The only solution to spam will have to be economic.
Legislation must be crafted to make enforcement economical. If the
enforcing entity recovers more in fines/penalties than the enforcement
activities cost, there will be adequate incentives to pursue enforcement
and I suspect that the size of such recoveries will deter violation of the
laws.
Since my spam may not be your spam, a cornerstone to legislation will be
in the definition of spam and marking required on such email.
Technical solutions will be required to allow identification of the origin
of the spam. This is a two tier issue ... identification of the 'entry'
server and protocols for use by such servers for identification of the
originating client.
Watching other recent email threads, it is clear we still haven't achieved
a management oversite structure for the domain name system so I wonder if
the internet community can converge an an organizational solution to
manage non-repudiatable identification as well as a way for humans to
report spam experiences, but perhaps the cost of spam vs. the lack of cost
associated with failures in the DNS infrastructure might provide greater
incentives.
Any spam solutions will need to work for the vast majority of email users
and any 'training' of the solution will need to be simple.
The approach I've been noodling for a while now is:
1) Define and start implemting protocol extensions to support
identification and distributed authentication
2) Likewise, protocol extensions to support a parallel email
infrastructure where there is a charge, say $.20, for each email sent.
Technically, I think this would be mostly a new DNS record so that a
domain could define its for fee provider(s) and perhaps some accounting
records or related support to insure interoperability for postage meter
operations.
3) Probably some IMAP extensions to allow management of shared servers
4) Probably support for exchange between mail services much line the USPS
can forward mail to an address in Canada, etc.
Based on this technical infrastructure, I would envision I would configure
my 'free' server to only accept mail from authenticated sources such as
the IETF, W3C, or perhaps specific sources by address.
I would expect one or more public or commercial entities would provide
mail services based on these protocols. For example, the USPS and FedEx
in the US.
To use a commerical service to send mail, I'd have to purchase a roll of
'stamps' or a postage meter account. I would expect that for each email
accepted by my server, I'd receive a credit in my account, say $.10.
If you aren't in my pre-configured whitelist and you attempt to send free
mail, you'd get a bounce message telling you that free mail wasn't
accepted and to use a service which is part of the USPS or whatever
network.
Once the required protcols were defined and there was a minimal
infrastructure in place, individuals / companies owning servers could
adopt at their own pace and begin receiving value.
Some thought in the protocol definition process to bridging to the new
world would be good, but at least some of the thoughts I've had are really
features of the user's client and server ... for example ... if you reply
to my mail with proper use of my message id, you are automatically allowed
thru my 'free' entrance.
Dave Morris