This is my first posting on a topic I've been thinking about for a while. To my surprise I couldn't find yet any similar attempts - and most of it seems pretty obvious.
I have few itches - one is the large number of mails using a false "From" address. The other big problem is the valid mail from friends and family that gets sometimes lost in the spam filters. It is actually easy to solve this - and more - with a very simple aproach: add more information to the mail envelope and use a digital signature to add a level of trust to the message.
The idea is very simple - to best way to improve spam filtering is by adding in bits of information. Unfortunately, spammers can and do fake source address and almost anything else in the message - so the only way to add this information is by using public key signatures. In order for this to work, it needs to be easy to deploy to large number of regular non-techy people. Real authentication is very complicated - even with S-MIME, most CAs only verify the email address. So the main goal is not to prove the identity of the sender - just that the sender has a valid, verified email address. And this can be easily done without installing any software on user compulter - the initial mail server will typically use different mechanisms ( IP address, authentication, etc ) to verify the sender in order to allow relying. This valuable information ( that someone already verified the sender and can trace him to a valid user, and it's not a faked mail ) is unfortunately lost. Of course, we can't expect mail servers will do this, so it should be possible to also implement this "enhancement" on the client side, using simple plugins and PGP or self-signed certificates.
Digital signatures have been around for a long time and we know they are very hard to forge. They are also very hard to use, due to the difficult certificate management and complex software. At least in the S-MIME and PGP form it is very unlikely they will ever be so common with regular people in order to make a difference - and they are used to solve a very different problem.
It is currently trivial for SPAM or virus writters to use forged addresses - they do this to get past white list and into mailing list that require subscription. Without the extra information in the envelope - it will never be possible to write a SPAM filter to distinguish between a true or false message with a simple content like "Check this link" coming from a person you know.
So the major problem that needs to be solved is how to place the extra information in the mail headers - such a solution can only work if it can become trivialy easy to deploy. A major goal is to make it work on both MUA and MTA - it is clearly much more powerfull if implemented on the mail server, but it's unlikely large mail servers will do it, so the best hope is to convince your friends and family to install a small plugin.
The user can use a real certificate - most certificate providers validate at least the user's address. The common case will be to use PGP or self signed ceritificates. We can't expect regular users to understand or go through the process of generating certificates - but a simple plugin or program can just generate a pair and add an extra header to outgoing mail. The benefit will be that mail from the user can be accepted without the risk of beeing lost as SPAM or going through white list requrests, and false mail claiming to be from that user can be imediately detected.
There are few important issues that need to be discussed - like protecting valid use cases, privacy, complexity, costs - the end solution must find the right balance in order to be used. While the idea looked trivial in principle, dealing with those problems can be a bit tricky. In the end - any bit of (verifiable) information will help.
As I organize my notes I'm going to explain more, and hopefully also write some code to verify the concept. Feedback and help is obviously wellcome :-)