This project was built on top of Worldcoin. Every signed-in to Worldcoin user is able to use chrome extension which indicates whether the specific email was send by bot or by another person. This chrome extension provides a comprehensive way to block spam bots. And also users which act bad.
Worldcoin Email is an anti-spam verification system for email. We don't store user identities, email bodies, senders and receipients, instead we make use of World ID system to anonymously verify that there's a real person behind each email sent.
As Worldcoin Oauth2 compliant we were using next-auth to allow users to log-in to our app with it. Then with supabase (without storing any personal info about user - worldcoin simply doesn't give it to us) we store.
In supabase we store unique hash of message (with createdTimestamp for uniqueness) and have some connections between users - user is able to rank another user based on the received email. We also do have two mechanisms - before and after sending and email to check the reputation of a sender (and not send if it's below a threshold) and to make a not in supabase that a message with a specific hash was sent from one user to another.
We use then chrome extension and in Gmail we check whether the sender of each email has a good reputation, and the hash of the message matches with the hash of a sent by the sender message - which we stored in our supabase.
Based on that information we display a green checkmark or yellow warning side on every email in users' box.