We need to start with an Email Service Consortium with a code of email server practices in which the larger ISPs agree to stop accepting SMTP connections from anyone who is not in the consortium or a customer. This will get everyone implementing a set of well-known and consistent controls.
...is not practical. Remember the true street-level definition of spam: "spam is e-mail you didn't want that wasn't sent by me or my customers." Trying to form an E-S-C under those conditions is unthinkable or useless.
That's why I maintain that we should not be trying to solve the man-in-the-street's SPAM problem. ISPs can't do that. But ISP's could join together into a consortium to solve the serious weaknesses in the overall Internet email service architecture that allow SPAM to thrive. Once the architecture has been fixed, spammers will find it hard to do joe-jobs or to send spam anonymously. When it is easier to identify the actual sender of a spam message, then ISPs will find it much easier to enforce their AUPs on abuse. --Michael Dillon