Given that the machines have been hijacked, there isn't any authentication mechanism that can't be hijacked from the machine.
I agree entirely. You're right, there. The change to the mechanism will have to be deeper than host authentication (deeper than IPv6, which many tout as a solution). Any such real solution, however, will kill the 'commons' that made SMTP email so nice (and so nasty): you can send a letter to anyone from anywhere, through any path, and it will work. That's charred ground, now, and only through the use of strongly authenticating gateways will we preserve something like real SMTP mail. Then we just have to lock out all unauthenticating senders... distribute keys... and... er... that's pretty expensive unless we make it an end-user solution of sorts (so the cost of fighting the spam is itself distributed among the beneficiaries). But that is doable.
I like your idea of crashing the click-through model, but that will take a lot more than a few participants (it will take thousands), and it has the negative effect that it won't fully respond to changes in the OTHER side of the equasion. For example, it used to be that anti-spammers thought it a good idea to publish thousands of bogus email addresses. Ironically, now, the spammers have massive capacity, and the double-bounces generated by the bogus-sender spams to those bogus recipients is more of a burden on servers than straight-up spam.
Re: Agreed, but slightly missing the point
I agree entirely. You're right, there. The change to the mechanism will have to be deeper than host authentication (deeper than IPv6, which many tout as a solution). Any such real solution, however, will kill the 'commons' that made SMTP email so nice (and so nasty): you can send a letter to anyone from anywhere, through any path, and it will work. That's charred ground, now, and only through the use of strongly authenticating gateways will we preserve something like real SMTP mail. Then we just have to lock out all unauthenticating senders... distribute keys... and... er... that's pretty expensive unless we make it an end-user solution of sorts (so the cost of fighting the spam is itself distributed among the beneficiaries). But that is doable.
I like your idea of crashing the click-through model, but that will take a lot more than a few participants (it will take thousands), and it has the negative effect that it won't fully respond to changes in the OTHER side of the equasion. For example, it used to be that anti-spammers thought it a good idea to publish thousands of bogus email addresses. Ironically, now, the spammers have massive capacity, and the double-bounces generated by the bogus-sender spams to those bogus recipients is more of a burden on servers than straight-up spam.