Years ago, I pointed out that the right way to deal with spam was differential filtering based on the managed reputatation of the sending service. This reasonable approach was greeted with ... well, almost nobody read it or listened with any interest. Jon Udell, who is brilliant, agreed that it was probably the way we'd go.
Basically, it's subtle, it's hard to encapsulate, and it's not sexy. So rather than get there quickly, we're slouching slowly in that direction. I was pleased to read about Greylisting recently -- it's one more step in the right direction.
BTW. The wrong direction is Microsoft/Intel's Palladium identity management technology, but, alas, we'll go that way too.