I ran across an interesting email the other day on Full Disclosure, from a Stuart Udall claiming to have a near perfect solution to spam. Click here to read the anti-spam tactics. Granted, there are some serious issues with this technique as Stuart points out. The most obvious one is that because it is so good at finding them it also happens to find a lot of false positives. To obviate this you need a whitelist of your own contacts.
But would that work for me? Not that I’m your typical user, but it’s still a datapoint. I get literally hundreds of peices of email a day, from all over the place. Some are mailing lists, some are direct marketers for things I actually want to recieve, some are questions from the people who read this board, some are work related, and lastly, some a are just plain old spam. Spam only makes up a small minority of my email. The vast majority is people I’ve never met and probably never even talked to before - let alone added to my addressbook.
The tools that hook into your webserver to automatically seem like a good idea, but do I really want to give up information to users I have never met before - like my IP address (assuming I don’t use a proxy or something like Tor) and my browser type, etc…? It’s an interesting problem dictated in large part to the turing halting problem (as are many security issues it turns out).