> First and foremost, mandatory whitelisting, as you propose, should
> be the last resort. It centralizes the mail system and severely
> limits my freedom to send mail to whom I want from where I want.

First, this battle is already lost. There are already lots of
mailservers which don't accept email from arbitrary IP addresses.
Thus, even now you can't be sure that the email you send from where
you want will actually arrive. With my scheme, you can still send
email to whomever you want. I don't see the need to raise the
spectre of censorship here. If you run your own mail server, do
YOU accept email from an arbitrary address? If so, you will get
lots of spam. If not, what's the difference on relying on someone
else to receive your mail and relying on someone else to send your
mail?

You can still send mail from anywhere by SMTP-authentication. Or,
do as I do: the computers at home are always running, and from
virtually anywhere in the world I can access them remotely and
send email from there as if I were at home. This has the advantage
that one can't tell from the email headers where I was physically
located when I sent the mail. (Not that I care, but if you worry
about burglars checking up to see if you are at home....)

Centralise? In the sense that not every IP address can send email,
yes. But in general, no. It will create a market for cheap,
efficient, reliable, trusted SMTP relay servers.

> Even if such a scheme is implemented, it's possible all it would
> do force spammers to become more efficient and slightly less
> profitable. More efficient in that they would only send mail to
> known recipients, no more of this dictionary stuff -- and that's
> assuming these trusted relays charge even for refused connections
> (which would be controversial). Less profitable if they eat the
> relay costs themselves instead of billing their clients for all or
> part of them.

Spam can be recognised by sending LOTS of email messages from the
same IP. Otherwise, it's not profitable. When the relay server
notices that, it blocks email from that address and checks with
the customer. I'm not talking of anonymous trusted servers, but
rather of a case where, to reliably send email, you sign up with
such a service (as I have and the costs are peanuts). If the
customer is a spammer, the owner of the server takes him to court.
If the problem is a virus-infested PC or whatever, the customer has
to correct the problem.

> The best thing would be if 1) ISPs do a better job at recognizing
> and blocking zombie PCs sending spam, and 2) if naive business
> would stop paying "email marketers" thinking they will make new
> customers (I can't believe enough people respond to spam that
> they actually do... but maybe I'm wrong, in which case number
> 3) would be naive people not responding to spam advertisements).

The businesses are not naive. They pay spammers because it works.
Even the people who respond might not be naive; they might really
be interested in buying the spammers' wares. The problem is that
they don't realise how large the collateral damage is when they
respond. The spamming model works because it is so cheap to send
email that it is still profitable if only a tiny fraction of
recipients respond. I don't see how we can stop that. The only way
is to make sending email more expensive---prohibitively so for
spammers, negligibly so for everyone else.

As to 1), which ISP should recognise and block where? That's what
I'm talking about with my scheme. This is what makes these
SMTP relay servers worth using: they can be relied on to recognise
and block spam being sent out. You might be thinking they should
recognise and block it coming in. They can, but again that's a
service which has to be paid for, directly or indirectly. It's more
efficient, of course, to stop spam going out than to recognise and
block it coming in. Although I might move spam checking for
incoming mail to my ISP, with my scheme the user can handle this
end himself if he wants to and fine-tune it to his needs. Letting
the ISP do it is using a black box, more or less. However, if I send
outgoing email through an SMTP relay server, there is no loss of
functionality on my side.