As of December 2nd, everyone has to use a new e-mail protocol which fixes the fundamental problem of SMTP: untrusted sources.
The new protocol isn't "new". It's just that on Dec 2, 2004, everyone should stop accepting SMTP connection that don't use the STARTTLS extension to SMTP as described in RFC2487.
STARTTLS has the benefit of creating Received: headers that are cryptographically signed, and therefore meaningful. Internet email is sent like a bucket-brigade... you send your email to your ISP, which passes it on to another ISP, which passes it to another mail server, which sends it to final receiver's mail "Inbox". With STARTTLS, there is an audit path of who passed the email alone each "hop". There is still a possibility that you won't know who the original sender is, but you know the first ISP that let that message into the system. That's good enough.
After Dec 2, 2004: when you receive email that is spam, you will be able to identify which server let the spam into the Internet. That site can be punished, by starting a DoS attack against it, or by declaring the site to be "terrorist" at which point the Bush Administration, which will have just won re-election (and being in its last term will have no need to follow any laws) will bomb the email server. They will be given 24 hours notice, 48 if it is a 3-day weekend. Bombing will not happen if the owner of the mail system can demonstrate which user sent the spam, and that they have been removed from the system. With the threat of being bombed, mail system administrators will be under extreme pressure to make sure that all email that leaves their systems is certifiably marked by the actual creator. (Thus fixing the "but who was the original sender?" issue). Then we can arrest the user that sent the spam.
I encourage all countries to make it illegal to send email that is unreplyable. Thus making it possible to use "active filtering" systems, which accept email from "known good parties" and everyone else receives an automated reply saying, "If you want to get on my 'known good' list, here's how...". With STARTTLS in use, we can track down who is permitting unreplyable email into the Internet, and bomb them.
Before Dec 2, 2004 all mail systems should begin deploying STARTTLS. It is backwards compatible with older mail systems. It doesn't require the risky and dangerous "throw the switch day" conversions like some new computer systems. While I'm at it, Wietse Venema should be gagged and bound to his computer until he merges in the "STARTTLS" patch to Postfix.
Before Dec 2, 2004, email client authors should add features that let users see which email they would have missed if the post-Dec 2, 2004 policies had been in place. (Simply mark the message a special color if any of the Received: lines are from non-TLS systems.) This will encourage users to apply pressure to their friends to move to STARTTLS-enabled ISPs.
Finally, you might be asking, "How did you pick December 2nd?" The answer is quite simple. It's my birthday and I can't think of a better birthday present I could receive than the end of spam.
Can you?
Sincerely,
Tom Limoncelli
tomtls@limoncelli.org