I hate spam. Since I bought my own domain I've been very careful reading privacy policies, and I've managed to keep it to the point where I could count the amount of spam I've received in the last year on my fingers.
I also use a system where I give a customised unique address to each and every loosely trusted organisation who gets it (electronically at least). Just in the last couple of weeks, I've started getting spam addressed to realaudio-zog@[nospam].jester.net.nz.
I now know confidently, for a fact, that this is the address I had to give to realaudio.com six months ago before they'd let me download realplayer. I'm never going to trust them with information again and when the opportunity comes up I'll recommend to everyone else not to trust them either. Suffice it to say that this spam definitely does not come from their "contracted business partners".
I think digital signing would solve a lot of problems here. If more than one person I knew actually understood and cared about this sort of thing, it might be feasible for me to start rejecting unsigned email.
It probably wouldn't work in the state that it's in now though, because it's so easy to fake.
Presently there are two or three main keyservers that are used, and there's nothing to stop anyone posting new keys under whatever identity they want to be known as. The main problem being that with a public keyserver where anyone can set up keys, it's difficult for the email receiver to know if the key is actually from that person, or if it's from someone pretending to be that person. (ie. We're back where we started.)
If it became habit for ISP's to run keyservers on a standard port holding keys for email addresses on their domains, it would be easier for a receiver to verify that a signed email actually came from that address. They could simply compare the sig with the domain's keyserver, knowing that it could only be set by the person who owned that address. Obviously there are dangers like intercepting traffic and so on, but it would still solve 99% of identity problems. For anything that needed more security people should probably be swapping their keys manually anyway.
Of course there's the problem of actually convincing anyone to use the system at all. This would likely need a major company like Microsoft encouraging people to use it through default settings. (Getting an infrastructure in place could be a good step towards encouraging more use of encryption, too.)
jesterzog Fight the light