Rather than using a multitude of rules to determine what may or may not be spam, challenge-response software takes the approach of a club bouncer to keep undesirables out of users' inboxes

As spammers dream up new strategies for slithering into e-mail inboxes worldwide, their counterparts, anti-spam software developers, are always on the lookout for new ways to stop them cold. A bevy of companies think they may have a good answer in challenge-response technology . The tactic is a simple one, requiring an e-mailer to verify his or her identity before being added to a "white list" that enables him or her to send e-mail unrestricted in the future, but the technology is not perfect yet. Some anti-spam advocates fret that the technique is too cumbersome or not entirely effective. However, amid a surge of user desperation nearly as powerful as the flood of spam sweeping across the Internet, the tactic's growing popularity speaks for itself. Will challenge-response emerge as the next big spam killer? The most common method of stopping unsolicited e-mail in its tracks is filtering, which lets individuals and IT administrators cull legitimate messages from the ever-growing sea of spam. Challenge-response works differently. Rather than using a multitude of rules to determine what may or may not be spam, the software takes the approach of a club bouncer to keep undesirables out. When e-mail arrives from an unknown sender, challenge-response software sends back a message asking the sender to identify himself. If the sender is legitimate, he then types a one-word response and is allowed through the barrier for good. With most challenge-response programs, a single verification in a given domain is enough to let a sender transmit messages to anyone within that domain.