[Bush2000]

The solution requires a number of facets: Introduce an authentication system which requires identities to be globally verifiable. Public keys could be held by the auth servers. In order to send mail, you would need to be able to access the public key of the recipient -- and a certificate encrypted with the public key of the target mail server that contains the identity of the sender, the identity of the target, the identity of the auth server, and a CRC for the message. Keys could be replicated among trusted auth servers. So what does this do? It enables an email server to immediately verify that an email message originated from an authenticated source; if not, it dumps the email immediately. Problem solved. Whoever runs the auth servers could have a policy where you pay a certain amount for each email sent. Anything less than, say, 250 messages per month is free; anything more would cost n cents per message. Which would make it too costly for spammers to continue sending spam.

[elbucko]

The solution requires a number of facets: Introduce an authentication system...

That's a little above my pay grade, if you get my drift.

[N3WBI3]

Sounds like allota work for a little gain. inorder for this to be measurabally useful SMTP will have to be trashed. It would be easier for IPS's to allow users to create white list via some kind of web interface, and for the ISP to force reverse lookup of incoming mail. as for the 250 a month what about listserves?

What you propose would work, but what you get out of it is no different than a person creating a deny *, and putting allowed addresses infront of it.

[dfrussell]

The solution requires a number of facets: Introduce an authentication system which requires identities to be globally verifiable...

PKI (public key infrastructure) is intended to encrypt / authenticate email from / to *individuals* not systems and very few places have it running on anything other than a rudimentary basis due to the cost and complexity involved.

The large players could implement Certs for their mail relays, but given the difficulty most locations have with simply running a virus scan on an infected PC, this would also create lots of delivery issues.

[TechJunkYard]

So what does this do? It enables an email server to immediately verify that an email message originated from an authenticated source; if not, it dumps the email immediately. Problem solved.

I don't see where this helps anything. You're creating a lot of new infrastructure that someone will have to pay for.

And you're ignoring the fact that lots of overseas ISPs exist solely for spammers... wannado.fr and hinet.net for examples... and they would be willing to pay the price to get into the "network". Then they'd have to be blacklisted -- just as they are now.

And on top of that, you've come up with a nice little way of tracking e-mail addresses and number of e-mails sent, which just might come in handy to the government someday.