New York ? Fed up with a litany of tiresome e-mail pitches, Chris Caputo decided to fight back.

He got himself spam-fighting software that thwarts the mass mailers by demanding that all his correspondents verify they are not machines.

Now, instead of more than 100 spam messages a day, Caputo gets no more than three.

Such tools are far from perfect, but a growing arsenal is becoming available both for individual users and for the more heavy-duty requirements of corporations and Internet service providers.

With spam becoming an epidemic registering a more than fivefold increase in the past year, according to anti-spam filtering company Brightmail people are fighting back aggressively, even at the risk of losing legitimate mail.

There’s no shortage of countermeasures.

Brightmail, used by EarthLink, AT&T WorldNet and other service providers, and Mailshell for the desktop are two filtering services long available. McAfee.com’s SpamKiller desktop filter came out in May, and several others are in the works.

America Online and Microsoft’s MSN, meanwhile, are beefing up their spam filters as part of upcoming software upgrades.

But the defenses are leaky.

“The spy versus spy battle has reduced the amount of spam considerably, but the level of spam is still unacceptably high,” said Jason Catlett of the anti-spam advocacy group Junkbusters.

Spammers keep up

Vincent Schiavone, chief executive of the ePrivacy Group consultancy, said individual spammers adapt quickly to exploit e-mail’s “dumb protocol.”

Current e-mail standards were developed in the early 1980s long before spam was a problem. For starters, they have no built-in mechanisms for authenticating senders, which allows spammers to easily forge headers.

Software filters thus must be programmed to work on assumptions of spammer behavior.

Some cull spam by identifying typical keywords and other hallmarks such as multiple exclamation points. Others are based on “blacklists” of known or suspected spammers or in a few cases entire countries like China and South Korea because they have poorly configured mail servers though which much of the world’s spam passes.

But such techniques toss out the good mail with the bad, mostly newsletters and other bulk mailings that had been requested.

Mailshell estimates that its filters can block 84 percent of spam, while losing three out of every 1,000 legitimate messages. To block 99 percent, prepare to lose 10 times that amount.

To block 100 percent spam means letting through only messages from senders you know.

“If you want to be private and never want to be contacted by people you don’t already know, you can solve it in an instant,” said David Jameson, chief technology officer of DigiPortal Software, whose Choicemail service came out last month.

Smart systems

Most people want to be reached, so technologists are trying to come up with smarter techniques.

Caputo uses the Tagged Message Delivery Agent, a free software project still in early testing. Mail from people he knows automatically gets through, while first-time senders must reply to an automated message to confirm they are not spam-generating computers.

Otherwise, the message goes to a junk mail folder.

Of course, someone possibly “might not understand how to reply,” Caputo said. “It could be someone looking for customer support, and their opinion of the company might go down.”

So Caputo, president of a Seattle-based Internet company, still checks his junk mail folder regularly thus, strictly speaking, the software is not shielding him from spam.

Choicemail takes a similar approach except the service costs $39.95 and first-time senders must answer questions on a Web page instead of simply replying to an e-mail.

SpamNet, a product from Cloudmark Inc. still in beta testing, combines traditional filtering with community input. Users vote on what they consider spam, and those items are subsequently blocked.

Brightmail sets up e-mail accounts solely to lure spam and uses those messages to fine-tune its filters.

In the future, authentication techniques under development at IBM Corp. and other companies could help verify the legitimacy of e-mail addresses.

Steve Atkins, an anti-spam consultant with SamSpade.org, says existing countermeasures aren’t perfect but can reduce spam to a level of “serious annoyance.”