Paul, let me add one more to your list: As a community, we have been too lazy to take hold of the architectural source of the problem, which is the complete lack of accountability over the ability to post email.
Hear, hear.
Of course, this breaks the end-to-end model of the Internet... Too bad. End-to-end makes sense in some contexts, and it doesn't in others. This is the latter case.
John, I don't believe that it is necessary to break the end-to-end model of the Internet in order to implement accountability for posting email. Rather than filtering port 25 at the user ISP, every ISP who operates an SMTP server could simply get off their butt and stop accepting connections from anyone that they don't know. In the case of a user ISP, they know all their own customers. And they should know a significant number of their email peers. If people can make arrangments for NNTP peering or BGP peering rather than opening it to all comers, why can't we do the same for SMTP? Pure laziness and lack of vision, IMHO. Michael Dillon