sendok is a simple program to generate email addresses with timed cookies in them. That is, you can give someone a generated address that will accept mail from a given sender for a given time period. The address contains a cryptographic hash so that no per-address local data needs to be stored.

The hash function used is DJB's SURF, which is used in ezmlm.

sendok-create is used to create new addresses which expire at a given time offset.

sendok-check is used to check if a given cookie is valid.


sendok was designed with qmail in mind. It is possible to use it without qmail, however.


Latest version:

Older versions:


Unpack the sendok package:

  gunzip -c sendok-VERSION.tar.gz | tar -xf - 
  cd sendok-VERSION

Compile the sendok package:


Run package tests:

  make test

As root, install sendok in /usr/local:

  make setup check


  1. Choose an address to receive sendok email. For example, user-sendok@domain.
  2. Create a secret:
      touch $HOME/.sendok-secret
      chmod 600 $HOME/.sendok-secret
      dd if=/dev/random of=$HOME/.sendok-secret bs=1 count=32
  3. Tell qmail to check mail coming to that address (the .qmail file should match the address chosen above):
      cat >$HOME/.qmail-sendok-default <<'EOF'
      |sendok-check $HOME/.sendok-secret "$EXT2"; case $? in 100) exit 99 ;; 0) exit 0 ;; *) exit 111 ;; esac
    The .qmail file above will silently discard messages if the cookie is old or invalid, deliver them if ok, or retry if a temporary error is encountered.
  4. Give people addresses (that should match your chosen address):
      SENDER=sender@domain sendok-create 432000 user-sendok- $HOME/.sendok-secret @domain
    The command above will generate an address of the form "user-sendok-COOKIE@domain" that will be valid for the sender "sender@domain" for 432000 seconds (5 days). If sendok-create is used in a .qmail file (e.g., to bounce a possible spam message), SENDER will already be set correctly.


Questions or bug reports to