Some companies make lots of money by running spamming systems.
Some systems that try to reduce the flow of Spam create problems for legitimate email senders.
I feel a legislative approach is needed. I think the strongest argument in its favor is that most spams come from a handful of providers - so enforcement shouldn't be that huge a problem, at least initially.
- update: CAN-SPAM https://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003
- copy the Do Not Call system for a Do Not Email
- require every message to have an Opt-Out system (maybe require it to be single-click, so the recipient's address is part of the URL); make it a crime to (a) leave it out or (b) not actually implement the unsubs and track the list. (Personally, I rarely use these because I feel like they're just confirming that I open spam and will lead to more bad behavior.) Also, vendors have to remember who did the Opt-Out and never sell those names.
- require that every message include the name/domain/contact-info for (a) the client paying for the spam, and (b) the service provider actually generating/sending the spam.
- make it a crime (fraud? maybe that's civil, and we need criminal?) to forge a From address.