The two major proposals solve the problem in different ways. Sender ID, based on Microsoft's Caller ID proposal and the Sender Policy Framework (SPF) created by Meng Wong, the founder of e-mail service firm Pobox.com, authenticates e-mail by checking the address of the sending server against a record added to domain name servers. DomainKeys use public-private key pairs to authenticate the message. Like Sender ID, the identifying information--in this case, the public key--is published in a special record stored on domain name servers.

"Authentication is authentication, and nothing more," said Sendmail's Allman, who is also the lead editor of the DomainKeys Identified Mail (DKIM) proposal to the IETF. "It is like a driver's license or a passport. It tells you nothing about my driving record. Spammers can authenticate just like anyone else."

In fact, early studies of junk mail in 2004 found that nearly a sixth used the Sender Policy Framework, the predecessor to Sender ID, to appear legitimate.

However, as more legitimate domains are adopting the technologies, companies are developing reputation systems to evaluate which domains are considered "spammy" and which deliver content that people want in their inboxes. Spammers will not be able to spoof legitimate domains and still authenticate. And, e-mail software can create a list of unwanted mail from a typo domains, such as micros0ft.com, that might otherwise fool the user.

"Authentication is a really big building block in terms of making a more intelligent determination of what is spam and what is not," said Ken Schneider, chief archtect for Symantec and former chief technology officer e-mail security provider Brightmail. (Symantec is the owner of SecurityFocus.) "If you are tracking reputation on top of this stuff, then it gives you the tools to detect attacks."

The technologies also help defeat phishing attacks, which have grown as an Internet problem, Schneider said. In the second half of 2005, one in every 119 e-mails was identified by Symantec as a phishing attempt.

In a report published on Wednesday, the E-mail Sender and Provider Coalition found that the major ISPs representing the recipients of more than half the Internet's e-mail were using the e-mail authentication technologies in some way.

But this is not a time to ease up on the pressure to adopt the technology, said Microsoft's Spiezle. More education and development is necessary, he said.

"There is no perfect solution right now," Spiezle said. "With any of these approaches, we need to be looking ahead and not at our shadow, because the deceptive forces out there will be looking for new ways to attack."