Just switch over to Email Certification.
Long story short, everyone who wants to send Certified mail has to be 'certified' by their ISP. (UN-certified mail would still be possible, if
you wish.) Getting certified is nothing more than providing enough information to positively identify you, and costs a nominal fee.
In return, you create a public/private key pair, and give the public one to the certifier. The private key goes into your email server, which
adds some headers to each outgoing email. One of these is encrypted with the private key. When someone with a certification-compliant email
program receives a certified email, the program reads the headers, connects to the certifer's certification server, and downloads the public
key. It then uses the public key to decrypt the encrypted header. If successful, it proves that email came from the specified server, and no one
If you get spam, your email client has a big 'report certified spam' button. Click it, and an email is auto-launched to the certifier of the
sender. The certifier contacts the sender and demands an explanation. If sender was hacked, they fix the security hole and tell certifier they
did so. If spam was not spam, or a misunderstanding, they explain.
If, OTOH, the sender does not reply, then the certifier revokes their certification, and from that moment on, all their (the senders) emails are
What if a Certifier themselves is 'evil'? Well, it's certainly possible to have blacklists like they do now, but, instead of blacklisting IP
addresses, which get re-assigned and cause trouble for their new owners, it would be evil Certifiers that get listed and blocked.
Eventually, it'll reach a point where any spam that is sent out will get the sender 'de-certified' almost immediately. That means everyone else
probably never ends up seeing the spam at all (depending on how their clients handle un-certified emails. Most people will probably auto-trash
However, white lists are still possible. If you like getting emails from a certain un-certified sources, just white-list them, and you'll
continue to get them. You can also use challenge-response or keyword set-ups for people sending you un-certified email.
By proving who sent the email (or, more precisely, which server did), Email Certification can hold the server owner responsible. If they send
spam, they get de-certified, which means in all likely hood, they lose the ability to email anyone at all. Spammers who can't get certified
can't send emails anyone will see.