We presented ASK, a challenge-authentication system that authenticates senders before their emails are delivered. In our tests with 1000 spam messages, ASK was able to block 99.7% of all spam messages, meaning that only 3 spam messages got through.
Currently, ASK is not directly integrated with the MUA or the MTA, meaning that it has no knowledge about outgoing emails sent directly by the user. This design decision was taken to allows users without supervisory rights to install and use the program. Unfortunately, it creates certain situations that could be used by spammers like sending emails that appear to be confirmation messages from other ASK users or forging email bounces. MTA and MUA integration will be offered by means of an SMTP proxy agent and an MTA wrapper. Both approaches offer ASK the opportunity to pre-process outgoing messages before the actual delivery takes place. Extension addresses can be used to rewrite the outgoing envelope address so that invalid confirmation returns and MTA bounces can be correctly tracked.
The problem of emails coming from unknown sources will be addressed with the introduction of two new concepts: Bounded addresses and user confirmation mode. Bounded addresses create a temporary address that whitelists the first sender who sends an email to it. That sender will be forever tied to that particular email. This is similar in concept to TMDA's ``Keyword addresses,'' with the difference that they become bound to one particular sender after the first use. This creates a ``throw-away'' email address that can easily be revoked in case of abuse.
User confirmation mode will be available to those who cannot change their MTA configurations or do not desire to make use of extension addresses. Under this mode, confirmation messages are sent to the account owner instead of the sender. This allows the owner to perform a reply and whitelist an email coming from an unknown account. Once the first reply is received, ASK can resume the normal mode of operation.
Other smaller features are also planned, like MH style mailbox support, automatic queue cleanup, and augmented pattern matching for the lists, including full header and body regular expression matching and boolean NOT qualifiers among others.
ASK is Open Source Software released under the GNU GPL Software License. The program's home page, including download and documentation links is located at www.paganini.net/ask