First thing you've got to do is recognize that email is broken. we need an "smtp 2.0" which eliminates the spoofable "feature" of smtp mail, and ensures positive id for the sending and receiving servers. There are many ways to do this, but a place to start is to require DomainKeys on smtp 2.0 servers, which goes a long way towards this end.
Once we know who is talking to us, and who we're talking to, we can finally address the real issue. It costs almost nothing to send a billion emails, but it costs plenty to sort through a billion spams. If I can't spoof my source domain, then it becomes much more expensive to send spam if I have to authenticate when claiming to be a legitimate e-mail domain like yahoo, gmail or hotmail.
Also devise a scheme where it is computationally expensive to send an email, but is trivial to receive one. It wouldn't be expensive to send 1000 outgoing messages an hour, but 1000(or more) a minute will require serious hardware. The harder I make the challenge, the fewer emails a bogus (a small server is unlikely to be legitimately sending millions of messages) server can try to deliver.
smtp 2.0 servers would be set to favor established domains to which we frequently send & receive messages, also to set a hard limit for the number of messages an unknown domain can send to us. Since nobody will accept more than a handfull of emails from my newly registered domain, I have to drop a lot more money on bogus domains which i can't even use for a year or two. you can protect legitimate new domains by following a "certified SSL" protocol for validating the identity of a domain owner. anybody without a certified domain or an established domain will have a really hard time getting their spam delivered.
Of course the attackers will find weaknesses in the processes and protocols, but we can simply ensure that servers are ready to migrate to the rules of mail 2.1, which fills in the gaps of smtp 2.0. If your servers aren't updated to a recent smtp version, I can stop "preferring" your mail.
"An ounce of prevention is worth a ton of code." -- an anonymous programmer