There has been a lot of writing recently about anti-spam techniques. Much of it very recently has centered upon whether or not to employ challenge-response systems in order to create white-lists on a per user basis.

My question is, why not use a distributed version of this?

It seems to me that in this day and age of P2P technology, you might be inclined to get together with folks that you know (or at least correspond with) and create a collaborative white list, kind of like the "ring of trust" that has been done for PGP authentication.

It wouldn't be difficult to create a system that used collaborative technology to exchange current white lists for a whole domain or for some other group of people who are considered "safe" to take lists from. Once you do that, there can be a mechanism for deciding that somebody's list contained a spammer (or some other undesirable) and you can personally blacklist that, causing a notification to be created to the originating list stating this address is now suspect.

Using some recipient-appropriate rule, you can decide that a white list from a particular source is no longer valuable, and pull it from your "ring of trust" either permanently or until all offending addresses are removed from it.

It's not a perfectly-formed thought yet, since you would need to have some way to make sure that only authorized persons have access to checking against your own white list (in other words, you can't push the full list out to an insecure party), but there may be some potential.

Anybody else have a thought?