The authority to send to your mailbox is ambient, meaning anyone can send to it at anytime, and ambient authority is trivially abused. Abuse can only be prevented by doling out least authority, not ambient authority.
In this case, at the very least a mailbox address would be a cryptographically unguessable identifier. Ideally, each person to whom you are introduced would get their own unguessable mailbox address that acts as a proxy for your real mailbox, and you can delete that proxy anytime you wish to stop receiving e-mail from that person (and anyone with whom they shared your address). This completely eliminates the viability of selling your personal information to advertisers and spammers. Obviously this process has to be simple and semi-automatic, preferably transparent, or people won't be able to use it (like the web of trust), but the idea is sound, and based on capability security.
People already do something like this manually with subaddressing, and it seems the general concept I presented above has an official name as "disposable e-mail addresses" [1].
