Founded last year, Gennux is no "first mover" in the anti-spam space, but its intriguing ideas solve some problems that other challenge-response systems fail to address.

by Alex Goldman ISP-Planet Associate Editor [October 1, 2003]

Founded in November, 2002 in Edmonton, Alberta, Gennux's first product is the Anti Spam Exchange Server (ASES for short). The company also offers Linux consulting services and provides basic webhosting to small business customers.

Challenge-response is the deceptively simple idea that anyone need only send a reply, once, to every e-mail received that is not already on a whitelist. Anyone who answers is a real person. However, some eager spammers, such as Nigerian scammers, do reply to challenges, so challenge-response systems also have a blacklist which allows users to block annoying spammers (and a whitelist to ensure that friends' e-mails get through).

One of several problems with this system is that it blocks automated e-mail such as invoices for online purchases, newsletter and alert subscriptions, and even simple regular e-mails such as a "joke of the day."

The key innovation of ASES is that it allows users to generate a theoretically unlimited number of key word-based e-mail addresses for submission to newsletters and websites. For example, if you type "amazon.com" as the key word, you would get an address that looks like this to submit to amazon.com:

testases-keyword-amazon.com.fb4ce5@gennux.ca

These special e-mail addresses are not challenged; e-mail sent to them is passed directly to the user's account. With a separate e-mail address for each subscription or financial transaction, users can see which services are abusing their trust.

ASES allows users to "revoke" e-mail addresses that have been sold and are receiving spam. This feature, which the company calls "smart address," will allow an ISP's customers to define spam, and to better understand how their e-mail address becomes known.

However, the system can require extensive tweaking and management (depending on the number of smart addresses used), and may be more appropriate for experienced users and small businesses than for residential services.

ISPs who are examining challenge-response should look at the user experience. The smart address concept is flexible and powerful

Users access their account through a simple web-based interface that is still being improved (demo available here). One ease of use issue we saw is that there is one page for generating e-mail addresses, but another page (list management) for revoking them. The list management page also allows users to edit their whitelists and blacklists.

"We don't recommend that users touch their white list," says Sam Huang, Gennux's co-founder, president, and CEO. "We do have a confirm list for people who have responded to challenges, and we offer a whitelist, but we believe that users should instead generate a smart address instead of using their white list."

In addition to the basic smart address, ASES offers "sender address" and "dated address" options. The dated address expires after a specific amount of time, in minutes, hours, days, weeks, or years.

The sender address is an address the user gives a trusted sender. If, however, the trusted sender abuses the address, the user can revoke it. It's like a white list where each sender can be blocked easily and separately.

The product can be used alone, or in conjunction with SpamAssassin or SpamCop.

The product is designed to work with a Qmail mail server (v. 1.03). It can serve up to about 64,000 users without a database. "Linux boxes," notes Huang, "have a hard limit in the number of users they can handle."

With a MySQL database, it can manage 23 million accounts. However, it can be installed as a separate box to manage accounts for non-Linux mailservers, and can work with any database (such as Oracle), so it is theoretically scalable without limit.

ASES runs on Red Hat Linux 8.0, and uses Apache 2.0 as its Web server. It is compatible with the following browsers: Internet Explorer 5 or above, Netscape 6 or above, Mozilla, and Opera. It is not compatible with the Macintosh operating system.

So far, ASES is in use at small businesses and one local university, but no ISP customers have been announced.

Pricing and availability
The product is available now. It is sold to ISPs on a revenue share basis, with the expectation that ISPs will charge users about $3 per year for the service (that's $0.25 per month). "If you're in the US," says Huang, "you'll love our Canadian prices."

—End