However, creating new publick/private key pairs is an incredibly expensive operation,
Uh? Creating a Diffie-Hellman public/private key pair is actually quite
simple. Even an RSA pair is not all that hard, considering that a set of
N prime numbers can generate N.(N-1)/2 key pairs.
Ok, so the actual generating of new keys may not help us much.
The logical
consequence of authenticated e-mail is bound to be authenticated spam...
You don't see that as a step in the right direction?
It depends whether you use something like PGP or something like PKI. If PGP or PGP-like, then the spammers can very easily create throw away identities, and we have not gained much.
Only the ability to recognize a known sender.
In fact, spammers seldom fake the email addresses of one of your friends, so a PGP solution would not be a dramatic improvement over simply maintaining a "white list" of friendly email addresses.
Right.
If PKI or PKI-like, then the spammers would need to obtain an actual certificate for each of their throwaway identities. But so would everyone else, which implicitly limits the cost of obtaining a certificate to whatever the public can bear, and the amount of identity checks to whatever the public is willing to accept, which today is an e-mail reachability test. So, the spammers will be slowed down, but not much.
Disagree. If people want to run their own MTA or a substantial mailing list, it's not unreasonable to require much more than a simple email reachability check. Usually this includes buying a domain name anyway. Having to buy a certificate or having some relations sign a newly generated key isn't a huge imposition.
People who don't want/need an MTA of their own and only send hand-typed email can use a service provider who can limit the number of messasges from such customers to 100 per hour or so. That means that even if a spammer spams for an entire weekend until his account is yanked, that's less than 10k messages which isn't enough to make spamming worth their while.
