The largest problem with Email (in my opinion) is the amount of spam you will inevitably receive. Fraud is quite possible with current Email, and it can in general be somewhat dangerous for the novice user. So, how do we fix this?
There are two measures that need to be taken to fix this in my opinion. The first measure is user verification. When two users converse for the first time, the server which the email is being sent to would have the option of sending a Security Form. The Security Form could be of any size/complexity the user wanted, and would contain a small form that could contain images if necessary. This form could ask math questions, request image-text verification, ask the user to identify the point of a small story, basically any form of human verification. The user would then fill out this form on their client and send it to the other user. This form would either be correct or incorrect, if it is incorrect it sends out an error message to the sender, if it is correct though it sends a ‘all signals go’ message to the other client, and then it stores the address (DNS/Account or IP/Account) of the sender in a whitelist. After one of the users has been verified in the conversation, both users may talk to each-other without filling out another form.
The Second measure is email to email verification. When someone sends an email to another email-user, the sender would first send a security header. The header would contain the address (DNS/Account or IP/Account) of the sender, and a 16 byte identifier (that would be random). On the senders email server, it would store the 16 byte identifier being used to send the email, and correlate it with the address of the user who the email is being sent to. Then the server that the email is being sent to would then send a header back to the original email server which would then check its outgoing email lists to see if there is a 16 byte identifier that correlates to the address of which the header was sent, if there is one, then it sends the contents of the respective message. If there isn’t one, then it informs the sender of the form.
This makes it essentially impossible for a spammer to spam you. If a spammer completes your human verification form manually, then only he can spam you, he can’t give the information to other spammers since only his address is in the white-list and email to email verification prevents a spammer pretending to be another spammer. Also, at that point it would be very easy to block the person, you just put their address on a block-list and remove their address from the whitelist. If someone tries to send a fraudulent header, that won’t work either, as the email to email verification checks to make sure the sender is actually the sender, and it won’t receive the message unless it actually is the sender.
I am not an expert in this area, and I am sure there are ways this design could be improved, however, this shows just one of the things that could be done to improve email.
I think you have got good 2 points on sending and verified emails but in my opinion this is a fundamental issue with a protocol which can easily tampered and sniffed by intruders.
In general I liked your both ideas. It is quite feasible as well but I am not sure about how it will impact on spammers, The ways I can see to prevent spamming are a signed seal of email message, the origin of a email address itself (sort of an email address account holders rating and existence), and permission to send email to destination address. In other words if I want to send you an email, I need your permission to send you a signed email and to achieved that mail servers can generate verification services behalf of you and asked you to permit me to send you an email by verifying my authentic existence, rating etc.
But the main problem is still exists which is how can you stop spammers to send such mass mails? It is a challenging job for each company to fight with this spammers. I strongly believe that if we could established fundamental changes in emailing process it could be a temporary solutions until it broken by hackers. but it is still a mess and it will be.
Anyway someday someone might read this and flick an idea what I have mentioned above.