Early Internet protocols and systems were vulnerable to trivial forgery, and fixing this after the protocols were widely deployed is painful, partial, and slow. On the other hand, it's also possible to add too much security and make a protocol too restrictive or too complex for large-scale adoption.
Salmon tries to find a good balance. Salmon adopts a defense-in-depth strategy, assumes that there will be abuse and spammers, but builds in protocol hooks to make an active in-depth defense both cheap and effective with few false positives.
Specifically, spammers can not forge signatures from legitimate users, and it is very hard for them to mint massive numbers of fake identities without detection. So as a first line of defense, anything whose authorship check fails, is simply dropped. We're building this in from the start so that we'll never have an installed base of clients doing things insecurely.
Salmon disallows completely anonymous and untraceable messages. It requires pseudonyms from verifiable identity providers. This feature allows receivers to rate limit the messages per hour per pseudonym and per identity provider. (Identity providers themselves have verifiable identities and can gain or lose reputation based on what their users do; every identity provider has to at least have a domain name, raising the bar for spammers significantly, and meaning that simple rate limiting can force the spammers to acquire and "burn" many domain names.)
Assuming wide deployment, we expect that spammers will attack Salmon with the same vigor they throw at email. However, Salmon implementors can cheaply and easily deal with the simpler techniques the spammers currently use to inject email. They will also mount active defenses based both on the years of experience in spam-blocking email and the new tools (guaranteed identity, identity providers, distributed reputation) that Salmon enables.
All of this is possible to do, and has been done, with closed systems. Salmon provides a way to do this with an open protocol that anyone can implement and anyone can interoperate with.