Few of these systems have actually been demonstrated to be invulnerable
to abuse. As a matter of fact, I just saw someone from LinkedIn asking
about techniques for mitigating abuse. When it's relatively cheap (think:
economically attractive in excessively poor countries with high
unemployment) to hire human labor, or even to engineer CAPTCHA evasion
systems where you have one of these wonderful billion-node-botnets
available, it becomes feasible to get your message out. Statistically,
there will be some holes. You only need a very small success rate.
The relative anonymity offered by e-mail is a problem, yes, but it is only
one challenge to the e-mail architecture. For example, given a realistic
way to revoke permission to mail, having an anonymous party send you a
message (or even millions of messages) wouldn't be a problem, because you
could stop the flow whenever you wanted. The problem is that there isn't
a commonly available way to revoke permission to mail.
I've posted items in places where e-mail addresses are likely to be
scraped or otherwise picked up and later spammed. What amazed me was
how cool it was that I could actually post a usable e-mail address and
receive comments from random people, and then when the spam began to
roll in, I could simply turn off the address, and it doesn't even hit
the mailservers. That's the power of being able to revoke permission.
The cost? A DNS query and answer anytime some spammer tries to send
to that address. But a DNS query was happening anyways...
The solution I've implemented here, then, has the interesting quality
of moving ownership of the problem of permission within our systems,
without also requiring that all correspondents use our local messaging
systems (bboard, private messaging, whatever) or having to do ANY work
to figure out what's spam vs ham, etc. That's my ultimate reply to
your message, by the way.
Since it is clear that many other networks have no interest in stemming
the flood of trash coming from their operations, and clearly they're
not going to be interested in permission schemes that require their
involvement, I'd say that solutions that do not rely on other networks
cooperating to solve the problem bear the best chance of dealing with