You've missed the basics of spam: if it's convenient and cheap for any user to transmit information (via pull, push, or donkey) to any other user worldwide, then it's spammable.
Example: Devise a brand new, completely unspammable email system. If it ain't easy for you to use it to send email to email@example.com, then nobody will adopt it. If it is easy, then it will likewise be easy for the bot that has infected your machine to use exactly the same steps you do to send email. Got an absolutely foolproof authentication system? Excellent -- that means the spam the bot sends from your machine can be absolutely authenticated as coming from you.
Any system that lets me send mail to anybody else, including someone I've never had any contact with before (part of the key to email being the #1 application in the world), then it's spammable.
Spam is like cancer: it's many problems, not one, and all you can do is reduce it by hitting it from many different directions. So, graylisting+honeypot DB does a good job at eliminating spam not sent by real MTAs, SPF does a good job at eliminating joe-jobbing, DKIM might help with phishing, etc.
The real battle in spam right now is the botnets. When you get an infected machine using the user's account to send email via the user's MTA, it's pretty impossible to distinguish it as spam based on the envelope alone, which forces people to degenerate to awful filter systems that require tuning and too high false positive rates (doesn't take much to be too high).
While the botnets continue to thrive, spam will always have a base level of traffic that cannot be eliminated.