In a discussion reported on TechCrunch there was a mention of using whitelisting for spam control in Google Wave:
Q: This seems like this will replace email –but can it really replace all we love about email?
Lars: We think of email as an incredibly successful protocol. Google Wave is our suggestion for how this could work better. You can certainly store your own copy by way of the APIs and with the extensions. The model for ownership — it’s a shared object, so how do you delete the object? Even though it’s a shared object, no one can take it away from you without your consent. There will eventually be reversion to sync up with the cloud or you own servers. We’re not planning on having spam in wave (laughs). Early on in email, spam wasn’t really taken into account, so we benefit from that learning experience. We’re planning on a feature so that you can’t add me to your Wave without being on a white list.
Well, whitelisting doesn't work because people need to receive unsolicited messages from people they don't know. For example, I get lots of messages about my book, or my open source software. I can't whitelist those people before they contact me.
And it's not just me, but businesses need to receive unsolicited mail from potential customers (or even their own customers). Whitelisting simply doesn't work.
Having dealt with spam for a long time, they are going to have to come up with a better answer than that. Otherwise a botnet master is going to run a wave server on every bot and started posting spam waves (or worse, waves that appear legitimate and turn into spam waves) to everyone.
I suspect the answer is that it turns out to be the same mix of technologies used for email spam: messsage hashing, content analysis, sender reputation, IP blacklisting, ...