RESEARCHER at AT&T Labs is proposing to stop at least some spam before it starts by using e-mail addresses that expire or come with other restrictions attached in code.

"It came to me one day that spam works because there's no easy way to differentiate between what's real e-mail and what isn't," said John Ioannidis, a member of the research department at AT&T Labs in Florham Park, N.J.

Advertisement

Dr. Ioannidis suggests adopting something he calls "single-purpose addresses'' rather than continuing to refine software filters that try to sort the good from the bad.

Such addresses would not replace permanent e-mail addresses, which, under Dr. Ioannidis's plan, users would continue to give to those they trust and need to maintain contact with, like relatives or employers.

Instead, single-purpose addresses would be used when the senders have no continuing relationship with the other parties and fear that their e-mail addresses might be sold or given to spammers. Online purchasing or newsgroup postings are obvious examples.

Dr. Ioannidis will present a paper about his approach in February at a meeting of experts in computer network security. Under the system, users would generate single-purpose addresses with special software. The process could be relatively simple. Using an on-screen menu, the user would first select how long the address would exist. Currently, the shortest period with Dr. Ioannidis's technology is one day.

A user could also choose to have the address work only when sent from a specific domain (the part that follows the @ symbol). This would prevent an unexpired address from being used by spammers.

After those settings are made, the address software would generate a code containing the date and domain restrictions and the user's permanent e-mail address. That code, in turn, would be converted into a string of 26 characters that appear to be a jumble of numbers and letters. Together with the user's domain, the string would form the single-purpose address, which could be cut and pasted into forms like those used by online stores.

When, say, the store sends a reply indicating that a user's desired item is out of stock, software on the customer's mail server would decode the special address and then, assuming it remains valid, forward the mail to the permanent address.

Dr. Ioannidis acknowledges that even with his system, spammers could still get access to permanent e-mail addresses. A trusted relative, he said, may give someone's full e-mail address to an online greeting card service, which could then sell it to spammers. But Dr. Ioannidis hopes that if his system is widely adopted, it will pollute spam mailing lists with so many invalid addresses that the lists will become increasingly useless. The process could take decades, however, he said.

"The idea is to raise the bar to make it difficult to spam my address," Dr. Ioannidis said.

John Mozena, a co-founder and vice president of an anti-spam group, the Coalition Against Unsolicited Commercial E-mail, said that Dr. Ioannidis's technology would not likely change his organization's view that legislation remains the most effective form of anti-spam protection.

"This technology might protect some individual users from a certain amount of spam," Mr. Mozena said. "But it's adding insult to injury to also have us spend time, money and effort on tools to keep spam out of our mailboxes."

Mr. Mozena also said he found it unlikely that spammers would simply give up if e-mail lists became filled with worthless addresses. "The quality of those lists are already so miserable that it wouldn't really matter," he said.