[freefaler]

A classic "the tragedy of the commons" with the SMTP protocol.

When the cost of spamming is near 0.00, all open platforms will be abused to the tilt. We have seen the email channel get less and less reliable with our own clients (password recovery, notifications and etc).

This might evolve into a couple of oligopolies (Microsoft 365 Outlook, Google Gmail, may be some legacy email providers like Yahoo) and if you want delivery you'd need to pay them, because they'd be the verifiers that you're not a spammer.

And these platforms will have a hell of time to fight the spammers that will create millions of email addresses and spam trough them.

[Youden]

I don't think the protocol is necessarily the problem. For example we don't say the HTTP protocol is the problem when spammers abuse website comment forms or forums, we say it's the server on the other side.

I think the answer is somewhat the same as where we've gone with many HTTP servers: proof of work. Just like Captcha and more recently Cloudflare turnstile required you complete a task before you'd be able to access as website, senders should be required to complete a task before you'll accept their email.

It can even be a sliding scale: the higher you want the chances of the recipient seeing it to be, the more work you need to do.

However this also break emails considered "legitimate" by businesses, like marketing newsletters and other nonsense, which is why it'll likely never happen.

[freefaler]

The legacy compatibility of the protocol has brought all the hacks on top of it for identity verification like SPF, DMARC, DKIM ...

Even with those, the amount of farmed accounts from a reputable platforms is still high, and it will go higher with the cheap AI targeting that will make the texts much more well crafted and spam filters much more aggressive.

My other conjecture is that the big mail providers would have enough data to catch the spammers based on a number of signals.

[ajsnigrutin]

I'd be happy if we at least started punishing the large, well known and established companies for spamming us...

...you know the one, where you have email preferences, and you only have "new messages" and "commercial offers" in the settings, and you uncheck the "commercial offers" and think you're sae. Then you get a spam email from them... check the preferences again, and there's a "new product notification" preference, checked by default, and you uncheck that too. Bam! another spam! "personalized offers" option appeared, check by default. "limited time offers". "value deals", etc.

[xhkkffbf]

I've gotten my email routed to spam even though it never left the Google cloud. They don't say, "Gosh, this is coming from inside the house. Therefore it's trustworthy." Nope. The push legit mail from other Google hosted domains into spam without a second thought.

[nutjob2]

I've had emails from Google end up in spam and I'm using Google Workspace, it's driven by what people flag as spam, not domain trust.