specification); 
 	logging a received SPF customized queries (par. [0072] discloses a pluralities of DNS queries while par. [0062] discloses each email domain validation record should have an SPF rule that has an include directive that refers to a targeted SPF domain specification); 
 	accessing a log comprising the received SPF customized queries (par. [0082] discloses the domain owner DNS server may use polling mechanisms to update the deliverer/record store 134 of Fig. 2 to execute DNS queries daily); 
 	extracting data from the received SPF customized queries, the extracted data having been populated by the macro mechanism associated with the SPF customized query (par. [0066]-[0069] discloses the domain owner DNS server extracts the identifying information from a query. This identifying information may include the EHLO name and IP address); 
 	analyzing the extracted data comprising at least one of the following: 
 		the username, the IP address, and the domain, as extracted from each received SPF customized query (par. [0066] discloses “…evaluating in the returned DNS record using values for the current SMTP connection (e.g., EHLO, IP address), and interpolating these values into the target domain SPF specification to construct the target domain…”);  	
 	Goldstein does not discloses determining whether an individual associated with the username is authorized to utilize a vendor associated with the domain. Cherian discloses checking for email of the sender in a domain of the sub-entity complies the SPF (Fig. 3, par. [0047]-[0054], particularly par. [0054]). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Goldstein with Cherian in the same field of endeavor that unitized SPF and DKIM features to rate an entity/individual for security ranking when conducting business via online activity such as email communication; 
 	Goldstein and Cherian do not disclose performing, upon a determination that the individual is authorized to utilize the vendor, a function to authorize the outbound messaging, wherein performing the function to authorize the outbound messaging comprises informing at least one function running a domain name system (DNS) so that an appropriate qualifier can be returned to for SPF verification.  Gupta discloses a SPF validation process to circumvent the standard SPF lookup limit by allowing an administrator to create a secondary SPF record that includes all the desired SPF records even if it exceeds the recursive lookups which commonly causes Sender Policy Framework (SPF) email authentication problems for legitimate senders that can be listed under junk mail (Abstract, Background, Fig. 1, par. [0051]-[0057] disclose performing a standard SPF validation, with the exception of removing the 10 Lookup limit that is imposed by the SPF RFC where the process constructs a synthetic response record where it returns an “exists” entry or “redirect” entry as qualifier). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Goldstein and Cherian with Gupta to further teach the aforementioned claimed features in the same field of endeavor that unitized SPF validation to overcome the short coming at the time of Gupta’s invention.

 	Regarding claim 3, Goldstein, Cherian and Gupta disclose a computer-readable medium comprising a set of instructions which when executed by a computer perform a method, the method comprising:  	
 	receiving a configuration of individual user authorizations for allowing outbound messaging through a specification of one or more authorized vendors; 
 	publishing a customized sender policy framework (SPF) policy to the DNS, the customized SPF policy comprising a macro-endowed mechanism for obtaining at least one of the following: 
 		a username, an IP address, and a domain; 
 	logging a received SPF customized queries; 
 	accessing a log comprising the received SPF customized queries; 
 	extracting data from the received SPF customized queries, the extracted data having been populated by the macro mechanism associated with the SPF customized query; 
 	analyzing the extracted data comprising at least one of the following: 
 		the username, the IP address, and the domain, as extracted from each received SPF customized query; 
 	determining whether an individual associated with the username is authorized to utilize a vendor associated with the domain; and 
 	performing, upon a determination that the individual is authorized to utilize the vendor, a function to authorize the outbound messaging. wherein performing the function to authorize the outbound messaging comprises providing an affirmative response to an authentication request in accordance with a corresponding messaging protocol utilized, at least in part, to perform a message request.  
	See claim 2 rejection.

 	Regarding claims 4 and 13, Goldstein discloses wherein the customized SPF policy comprises at least one of the following: a macro character sequences, and a term is either a mechanism or a modifier, such as, but not limited to, an 'exists' term, an 'a' term, an 'mx' term, an 'include term, a 'redirect' modifier that accepts macros, and any other mechanism that is macro compatible (par. [0085]).  

 	Regarding claims 5 and 14, Goldstein discloses wherein the macro-endowed mechanism comprises at least one macro term used as a sender mechanism for identifying at least one of the following: a username, an IP addresses, and a domain (par. [0055]-[0056]).  


Claims 6-9 and 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over Goldstein in view of Cherian and further in view of NPL Detecting Phishing with SPF Macros – July 2019 (hereinafter Wright)   
 	Regarding claims 6 and 15, Goldstein discloses using macros to capture certain data  (par. [0055]-[0056]). However, Goldstein nor Cherian discloses wherein particular macro sequences of the macro- endowed mechanism facilitate a capture of data from an email being sent by a specific user.  Wright teaches this claimed feature (pages 1-5). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Goldstein and Cherian with Wright to further teach the claimed feature. One would have done so for the benefit of leveraging SPF macros to receive get the information in real-time. This allow security teams to be more proactive in identifying and responding to ongoing phishing campaigns targeting their customers and brand

 	Regarding claims 7 and 16, Goldstein discloses wherein saving the string comprises processing the query log for the data captured by the macro-endowed mechanism (as taught in Goldstein, SPF policy includes these macros. See Fig. 1 and related paragraphs for the target record constructor 133 that constructs a set of rules).  

Regarding claims 8 and 17, Goldstein discloses comprising at least one of the following: extracting the captured data, and storing the extracted data as a string (Fig. 1, the deliverer/IP store 131 that stores information regarding delivering email systems and their associated IP addresses and EHLO information which obtained using the macros construct as string).  

 	Regarding claims 9 and 18, Goldstein discloses wherein extracting comprises identifying a demarcation within the query to determine a location of the data captured by the macro-endowed mechanism (par. [0059]-[0060] discloses demarcation technique with the use of the “_” character).  

	Claims 10 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Goldstein in view of Cherian, Wright and further in view of PG Pub 20160014151 (hereinafter Prakash)
 	Regarding claims 10 and 19, the combination of Goldstein, Cherian and Wright does not disclose wherein storing comprises providing auxiliary data associated with logged SPF queries, the auxiliary data comprising a timestamp.  Prakash discloses using a date, a day of week, a time, a time period, etc. when analyzing email message for phishing attack (Fig. 7 and par. [0068]-[0070]). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Goldstein, Cherian and Wright with Prakash to further teach the claimed feature. One would have done so to further improve the email detection by using a predetermined message characteristic with date and time as to provide a common categorization of at least one message characteristic for analysis


 	Claims 11-12 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Goldstein in view of Cherian and further I n view of Prakash
 Regarding claims 11-12, Goldstein and Cherian do not disclose displaying, via a user interface, an identifier associated with system user and a number of emails sent by the user over a time period wherein the displaying is based on a retrieval of data extracted from a DNS query log comprising aspects captured from the macro- endowed mechanism.  Prakash teaches this feature (Fig. 6A and par. [0129] and [0166]-[0167] disclose analyzing emails, based on compliance with standards such as SPF, DKIM, DMARC, coming one person over a period). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Goldstein with Prakash to further teach the claimed feature. One would have done so to further improve the email detection by utilizing pattern groupings representing the message characteristics associated with the organization of the sender organization.

	Regarding claim 20, the claim is rejected in view of claim 11 rejection.
 
Inquiry communication
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRI M TRAN whose telephone number is (571)270-1994. The examiner can normally be reached Mon-Fri: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TRI M TRAN/Primary Examiner, Art Unit 2432