The Secure Anti-Spam Email Protocol (SASEP) as proposed by this invention is based on public/private/invitation email address architecture. Each user that will register at any SASEP server will receive a public and a private email address. The public email address (e.g. user@domain.com) can be used as a regular email address or alias. The private email address (e.g. privatecode.user@domain.com) has to be in Bcc: field of all outgoing email messages. The user can also request arbitrary number of invitation email addresses (e.g. invitationcode.user@domain.com) that can be used for registration on web sites. The main advantage of SASEP is that the user can continue to use standard outgoing (SMTP) and incoming (POP3, IMAP or HTTP) email server and standard desktop or web email client. This is ensured by SASEP that defines an automatic mechanism for managing different lists and challenge system.