Active Spam Killer Active Spam Killer
© 2001-2005 by Marco Paganini
Main Menu
News
Introduction
How it works
Documentation
FAQ
Changelog
Download
CVS Access
Contribs
Forums
Credits
If you like ASK
Versions
Current Stable:
2.4.1

Current Beta:
2.5.3

Mailing-Lists
New Versions
Very Low traffic.

ASK Users
Discussion & Questions.

About Me

My name is
Marco Paganini. My interests include computers, photography, hiking and biking. I also keep a mostly technical blog at www.paganini.net.

Mirrors
Main Site (US)

Thinkhost Mirror
Thinkhost

How It Works

The goal of ASK is to block Spam mail before it is delivered to your mailbox. As we know, filtering alone is not effective since many times Spam mail contains no detectable elements.

ASK should be invoked from .forward (or .procmailrc if you are using procmail). The incoming message should be piped to ASK, which will be in charge of doing the actual delivery.

When ASK receives an email, if first checks the email address against your "ignorelist". If the address is listed there, it's ignored completely. Then, the message is checked against your "blacklist". If it's there, a nastygram is sent back to the sender with something like "Please stop sending me emails" in the Subject line.

The real fun happens when an email comes from an unknown user (i.e, someone not in any of your lists). In this case, ASK calculates the MD5 checksum of the message + a secret MD5 key (configured during installation time). This number is sent as part of a "confirmation message" back to the user. If the user replies to it, the confirmation number (in the subject) is recognized, the message is dequeued and delivered. If the user does not reply, the message remains queued until it's removed.

The program has some intelligence to deal with specific cases. For instance, if a mail is sent to a non-existing user, the error message from mailer-daemon is ignored. This avoids seeing lots of "invalid user" messages in your inbox.

Another interesting "twist" is that messages coming from your own email address are never trusted. If the spammer knows your address he could easily fake your own address as the From: line. Messages coming from you will be identified by a "mailkey", a piece of string you always put on your message by default (maybe a piece of your own signature). Note that this has the added side-effect of allowing any messages coming in reply to a message you sent to someone (as long as that person keeps your "mailkey" in it's quoted reply, a practice common these days).

The program never deletes any messages. For instance, if you send yourself a message without your mailkey (a possible Spam), it will be saved in a "Junk" mailfolder (you can specify this folder during the configuration).

Could spammers still get through?

Defeating the confirmation mechanism would require individual attention from the spammer. Add to that the fact that the sender email address is usually invalid and you have a blocked piece of Spam (the confirmation would never get delivered). It's possible to defeat the confirmation mechanism however. Some possible scenarios are outlined below:

  • Spammers discovered my mail key: In this case, any email sent by the spammer will be delivered immediately. All you have to do is change your "mailkey" to something else (and, of course, include that string in your message somewhere).

  • A spammer replied to a confirmation: That happens, sometimes. Just put the spammer address in your blacklist and be done with it.

  • A spammer sends mail from MAILER-DAEMON: ASK will by default deliver mail coming from MAILER-DAEMON, unless it is an invalid email response to a confirmation message. If a spammer uses MAILER-DAEMON in the "From:" field, he could defeat ASK's protection. If that becomes an issue, future versions of the program will "Junk" all mail coming from MAILER-DAEMON, unless it also contains your mailkey (normally Mail Transfer Agents append the original message to the error message, thus triggering the mailkey mechanism).

SourceForge.net Logo Powered by Python