As I write this, the volume of spam in my e-mail accounts has dropped drastically. A couple of ISPs have cut certain of their customers' access to the 'net.
Colocation is supposed to be pretty neutral, but when your customers are sending commands to 'botnets from serveres you are colocating for them, you eventually know what's going on, and your contract does allow you to quit co-locating for them, and even turn their servers over to the police. And if you don't take action, that makes you an accessory to the crimes, so the ISPs that supply your connection are within their rights to cut you off.
So, two levels up, but the co-locators were cut off. Without the command centers, the 'bots don't know what to send to whom, and the volume of spam drops. Until the bad guys find another patsy to host their command centers. Only, this time, they'll find legitimate fronts, spread their command centers out, and so forth.
Junk e-mail is kind of like drugs. The only way we'll win the war against drugs is to quit buying them, quit using them. That means the war is won or lost, one person at a time.
The only way to win the war against junk e-mail is to refrain from doing business with them:
(1) Refrain from sending them e-mail (and thus confirmation that you are reading their illicit advertizing channel).
(2) Refrain from clicking the "Don't send me any more!" booby-trap buttons. (Yeah, right, we won't send you any more! hyuck, hyuck.)
(3) Refrain from clicking on the link to the "hot pictures". (Look at the url blank in your browser next time. See that code on the end? They look that code up in their database, and they know what address the mail was sent to. That's your address, you see?)
(4) Don't even look at the mail if the sender and the subject are obviously spam. (Forget sender notification. IFRAME leaks, anyone? Besides, if you don't look, you won't be tempted to buy, or even to look some more.)
(5) Oh. And never, never send them money or your credit card number or bank account information, etc. Don't send them anything. Not if they promise your next night of love-making will be more fulfilling. Not even if they promise that they have lots of money to give you for reason X, Y, or Z. This is organized crime you are dealing with.
You can win the war for yourself, and then you can encourage your friends to win the war for themselves.
I know that what I am proposing may be easier said than done. Maybe you aren't susceptible to letters that start out, "Dear sir or madaam. I am your long lost friend/relative/employer's ex-husband's cat's manicurist/prince-of-some-vaguely-familiar-sounding-country and I have lots of money from our mutual friend/relative/veterinarian/politician/whatever that is legitimately mine, but I can't get at it because of the weather/wars/economy/fleas on my dog and I need your help."
Maybe you are inoculated against that kind of scam. Maybe designer shoes or rip-offs at bargain prices do nothing for you. Maybe you have no fears about your love-life, or at least are well aware that a pill that may or may not make you sexually excited can't solve your social problems. How about expensive wrist-watches? Or the slightly odd, but maybe-not-so-really-terrible mail list that you suddenly found yourself signed up on?
In a sense, you have to get in touch with your conscience, have to develop a good sense of reality, have to get to know your God in order to tell which mail is legitimately worth looking at and which is not. Of course, now I'm making it sound really hard. So let's talk about it a different way.
What we are talking about is setting up filters in your mind:
(1) Check the sender. Do you recognize the sender? Family? Friend? Co-worker? Someone from Church?
On the other hand, do you recognize the sender as a source of stuff you didn't ask for? You know what to do with that.
(2) Don't recognize the sender, so check the subject.
v1A6or@ is not something you want a special price on, okay?
Free nude pictures of that famous hotty? If there are pictures at the site linked, you can be really sure that they've figured out a way to make you pay without you realizing it until you're out a bunch of money. Besides, she/he is not that hot, really. Not hot enough to expose yourself to even more spam.
And, no, you are not interested in letters that promise to tell you how totally awful the current president or president-elect or the last candidate of the opposition party really is.
Nor are you interested in good deals on designer this or that, credit cards or just credit or loans, or basically anything when you don't know the sender.
(3) Vaguely familiar name and a "Long time no see!" or something similar? That one may require looking at. There is a risk of IFRAMEs or similar ways to leak the information that you looked at it, but once you've seen the mail itself, well, a fuzzy GIF with stock prices or something is also not going to give you useful information. You do understand pump-and-dump, don't you? Nor is a cry of "I'm lonely!" from a girl or guy you don't know going to be legitimate, romantic movies notwithstanding. Most likely the picture is used without permission and the real sender is an ugly man or woman who wants, at minimum, to see if your e-mail address is valid. More likely, he or she wants your bank account information.
I should mention again, by the way, that giving money to criminals often makes you an accessory to their crimes. You do not want to do that.
(4) Sometimes, the sender name is one you really think you recognize. But if you look at the raw source code, you can usually see that the real sender is something else.
Now, if you can do that kind of filtering in your head, why can't we just set e-mail software up do that for us?
Well, we can, sort of. The problem is that the spammers know that, so they use little variations to get past the software filters. (Thus the v1A6or@, instead of viagra.) The automatic filters tend to catch more than you wanted them to. (This is what they mean by "false positives".) And then the automatic filters tend to dump all the probable spam in a single folder, so scanning through the positives for the rare false positive is only mitigated by the fact that you now know that almost all of it is stuff you don't want to see.
The automatic filters would be more effective if you could directly train them. For instance, if you could select a word, phrase or url in the sender, subject, or content fields, and click a "This is spam." button, the software could even make a folder for stuff that has that word, phrase, etc. in it. Scanning through a folder that contains mostly similar spam is going to be much more effective than scanning them all together. It also should reduce the false positives, because the guesses the software makes are more restricted in context.
There are other tricks, trap addresses, door-knocking mail addresses, and more. I wish I had time to program such a mail filter, but I don't seem to have that much time. And I have too many other interests, too.