Choose your identity providers (and thus email addresses) wisely. They should be filtering spam for you / letting you control things. And they shouldn't be doing it by forcing you into their silo, the way "login with Twitter" buttons work.
Actually, it's my biggest problem with Persona is that the source of my identity is not me, but some third party I have to trust.
I run my email addresses on my own (physically-owned) servers. I know various approaches to filtering spam, and the best one in my experience is to not have a littered inbox is to have a private non-dictionary per-service email address and not expose it anywhere else.
The only mandatory third party between me and the Internet is domain registrar, I lease my domain name from. Not trustworthy, but this is the best one could have while all authentication systems are tightly coupled with DNS.
I know that. It's just depending on domain name "ownership" (and even though it's called so, it's temporary lease, not purchase of property), in exactly the same way general audience depends on email account "ownership".
Except for the fact, if one's email account or the whole provider goes down, they should still be able to login with old-fashioned password credentials. With Persona, unless the site has a backup authentication method, they're out of luck.
This effectively means I've to stick with my domain name forever.
