If everybody else out there installed the patches however then it would be fine to flick the switch.

Okay, now how high a percentage would be enough that you'd stop accepting e-mail from unpatched systems? Keep in mind here that these hypothetical signatures would only amount to a guarantee that the domain in the "from" line was legit. You'd have no guarantee that the user within wasn't forged. However, if you did get spam from one of these things, you'd have some proof of who really sent the spam.

Somehow, the whole world rapidly dropped telnet and rsh and moved quickly to ssh / OpenSSH. As far as I can tell, the big difference is that, if our organization dropped telnet, it only realistically effected our own users. External people were never really counting on telnet to actually log in here. If we dropped traditional e-mail support, then you're breaking things for people who might have legitimately expected to be able to send you mail.

More food for thought: consider the ratio of legit e-mail to spam that you get, either in terms of bytes or number of messages. How low must the signal-to-noise ratio be where it's no longer cost-effective to find the signal among the noise?