This is not a "user want" item but we need to consider
what else is possible while requirements are defined.
Suppose:
1. I make my public-key available wherever my email address is given;
2. Except for senders in a whitelist (e.g., list mail), I bounce to the
sender any email that is NOT encrypted with my public-key, providing my
public-key and instructions for the sender to resubmit the message
properly encrypted.
This would make spammers pay FOR EACH message sent, as messages
would need to be encrypted FOR EACH recipient. At the same time, it
would promote email privacy protection en route, including at ISPs.
The end points would not be authenticated in the first phase, making
it much simpler to implement. Sender authentication is also not
effective as a burden mechanism for each message.
The built-in spam burden & email privacy protection afforded by this
procedure would not be costly to use as there are several free tools
available for encryption. The whitelist should provide a backward path
for those who don't want or can't use encryption at this time.
Comments?
Cheers,
Ed Gerck