| The idea of using DNS records for sender authentication has been adopted as RFC 4406. Please refer to that document if you wish to implement this. The RFC gives me credit for the original idea, and I fully support their implementation. |
The problem with the current SMTP system is that it is completely anonymous. The real solution to spam will come when SMTP is either fixed or replaced.
It could be replaced "from the top" if Microsoft were to begin bundling a proprietary solution. It could be replaced "from the bottom" if a backwards-compatible substitute began to win popular opinion. Unfortunately, the longer the spam problem remains unsolved, the more likely that a proprietary solution will be proposed, and the more likely that people will be to accept it.
The first step to fixing SMTP will be to make it non-anonymous by authenticating the email sender. This can be accomplished through the use of encryption. If everyone trusts a third party (e.g. Verisign) to vouch for identity, the authentication problem is solved. Unfortunately, this "solution" will end up costing the public a grand sum of money.
Luckily, sender authentication can be accomplished through another means as well: The Domain Name System. It is the official source for all domain-related information. When an email is received claiming to be from the domain "couchpotato.net", why shouldn't the "couchpotato.net" DNS servers be consulted to find out if the sender is indeed authorized to send email purporting to be from "couchpotato.net"?
June 3, 2003: A reverse-MX (RMX) proposal might soon be accepted; many key individuals are now supporting the RMX approach. Mike Rubel has written this page describing the various RMX proposals.