Back in the old days we did this with the MySQL list - if the message does not contain a set of "magic" keywords that would frequently appear in a legitimate message, we reply to the poster telling him to include those. He could just reply and the message would go through. I do not recall that we checked first to see if the poster was subscribed, but we should have.
So in that spirit but with some improvements one solution could be: - if the poster is subscribed or is on the white list of posters (we can generate this by examining if he had posted before, received a reply, and then replied to the thread again - to exclude auto-responders to spam) let the message through - if not send him back some kind of a challenge Maybe to avoid auto-reply bots, the challenge could be intelligent, e.g randomly generate a short Perl script or a C program and ask the user to respond with the output. Of course, a spam bot author could rather easily create special logic to figure out that output, but chances are he is not going to bother. But if he does, we can punish him by adding the logic to detect his address and in that special case send the code that takes control of his system, gathers info on all of his spam systems, and shuts down all of them if he forgets that he needs to execute the code we send him in a chrooted jail or some other safe environment.
