vlm: You misunderstand how safety engineering should work. It does *not* depend on any one technique being "perfect". Proper engineering would anticipate almost every failure and have a way to deal with it (again not perfect, but maybe 99.9% reliable). I am an electrical engineer (not an expert in drilling), but here is what I would do:

1) Have multiple wellheads already in place in case everything goes wrong with the blowout preventer on the active wellhead. Have an extra riser pipe ready in a nearby warehouse, to connect an alternate wellhead, and relieve the pressure in the damaged wellhead. Note: this does not require drilling multiple wells, just extra piping to the alternate wellheads.

2) Have several emergency cutoff valves at various depths in the well casing. These should be of such simple design that failure is almost unthinkable, and they should be tested at least once a month to ensure that they will work.

3) Re-design the blowout preventer, so there is not a situation where a single failure could make all redundant systems fail simultaneously. That is my understanding of the current failure. It all happened because one bozo pulled the wrong lever at the wrong time and destroyed the one valve that would work with the drill pipe still in the bore.

3) Have independent oversight of all drilling operations to make sure the above precautions are followed, regardless of delayed drilling schedules.

That last item may be the most difficult. It will require an agency free of political control, something like the supreme court, with regulators who have lifetime tenure, and can't be fired by politicians under control of the oil companies. Yes, the politicians and oil companies could still ignore the regulators, but my guess is they wouldn't dare.

The training would not be on basic issues of firearm safety. There are plenty of citizens who already have that. The cost would be in certification and background checks, and you are right, it would be substantial. We would probably have to divert some of the funds now going to "security theatre" at check in.

To see if the costs make sense, we need to look at them on a per-flight basis. Let's say it costs $1000 to certify each "CAM", and they take ten flights on average before dropping out of the program. That's $100 per CAM per flight. Let's say there are 20 regular passengers for every CAM, so that is $5 per passenger per flight, a price I would willingly pay. The larger cost might be in giving free tickets to the CAMs. If that results in a 5% increase in airline fares, I can see where some would object. Perhaps different airlines would opt for different policies, and passengers could chose which they preferred. I would probably opt for the extra 5%, but then the chances of attack are so small per flight, that I might rather save the money.

You've raised a very good question about the possibility of infiltration by suicidal jihadists. That can certainly happen on a small scale, but I think it would be near impossible for a terrorist mastermind to ensure that every "CAM" on a specific flight was one of his guys. Remember, they can't look or act like the shoe bomber, or they won't even get past certification. If you were the mastermind, and had ten guys who were smart and normal enough to pass certification, and still be willing to commit suicide, you would probably do something more ambitious than try to overwhelm the security on one plane.

Your numbers are still way off. Think of it this way. If you were on a plane, and you found out there was on board a jihadi with a bomb, would you feel more or less safe, knowing there were 10 good guys with pistols.

As for the risk that a well-trained and certified citizen will do more harm than good, I would look at the experience of different states with allowing concealed weapons. Does the rate of gun violence go up or down?

"Right, because the amount of damage this guy did"
It is naive to assume the damage will always be small. In fact, it is only luck that the situations we have seen so far didn't go as planned by the attacker.
"would have been much less with 10 people shooting at him in the crowded cabin."
The ten should be well trained, so as to not make a bad situation worse. The training should include situations which might provoke an over-reaction.

"If for no other reason, this would be an absurdly expensive measure (Air marshals only staff between 1 in 4 and 1 in 10 randomly chosen flights)"
Many citizens would do this without charge, but I think a token payment, maybe no charge for their airfare, would be nice.
"for something that's statistically less likely than you getting struck by lightning while being murdered by a serial killer."
I think your stats are way off. The chance of an airliner going down from a terrorist attack is more like 10% per year. That's what we need to compare with the chance of an innocent bystander getting shot.

is to have at least ten passengers on every plane, armed and willing to take out any terrorist who shows his intentions. That won't solve all the problems, but it will stop any plot that involves hostages, or just about anything other that quietly detonating a bomb with no crazy behavior other warning signs. The ten should be well-trained, so as to not make a bad situation worse.

No doubt you thought of this, but is it possible the bounces are fake - i.e. not really from a Hotmail transmitter? Could also be that Microsoft really is screwing up their SPF checks, and the reason you are seeing more bogus bounces from them than everyone else, is that you have a specific spammer targeting your domain and not others.

is add an authentication code to the return address on every message you send out. If you get a bounce to an address without the code, you know it was forged.

The problem isn't understanding DKIM, but rather finding it worth the effort. It might make sense for a bank to protect the content of its messages with a signature, but for spam, phishing, and other high-volume abuse, there are simpler and more effective methods.