Spam could be half-fixed with forcing DKIM, SPF, DMARC and TLS. The very least there would be no impersonation of other domain names (filtering the rest into a spam box will become much easier after that) and insecure transportation then.
How would sender authentication solve the problem? A large amount of spam is sent from throwaway domains with SPF and DKIM in place, and another large part of it is sent through hijacked web sites and email accounts.
As I have said, it would very least avoid spam looking real from real domains, which is half of the issue. The throwaway part could be fixed by making spam illegal and actually cracking down on it.
Simpler would be a callback mechanism that required at least a domain cert with TLS..
Server A => Server B :
hey, I have a message
for X
from Y
MessageId: Z
SingleUseKey: K
Server B disconnect
Server B => DNS Entry for Y's domain
Server B : hey, I want message ID: Z, Key: K
Then you need not only DKIM, SPF, etc, but you need a server that responds to inbound requests to pick up an outbound mail configured and setup on the correct port.
