I love how some people think its sooo easy to stop spam ...
Give me your email addresses so I can test your theories :)
I have a neat app I wrote purely for testing my ability to block spam on some private domains.
It's not as obvious as you might think.
The most persistent of spammers for example would take to some of the following:
1. faking the from address
2. faking the from IP
3. randomly generating garbage in the subject / body
4. sending 1 pixel tracked images
5. spoofing legit business
6. faking / spoofing subdomains under legit domains
7. using adressing tricks that mean some emails not sent to you end up in your mailbox
To send an email requires little more than 1 line of code these days.
Servers filter email based on rules that you define which are typically based on something like ...
1. the from address
2. a keyword
3. a unique to address (such as the aformentioned "firstname.lastname@example.org")
My app code can randomly generate a to address @somedomain that i specify with randomised content.
For example ...
I can put in gmail.com and get out a near unlimited number of email addresses.
If i then send some email content to each of these email addresses stating in the email header that it came from "email@example.com" how would your email client know it was from facebook?
I can style the body to look just like it came from facebook and need only include a facebook logo image to confirm you read the email.
I then know for sure what your email address is and that you read my email.
I should point out ...
I work for a company that sends about 1 million legit opt in only emails an hour, the app i'm talking about is to test our systems from this type of "attack".
the point being ...
Am i facebook? ... no
Can you tell it came from facebook? ... no
Can your email client tell? ... no
Who would likely get the blame for my spam email? ... not me
Is it spam? ... yes
Did I gain anything from it? ... yes - an email address I could sell
This is not an exhaustive example of tricks used but does highlight a common problem ...
The SMTP protocol (language used by mail servers) is flawed and has been since it begin.
There is no way round this unless the standard for the SMTP protocol is in some way changed so that emails can only originate from trusted non spamming servers that will definately honour an unsubscribe request.