Even with Microsoft  lending its clout to an expanding anti-spam movement centered on authenticating e-mail senders, experts caution the approach comes laden with technical challenges and unanswered questions.

The software giant last week published its Caller ID for E-mail specification, which lays out how to thwart the spoofing of e-mail addresses, a popular spammer trick. The specification, which Microsoft hopes will become a standard, is the first piece of the company's long-term spam-fighting strategy called the Coordinated Spam Reduction Initiative (CSRI), which also was introduced last week at the annual RSA Conference in San Francisco.

Caller ID is one of several IP-based proposals addressing sender authentication, including efforts such as the Sender Policy Framework (SPF) launched by anti-spam researcher Meng Weng Wong, and the Lightweight MTI Authentication Protocol (LMAP) under development at the IETF.

The unifying premise of these efforts is simple: Authenticate the sender of an e-mail using DNS as a way to thwart spammers. Spam-filtering providers such as Brightmail and Postini use proprietary technology to authenticate senders. Yahoo has developed an authentication scheme using digital signatures called DomainKeys.

But deploying a standard mechanism for the Internet is not without potential problems. These challenges include the potential for hits on network performance associated with checking every e-mail and the need for almost universal adoption. And there are also technical challenges related to modifications to mail headers and DNS, the Internet's database that routes e-mail and locates Web pages.

"It makes sense; it's the right way to think about using DNS," says Paul Mockapetris, who created DNS 20 years ago and is now the chief scientist and chairman of IP address-management software vendor Nominum. Technologies such as radio frequency identification (RFID) and Enum, the international electronic numbering domain system, also use DNS for similar look-ups.

"One thing is ominous, however," says Mockapetris, who has been touting DNS as a building block for these new technologies. "More people are putting more things in DNS and it increases the chances people will try to screw with you by corrupting your DNS server." He says that makes DNS Security, which has been a work in progress at the IETF for 10 years, that much more critical.

To underscore the challenges presented in creating a standard for authentication of e-mail senders, the IETF had no luck with six other specifications that addressed the issue. But interest is high, with more than 8,000 companies testing or having implemented SPF alone, including AltaVista, Amazon.com, AOL, Google, SAP and Sendmail. "We've just started testing SPF, we're in an experimental phase and we're only using it on outbound e-mail," says AOL spokesman Nicholas Graham. "We're aware of Microsoft's Caller ID proposal and welcome it."

Sendmail and Amazon.com also are backing Caller ID. Sendmail plans to add support into its open source and commercial message transfer agents, and Amazon.com plans to add it to its messaging servers.

Microsoft added support for Caller ID in its Hotmail e-mail service last week and plans to support an enterprise implementation as part of a new Simple Mail Transfer Protocol gateway set for beta testing in May.