If we reach a point where the spaminess of an email can be correctly determined based on the reputation of the domain from which it was purported to be sent (after some cryptographic and policy checks), then is the problem of spam equivalent to the problem of bootstrapping trust for new domains?
I suppose technically there is the problem that a domain with a good reputation can be hacked or bought, but the costs of that happening should be orders of magnitude higher than the cost of buying a new domain.
Requiring new mail-serving domains to post a bond for good behaviour seems like it would similarly increase the costs of buying a good reputation, but the problem is coming up with a fair process to decide when a bond should be forfeited.
I'd be reluctant to give the ITU any control over the global email network, so instead perhaps there could be some system for countries to delegate the bond-forfeiting power to companies of their choosing, with each country having a vote in proportion to the cube root of their population size. All existing domains would be grandfathered in to not need bonds, so the potential damage from abuse of this system should be minimal.
Alternatively, just create electronic stamps* for email; cheap enough that it
doesn't enter the minds of those that send a few emails per day but expensive enough to ruin the profit margins of spammers.
* I'm thinking something similar to SSL: write email, create hash (one hash per recipient), submit signing request for hash, CA signs request and returns stamp (certificate), stamp is transmitted along with email. Additionally, allow people to give each other (or sites/newsletters they would like to receive) 'rubber stamps', allowing them to create (free) stamps for emails addressed to each other... And since no idea of mine is ever original I'm certain several smarter people have already written multiple RFC's on this and the idea never took off because of something I'm overlooking at the moment. Ah well.
> but expensive enough to ruin the profit margins of spammers.
And mailing list operators, and charities, and free software projects, and...
To be fair, your "rubber stamps" idea does mitigate this problem a lot, but I think the issue still remains that it's hard to get email providers to agree to drop emails from senders that haven't upgraded to this new system, as well as agreeing on a globally consistent set of CAs who are trusted to not act as a cartel.
It's even more difficult to get all existing pieces of email sending infrastructure to simultaneously upgrade to support users entering their rubber stamps, not to mention the security concerns of dealing with the funds needed to buy the non-rubber stamps. Perhaps the big email providers could force everyone to implement this as of a certain flag day, but I imagine the response to this weird new tax would be less than enthusiastic.
I suppose technically there is the problem that a domain with a good reputation can be hacked or bought, but the costs of that happening should be orders of magnitude higher than the cost of buying a new domain.
Requiring new mail-serving domains to post a bond for good behaviour seems like it would similarly increase the costs of buying a good reputation, but the problem is coming up with a fair process to decide when a bond should be forfeited.
I'd be reluctant to give the ITU any control over the global email network, so instead perhaps there could be some system for countries to delegate the bond-forfeiting power to companies of their choosing, with each country having a vote in proportion to the cube root of their population size. All existing domains would be grandfathered in to not need bonds, so the potential damage from abuse of this system should be minimal.