Close, but not quite.
Spammers are hacking legitimate accounts behind SPF, DKIM, and DMARC just so their spam can get through from a legitimate email account with those semi-verified features infront of the domain name.
I'm quite skilled at mail servers and the way they operate, much like yourself, to fully understand SPF, DKIM, and DMARC
In your own words:
many approaches
They are all approaches. None of them are 100% spam-proof. If they were, then the inventor of an 100% anti-spam internet would win a nobel prize.
However, that is not the case. Spam on the internet is more than a disease, it's a worldwide plague that eats bandwidth and traffic everyday and it is neverending.
Who pays for spam, the bandwidth it uses, and the resources it requires to try different "approaches" to block it?
The paying users do. Not the ones abusing the system.
This is a big problem, and having blacklists may mitigate the issue a bit.. but it is no where near solving it.
P.S. Indeed, concerning the scalability, that's easily circumvented by setting a limit on the blacklist size (say, max 50)
50 could be filled in a day, by each user on the system. No where near enough. :(
I'm skilled with mail servers too, I've been running my own for years 🤓
Luckily the majority of spammers are amateurs and never bother to configure and run their own servers; when they do, it's poorly configured. Often they use sendgrid or other big services. Indeed, we can't solve the spam problem at 100%, but if we can minimize it then it's a step forward.
Nice to meet a fellow postmaster. :)
A majority of the let's say 100.000 users will rather agree on who the spammers are. Not all those users will have different spammers on their blacklists.
They might agree roughly on the number of real spammers, and that's what the blockchain has to handle.
In the end it is quite a democratic process.