Challenge-response whitelisting schemes have been around for a couple of years. They need work, because of subscribed mailing lists where no "human" is doing the sending. But it's a step in the right direction.
Not as good a step as impaling spammers by the roadside.
My domains allow me to create a large number of addreses, all of which I then forward to my main account. For example, "EBAY@domain.com", etc. In this way I can at least find out who is harvesting or selling addresses, or otherwise releasing them by default, and then blackholing everything from them till the end of time and giving them no further business. That address is then killed. I went from hundreds of spams a week to one or two.
But my contention is, "Why should I even have to do this at all?"
I like this option and think it should be explored. Now, are we talking about impaling along interstates or do you think we could also use state funded highways? Just exactly what kind of impaling are you suggesting? Sharp metal rod? Recycled chainsaw blades? Where would one insert said impaling tool? How long would we be able to enjoy each and every impaled body? On week? Two? A month or more?
Many details to work out, but it is a start.
My domains allow me to create a large number of addreses, all of which I then forward to my main account. For example, "EBAY@domain.com", etc. In this way I can at least find out who is harvesting or selling addresses, or otherwise releasing them by default, and then blackholing everything from them till the end of time and giving them no further business. That address is then killed. I went from hundreds of spams a week to one or two.
I've used this exact same approach for almost a year now. I have an e-mail account with my domain, and it has the advantage that it is a "catch-all" account; that is, anything @mydomain.com will be received by that account.
So, whenever I sign up for an account for something, I'll make the e-mail address target@mydomain.com for Target Online, or ups@mydomain.com for an account at the UPS website. This has the advantage of me knowing exactly where the e-mail originated from, or who sold or gave my address to someone else, because the e-mail address that the website has is unique to them.
Also, since the e-mails all come to the same account but are actually sent to different addresses (target@mydomain.com, ups@mydomain.com, etc...) I've setup filters in Outlook that automatically move these e-mails into folders for easy reading and filing.
If I get spam from an address, I can simply setup a filter to delete mail from that address, and no longer do business with the originating website.
I use traditional spam filtering as well, but this method above works quite well for me.