[wpietri]

One could add a proof of permission model to that to cover things like mailing lists and other regular sources of email. Something like:

I sign up for a mailing list.

The mailing list mail server contacts my mail server.

My mail server presents to me a request for free delivery.

I approve it.

My mail server gives the mailing list server a secret token.

Each mailing list message includes proof that the message has been blessed by the sender and that the sending server knows the token.

[jrockway]

What stops this server from then using that token to spam you?

[wpietri]

I'd do it with revocation.

Right now I give out tagged addresses to most vendors, and I know others do it for lists. When a tag goes bad, I just route any further mail to my spam trainer.

[jrockway]

But that means for every legitimate mailing list you're on, you get one spam. And you lose the legitimate mailing list just because their token got compromised.

Dunno, I feel like we should just charge for mailing lists too. Or use usenet!

[wpietri]

If I can get it down to one spam each time a mailing list server is compromised, I'm ok with that.

Even with a charging scheme, some spam will still happen. Give the amount of BTC stolen so far, and given the number of compromised computers that could be used to generate cash, looks like there will be plenty of money to spend on sufficiently profitable spam.