I think proposals such as DSP are quite promising. (I'm not sure it's 'there' in its current proposal though). The only *real* problem with DSP is that some (relatively few, in reality) people want to be able to send mail from one domain through a non-related ISP's SMTP server. Now, a lot of ISPs are blocking this type of use in any case nowadays in an attempt to reduce spam being sent through their servers. Also, if you say that 'I must be able to send mail from any domain through any SMTP server I have access to', then you're essentially removing any possibility of a protocol based attack on spam - as this is ALL that spammers do, that is always detectable. You don't NEED to have everyone using something like DSP to let it help - you can feed it as another variable into a multi-layered spam filtering system. (eg if a message comes from a non-blocked DSP compatible domain, you could automatically white-list it, otherwise do your content filtering etc) You could be cruel, and encourage people to implement it by modifying it so that only people who implement it themselves are allowed to use it :-) And, it's not hard to implement at the DNS level. Many mail servers have something similar built in for RBL lookups etc, so it wouldn't be hard for them to modify that. Once someone implements it, then, yes, they could send spam through their own servers, and a crude DSP check would allow it, but it would then be easier to block as you'd have easier checks to put in place as you'd know the email domain the message was coming from.