Meanwhile, Yahoo Inc. and Cisco Systems Inc. last year submitted to the Internet Engineering Task Force a proposed standard called DomainKeys Identified Mail (DKIM), which, like Sender ID, is designed to guard against spoofing and phishing by authenticating an e-mail sender. DKIM verifies the domain of the sender and also cryptographically verifies the integrity of the message.

In addition to Sender ID, Microsoft has the SmartScreen filter, which uses statistical techniques to learn what's spam and what isn't, and the Phishing Filter add-in for the MSN Search Toolbar. But those tools are not enough, say the folks at Microsoft Research, where some 40 people work on new e-mail technology.

For example, researcher Joshua Goodman says the ultimate solution could be a four-pronged defense against spam called SmartProof. Here's how an experimental version of it works:

-- First, a machine-learning filter, similar to SmartScreen, snags the obvious spam and quarantines it or throws it away. The filter passes on to the user's in-box any message that is from someone on the user's "whitelist."

-- Messages suspected of being spam trigger replies to the senders, challenging them to prove they're not spammers.