Simple way, and I've been saying this for decades. WHITELIST. If you're not in my phone directory, you won't get through. If you're not on my email address book, you won't get through. Better email authentication would be nice too. Server A is spoofed to send mail: user@servera.com Server B receives the message: To UserA@ServerB.com Server B queries Server A to see if that message ID was sent. Since it's spoofed, the message is not verified and dumped into the black hole of unwanted bits. Do this and the entire spam problem goes away. Why? Because of the whitelist and verification. Will it be more inconvenient? Sure it will. You'll have to ask your family and friends to add you to their email address book and phone directories, but at least you won't be bothered at dinner time by some idiot wanting to put aluminum siding on your house when you live in a 25 story apartment building...... (happened to me. Was nice to see the trucks pull up, look, and pull away.)
