Jeff Bone:
>IMHO, the right approach is to come at this from the top-down; manage the 
>principals involved and the "web of interaction" between them.  White 
>lists, black lists, filtering, etc. are not only sufficient, they're 
>probably necessary regardless of what other mechanisms you have in place. 

Yep. If I sign up from FoRK, then its messages
should get through, even if my AI filters determine
the signal to noise is stale. ;-) If I don't want
to hear from a crazy chick I met one night, her
messages shouldn't get through. These can be seen
as primitive rules: always pass messages from A,
always reject messages from B.

>Generally speaking, in a communication system, either people you don't know 
>a priori can contact you, or they can't, or they can but they have to go 
>through some sort of multi-step introduction/ approval process (automated 
>list building) or be referred (FOAF, web of trust mechanisms.) ..

Personally, I think the email spam problem would
be 99% solved by the rule: Allow everyone who is
on my whitelist, or any message individually sent
by a real human being. Captchas provide the
primitive web operation for determining that a
human rather than machine is at the other end of
an interaction.

The one worry is that the spammers will outsource
captcha validation to third-world nations with
really cheap labor. But I don't think that's
feasible. The economic model for spam is "use
machines to interrupt people." Using people to
interrupt people is telemarketing or panhandling
or something else, and becomes much more effective
with a voice channel than through email. Captchas
can be designed (a) to set a minimum attention
span, and maybe even (b) to verify some degree of
cultural affinity, i.e., that the person on the
other end reads English, etc. Very quickly, the
spamming model becomes overwhelmed, and the
resources are better deployed in one of the other

Of course, we want to eliminate telemarketing
also. ;-)

