The only solution to spam will have to be economic. Legislation must be crafted to make enforcement economical. If the enforcing entity recovers more in fines/penalties than the enforcement activities cost, there will be adequate incentives to pursue enforcement and I suspect that the size of such recoveries will deter violation of the laws. Since my spam may not be your spam, a cornerstone to legislation will be in the definition of spam and marking required on such email. Technical solutions will be required to allow identification of the origin of the spam. This is a two tier issue ... identification of the 'entry' server and protocols for use by such servers for identification of the originating client. Watching other recent email threads, it is clear we still haven't achieved a management oversite structure for the domain name system so I wonder if the internet community can converge an an organizational solution to manage non-repudiatable identification as well as a way for humans to report spam experiences, but perhaps the cost of spam vs. the lack of cost associated with failures in the DNS infrastructure might provide greater incentives. Any spam solutions will need to work for the vast majority of email users and any 'training' of the solution will need to be simple. The approach I've been noodling for a while now is: 1) Define and start implemting protocol extensions to support identification and distributed authentication 2) Likewise, protocol extensions to support a parallel email infrastructure where there is a charge, say $.20, for each email sent. Technically, I think this would be mostly a new DNS record so that a domain could define its for fee provider(s) and perhaps some accounting records or related support to insure interoperability for postage meter operations. 3) Probably some IMAP extensions to allow management of shared servers 4) Probably support for exchange between mail services much line the USPS can forward mail to an address in Canada, etc. Based on this technical infrastructure, I would envision I would configure my 'free' server to only accept mail from authenticated sources such as the IETF, W3C, or perhaps specific sources by address. I would expect one or more public or commercial entities would provide mail services based on these protocols. For example, the USPS and FedEx in the US. To use a commerical service to send mail, I'd have to purchase a roll of 'stamps' or a postage meter account. I would expect that for each email accepted by my server, I'd receive a credit in my account, say $.10. If you aren't in my pre-configured whitelist and you attempt to send free mail, you'd get a bounce message telling you that free mail wasn't accepted and to use a service which is part of the USPS or whatever network. Once the required protcols were defined and there was a minimal infrastructure in place, individuals / companies owning servers could adopt at their own pace and begin receiving value. Some thought in the protocol definition process to bridging to the new world would be good, but at least some of the thoughts I've had are really features of the user's client and server ... for example ... if you reply to my mail with proper use of my message id, you are automatically allowed thru my 'free' entrance. Dave Morris