Deluged by spam, AOL is trying a new technology for cracking down on a common spammer tool: forged sender addresses used to bypass blacklists and trick unsuspecting recipients.

AOL is conducting a trial of an e-mail protocol called Sender Permitted From (SPF) across its entire user base of 33 million subscribers. The company says it hopes SPF will eliminate e-mail address spoofing by modifying the DNS to declare which servers can send mail from a particular Internet domain. AOL is using SPF to publish the IP addresses of the servers it uses to send outgoing e-mail.

Once widely deployed, SPF records can be referenced by Mail Transfer Agents stationed throughout the Internet when routing e-mail messages from a particular domain to determine whether an e-mail message's source is legitimate or spoofed, says AOL spokesman Nicholas Graham.

AOL briefly tested the protocol two weeks ago before shutting it off to make technical changes based on feedback from other ISPs, Graham says. He declined to describe the changes. The program is experimental and for the time being AOL will not use SPF to filter mail from other Internet domains.

The trial is a major test of SPF, which is one of a number of new technologies designed to thwart spammers, says John Levine, co-chairman of the Anti-Spam Research Group.

SPF patches a hole in Simple Mail Transfer Protocol (SMTP). Developed in the early 1980s, SMTP was designed to provide a reliable and efficient way to relay messages between host systems using different computer hardware and operating systems.

In recent years, spammers and viruses such as SoBig-F and the recent Beagle/Bagel worm have exploited SMTP's flexibility, easily transposing the source of messages with legitimate e-mail addresses from lists that are traded online or harvested from infected computers' hard drives.

The long-term benefit of SPF is that, when the technology is widely deployed, e-mail providers will be able to associate reputations with Internet domains rather than with IP addresses, which are harder to track, said Eric Raymond, president of the Open Source Initiative, who gave a presentation about SPF during January's Spam Conference 2004 at the Massachusetts Institute of Technology in Cambridge.

SPF will not stop spam, but it will help other anti-spam technologies - such as spam traps - by enabling spam to be tracked to specific domains and force spammers to move to new domains more frequently, Raymond said.