ratbastid

Well, but how WOULD you verify senders? You going to double email bandwidth around the world and make every receiving SMTP server check the putative SMTP server of the "From" and "Reply-To" addresses and make sure they're deliverable? SMTP is designed to be a stateless, connection-time protocol. In theory, I should be able to take my SMTP server offline immediately after dispatching an email and it should get there fine.

And even if you were willing to do that, verifying the deliverability of an email address wouldn't help in this situation. It's the deliverability of that address that's the problem! So... Every email now needs to be MANUALLY checked with the actual person who sent it? That's secure, but imagine... if I sent you an email, and a few moments later when your SMTP server received it, it sends me a message to verify that I really was the one sending it. I then need to reply to that... Somehow it needs to trust that that message really did get to ME and not somebody PRETENDING to be me....

There's really NO good way to do this--every solution is a compromise on some level. Things like real-time blacklists and Bayesian filtering eliminate a whole lot of spam. Since I switched to routing all my mail through Gmail, I haven't seen much spam at all--and I've had my main address for six or seven years. My Gmail spam folder catches anywhere from 80 to 250 spams a day that I never have to see or deal with. Seems like that's an adequately good tool, to me. It doesn't save me from being spoofed as the sender of spam, but a simple filter will keep those from being annoying as well.