[dredmorbius]

Engineering in a lot of reputation management and metrics would help.

There are some interesting (I'm not sure "compelling" or "strong" is necessarily the case) arguments to be made for enabling open relays and other forms of unauthenticated messaging. John Gilmore of EFF has fought that battle for a long time, and still runs an open relay on toad.com.

Signing and authentication measures (particularly on header data) have to be both standard and quick to process.

Methods which increase the costs of delivery -- pacing receipt rates from a given IP or block, can help. Being able to specify receipt priorities: high for IPs and ranges with which frequent legitimate business is transacted, very slow for most others, would also be useful. Along with a lot of built-in support for this.

Killing :80 and moving to entirely secured ports wouldn't be a bad move either.

[phunehehe0]

Maybe you mean 25 or something else? Port 80 is for HTTP. And what does a secure port mean? If you want people to be able to talk through a port you have to open it. The number doesn't matter.

[dredmorbius]

Doh! Yes. :25.

By "secure port", I mean forcing encryption of all over-the-wire traffic. It's happening now in many cases with STARTTLS (modulo utter brokenness of the CA and SSL/TLS systems), but that's still only opportunistic.

And of course, encrypting payloads would be vastly preferable. Headers as well other than absolutely required for delivery.