Spam has long crossed the boundary between being an irritant and a major problem for the net community, and it is getting worse. It was recently reported that 80% of the mail in Hotmail accounts is spam (although people tend to use "disposable" Hotmail addresses when asked for an email address while surfing) and a typical account would get 30-40 spams - some very offensive - every day.

You'll get spam even if you never give your email address to anyone, because spammers use software that "guesses" email addresses: they will send email to andrew, barry, charlie at whatever.com and then move on to andrew1, barry1, charlie1 and so on. Since it costs them nothing to do this, they'll just leave their PCs running. Enough people will respond to the URL at the bottom of the email ("to be removed from this mailing list click here") that the spammers will soon have a long list of valid email addresses to sell or swap.

Filters can be some help. I use Spamfire, which checks my mail server every few minutes and pulls off everything that looks like spam. When I read my mail via Wap, not having to wade through endless nonsense saves me much time and money. It also means that nothing reaches my kids' accounts without me vetting the subject and sender first.

But I still have to check the spam log once a day because the occasional non-spam message will get caught up. This illustrates another problem area. As spam filters tighten the net, they're beginning to do more harm than good. A recent issue of a Macintosh newsletter had an article about spam containing the word Viagra, resulting in the newsletter being identified as spam by filters.

About 10% of subscriptions bounced back! This problem has been evident for years: in 1995, angry breast cancer patients flamed AOL for putting the world breast on its blacklist. AT&T once filtered out its own messages. Filters cannot be a long-term solution. Legislation is another possibility.

South Korea has just fined six companies for sending unsolicited email following a recent spam crackdown. There, companies that send spam must identify the content of the message in the subject and include contact details so recipients can opt out.

Anyone who falsifies details, or sends spam to opted-out users, faces large fines. The European Commission is banning spam as well. But perhaps we should be looking in another direction. It's a rudimentary law of economics that subsidising something leads to more of it.

Spam is subsidised - it gets a free ride on the back of the net - and so it continues to grow. The only way to turn the tide is to stop it being free. There are a number of ideas circulating, but they all revolve around the same concept: if it cost money to spam, there would be less of it. There are, broadly, two different approaches: make it cost the spammer money to send the spam or make it pay for the receiver to get it.

One possibility is creating mail clients that demand money to accept mail: a legitimate company emails you and your mail client puts their message into escrow and asks for 50p from "the system".

Once the legitimate company has paid, the mail will be released to your account, the sender credited with 49p and "the system" keeps a penny for its trouble. At least one start-up, IronPort, is creating plug-ins for widely used mail servers such as Sendmail to implement a scheme along these lines. Making the sender pay doesn't have to involve an explicit charge. Suppose all email was encrypted and digitally signed and that your mail server would simply delete any email that wasn't.

If a spammer wants to send a million emails, they have to perform a million public key encryptions, a million session key generations and a million symmetric encryptions. Even if it took a desktop PC only one-tenth of a second to generate signed spam, it will still take more than a day to send out the spam, as opposed to a few seconds at the moment.

What's more, the spam will arrive encrypted in your mail box. When you click on it, you'll see a screen full of unintelligible nonsense instead of lurid photographs. If you or your mail package does not recognise the sender then you won't bother to hit "decrypt". If a legitimate organisation wants to email you, they'll have to ask for your key (or get it from a directory) and ask you to add their key to your "trusted" key database.

This won't eliminate spam completely: some spammers will find it worth working hard at. But it should reduce the problem to manageable proportions, a more realistic goal than either filtering the life out of the net or passing fantasy legislation.

· Comments to online.feedback@theguardian.com