I sketched out a protocol for this a while back. The root cause of email abuse is that the only thing you need to send email to somebody is knowledge of their email address. We need to change that so that you also need their consent.

The initial email verification sent to you (“click here to confirm your email address”) includes an attachment requesting an auth token. Emails with this attachment get presented to the user in something akin to a friend request for email, with a consent screen describing how they intend to use your email and for how long. Approving the request hands them a Biscuit token.

The sender attenuates this token when sending email to you or when sharing with a third party provider like Mailchimp. Any emails authorised by a token automatically skip all spam filters. This is the carrot for senders to adopt – they can stop worrying about all the deliverability and IP reputation nonsense and can just send direct from their own servers, reversing the centralisation of email and making it more reliable by skipping spam filter heuristics.

All of these emails have reliable provenance and traceability. If a leak / abuse happens, you can revoke the token and any emails sent with it. Senders can also proactively revoke any tokens provided to third-parties in case they were breached, without affecting the sender’s ability to send themselves or through other providers.

Once a critical mass hits, you can auto-deny anything without a token. At this point, all the email you receive is from somebody who has obtained your explicit consent to do so.