How does ASK determine the sender to whom it sends back the email? If it uses the From address or the Return-Path, then it's sending spam itself, because it's returning loads of email to non-spammers.
Let me explain:
Someone sends a dictionary attack of spam to you using a forged email address of mine. (Most spam today is sent with forged sender addresses.)
Your system sends me back 5,000 pieces of email I never sent you.
You get put on the blocklists I control and millions of people all over the net can never get an email from your server again.
And since this is all automatic and looks to my server as a legitimate spam attack from you, I don't even know it's happened.
This program is an example of Challenge-Response. For lots of good information on Challenge-Response, look
here.
Reading the website, it appears that ASK doesn't work at smtp time, but rather after it's accepted the email, so it's going to send out lots of spam.
And their future direction, again, according to their website, appears to be to violate RFCs by refusing valid bounces from Mailer Daemons.
Jeff