I have a somewhat unique perspective, in that I've done anti- spam
work for the world's two largest free web-based e-mail providers in the
world...and I gotta tell you, rate limits can only ever be a small part
of the picture. We could drop it down to one message per day, and the
spammers would simply register more accounts so they can send out the
same amount of crap.
The really important part -- for any free service, not just e-mail --
is registration controls. It's amazing how many sites don't bother
to protect that route until it's too late; instead, they're all excited
because they're so popular! All those new accounts...except, why are they
all 21-year-old men named John who live in Korea and only ever access the
"compose new message" page?
And then once they've gotten past registration (which they will), there's
a lot of other data to mine for patterns besides the number of messages
that they attempt to send -- for example, if you see 30,000 accounts
send exactly 82 messages per day, all to aol.com, that's probably worth
investigating further.
All that said, allowing users of a free, strictly non-commercial service
to send thousands of messages per day is just asking for trouble.
Though rate limits are (as I said above) a small part of the picture,
a /lack/ of limits just makes it easier for the spammers to abuse you.
