Since y'all are claiming this problem is impossible, I want the glittering prizes if my proposal turns out to work.
I have some running code but what we are talking about now is in the architecture but not the code. The code allows Alice to send an authenticated message to Bob. What the code does not currently have is the Authorization Policy layer which I will describe here.
The starting point for this design was 'what if I was designing a messaging system for Madonna'. I want her to be able to put her contact address on her business card without getting her personal or business folders being deluged by fan mail. If I can solve that problem, I am pretty sure that the spam problem is a subset. So unlike with telephone numbers or email addresses, I assume that the contact address is public. Madonna will put @madonna on her business card, I will put @phb on mine. We both end up with a functioning messaging system.
So I want to control who can communicate with me. I have multiple communications modalities that I accept messages through
* Contact requests
* Asynchronous messages
* 2FA /Confirmation requests
* Synchronous text, voice, video
* Payment requests
* Workflow items.
Every Mesh message is authenticated without exception, so its all about the authorization policy.
So the first thing the Mesh does is to allow me to set different authorization policies for each. So let us imagine that Alice wants to call me at 2am in the morning. Not happening, she doesn't have that permission. My kids however, get to call me for a ride home no matter what time of day or night.
People can and will abuse any messaging modality but for the point of view of spam control, I would be MUCH MUCH MUCH MUCH MUCH MUCH MUCH MUCH MUCH MUCH better off is the only folder I was receiving communications from unknown parties was my contact requests folder.
So how would I set the authorization policy for my contact requests? I am going to make use of a number of strategies and adapt according to circumstances. Initially, I will allow anyone to send me a contact request. After a while, I might set a policy that in order to get priority in my contact requests, you must have an introduction. This may be from someone I know and have authorized to give introductions, an organization or a conference.
So for example, I think I would be pretty safe accepting contact requests from:
* Anyone who is an Alumni of Southampton, Oxford or MIT
* Anyone who has attended an RSA Conference, IETF, OASIS or W3C meeting
* Anyone with an introduction from someone I have authorized to give introductions
* Anyone who is an accredited expert witness search agent
* Anyone whose validated email address matches one of my SMTP contacts
That is going to cover the vast majority of my legitimate contact requests.
Now the secret of keeping Disneyworld clean is that the park is already clean. The big problem with spam is that once it gets to a certain point, all you can do is to mitigate. If you keep the park clean, there is not a huge incentive to try to break the system because it really isn't profitable enough to be worthwhile.
Madonna will have a considerably larger number of people trying to get in contact but just doesn't have the time. So her policies will likely look very similar but with people in the recording, movie, etc industry getting the pre-authorization. So if Chris Helmsworth invites her to an Avengers party, that goes straight into her personal inbox. While a message from a fan sent to the same address goes to one of her PAs and get the standard fan response.
This is exactly how the President's snail mail was being processed back in the 90s when we were doing the Whitehouse email project. POTUS gets two containers full of letter post every single day. Every letter is opened and read by a team of volunteers. These are digested down to a daily summary that is one of the first things that Clinton and Obama would read every day.
So how do people get the introductions etc? Well historically, that was the primary function of professional bodies, to introduce members to clients and to each other.
How hard is this to break? That will depend on implementation. But a system doesn't have to be perfect to provide real value. There is a huge difference between today's situation where over 95% of all the emails and 50% of the telephone calls I receive are spam and one where less than 5% is spam and that only in the contacts folder.
