Engineering in a lot of reputation management and metrics would help.
There are some interesting (I'm not sure "compelling" or "strong" is necessarily the case) arguments to be made for enabling open relays and other forms of unauthenticated messaging. John Gilmore of EFF has fought that battle for a long time, and still runs an open relay on toad.com.
Signing and authentication measures (particularly on header data) have to be both standard and quick to process.
Methods which increase the costs of delivery -- pacing receipt rates from a given IP or block, can help. Being able to specify receipt priorities: high for IPs and ranges with which frequent legitimate business is transacted, very slow for most others, would also be useful. Along with a lot of built-in support for this.
Killing :80 and moving to entirely secured ports wouldn't be a bad move either.
Maybe you mean 25 or something else? Port 80 is for HTTP. And what does a secure port mean? If you want people to be able to talk through a port you have to open it. The number doesn't matter.
By "secure port", I mean forcing encryption of all over-the-wire traffic. It's happening now in many cases with STARTTLS (modulo utter brokenness of the CA and SSL/TLS systems), but that's still only opportunistic.
And of course, encrypting payloads would be vastly preferable. Headers as well other than absolutely required for delivery.
Require a small fee to send an email, e.g. $0.01. Small enough not to matter for legitimate users, large enough to make spam unprofitable.
Bitcoin or some other cryptocurrency would be ideal for facilitating micro-transactions like this. Interestingly, the Hashcash concept was originally designed to fight spam, and later became one of the important ideas that made the invention of Bitcoin possible: http://en.wikipedia.org/wiki/Hashcash
Right now I give out tagged addresses to most vendors, and I know others do it for lists. When a tag goes bad, I just route any further mail to my spam trainer.
But that means for every legitimate mailing list you're on, you get one spam. And you lose the legitimate mailing list just because their token got compromised.
Dunno, I feel like we should just charge for mailing lists too. Or use usenet!
I think the fee could be applied only to unsolicited emails. If I have a particular email address whitelisted then it will get through my gateway with no fee attached. However, if it is an unsolicited email from someone not on my whitelist it will be required to have some small fee attached to get past my filter.
I've seen some suggestions that instead of using money you could use some proof-of-work computation. This is something we could scale the difficulty factor of as computing power increased. Something that takes, say, an average computer 30 seconds (or longer) to calculate. It will attach this proof-of-work to the email.
Mailing lists wouldn't need to, or couldn't exist in this new magical email system. There's a hundred other solutions out there for what mailing lists provide.
Impose the fee only on one-way communications. A responsible mailing list would have a single instance of two-way communication when asking the user to confirm that they wanted to sign up. No I have no idea how that much state should be handled in a distributed fashion.
Separate authentication from message delivery. The problem with both spam and spam mitigation measures is that the message is considered as coming 'from' a sending system instead of the actual originator of the email.
Splitting these up converts one impossible problem into a tricky but mostly solved problem (delivery) and a hard problem that has to be addressed anyway (internet identity)
How about a PKI system were one or more authorities can sign keys and the email server admins can approve public keys based on its combined score coming from the authorities. Authorities could be universities, engineering organizations and other non-profit entities.
So now people have to register identities and can't use anonymous email addresses. And it wouldn't fix the issue anyways since spammers would just use botnets of legit sender addresses.
You are mixing up registration with registration with real data. You could still register an email address with arbitrary details and after a while you could establish a score that would grant your non-spam status. What you are confused with is that in this system there is no disposable email address. That is actually a valid concern but I don't use those so i really don't care.