Projects / mapSoN


mapSoN is an anti-spam system that uses an approach which is entirely different than other systems. Instead of trying to recognize spam by the IP address of the SMTP dialog's peer or by certain patters in the mail's body, it uses the sender's email address to decide whether the e-mail is delivered to your mailbox or not: Any email that comes from a "known" address may pass, but any email that comes from an email address seen for the first time needs special confirmation before it may pass. "Special confirmation" means that mapSoN will generate an MD5 checksum of the to-be-confirmed email and store the email in a temporary spool directory. Then it sends a request for confirmation to the address from which the mail was coming. In this request, it will include the MD5 checksum and ask the recipient to reply back and to quote that MD5 hash. Once it sees that MD5 hash again, it considers that a confirmation of the original email, delivers the deferred email from the spool to your mailbox, and adds the sender's address to the database of known addresses, so that the next time he tries to contact you, his mail will pass through immediately. This heuristic catches almost any spam email, because spammers have to fake their sender addresses in order to avoid being held responsible for their abuse. Hence, their address will most likely not be in the database of known addresses, nor will they ever receive the request for confirmation email.

Operating Systems

Recent releases

  •  25 Feb 2010 21:52

    Release Notes: Minor documentation clean-up.

    Recent comments

    18 Apr 2002 08:14 w_hayes

    Sender-updated whitelists
    An excellent idea; I've been using precisely this mechanism for about a year now, except rather than an MD5 checksum I simply have a hard-coded constant password (same for everybody) that I ask the sender to respond with before I add them to my "whitelist".
    (That's a good name for the "database" which Peter speaks of; it's the opposite of a blacklist.) Having a constant password is OK for the same reason that Peter mentions: spammers won't ever receive the mail. It works very well.

    It's good to see that somebody has packaged this scheme up and made it available; my version is coded purely with procmail and a few shell scripts (no C++), but isn't really ready for distribution.


    Project Spotlight


    A Fluent OpenStack client API for Java.


    Project Spotlight

    TurnKey TWiki Appliance

    A TWiki appliance that is easy to use and lightweight.