Slashdot Mirror
Getting on Top of Spam Down Under
The Register is reporting that Australia has implemented a new industry code for the regulation of email with respect to spam. From the article: "Under the new code, internet service providers (ISPs) will bear some of the responsibility for helping fight spam. Service providers must offer spam-filtering options to their subscribers and advise them on how to best deal with and report the nuisance mail. ISPs will also be compelled to impose 'reasonable' limits on subscribers' sending email."
How about a first post spam filters? May be we don't require law to make slashdot do this...or do we?
While this is a good idea, I'm surprised most ISPs wouldn't do this anyways. It's a considerable waste of bandwidth, and their best interest to reduce spam.
How would this clash with the pay-for-spamming option by AOL?
What a stupid law. Why put enforcement on the ISP's? There aren't that many spammers, the key is to go after them with harsh penalties. The rest will wake up after a few test cases.
Since when has this country used intellectual elite as a pejorative term?
So the law states that ISPs have to give consumers a choice on their spam protection. Does the law mention anything about if the ISPs can charge the customer for that option?
Oh shit, did I just do that?
Don't most ISPs do this anyway without regulation? What is the point?
Anyone got a link to the *actual* legislation ?
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Brilliant!
"No post shall be made until another post has been made first."
I predict the end of all Slashdot troll posts!
"People that quote themselves in their signatures bother me" - athakur999
...have some bizarre fetishes.
picpix image polls. create - share - vote. fun!
I run a tiny web host biz (150 or so domains) .. Our Clients INSIST on spam filtering.. We're not an ISP... I could say "Heres Spam Assasin" deal with it, but, it doesnt work in the real world. We have to deal with the spam. Why would anyaone give out their primary email address on a form anyways?
Let the Yahoos,gmails,and hotmails deal with it. (no?)
-- I Dont Deserve A Sig I Have Bad Karma
Colour me unimpressed - the Prime Minister of this country (John Howard) phone spammed the continent prior to the last election, then paid his smug looking son to spam the nation.
Anyway, back on topic, here's an article from a local paper - it contains a link to the actual code of practice (pdf warning)
My pics.
Why wouldn't they have this running already? It would reduce wasted bandwith, and make users happier. ISPs should do their best, and let users know in case some crappy 'joke' fwd'd to 100s didn't get through. My suggestions: Graylisting Mailscanner ClamAV Bitdefender Spamassassin DCC checks This will help reduce things CONSIDERABLY - again, if I can do it at home, why can't an ISP have a dedicated FreeBSD box (or two) that just handle this step, and then pass it on IF it passes?
fak3r.com
On the other hand these stats are interesting:
http://www.ciphertrust.com/resources/statistics/
They tell me a few things.
1. Don't use citibank.
2. We're not doing as well as it seems to me
It's another token effort.
internet service providers (ISPs) will bear some of the responsibility for helping fight spam.
Some is not all, which means that any percentage they block meets the requirement. If they delete one, and pass 1000 - that fits the definition of some.
ISPs will also be compelled to impose 'reasonable' limits on subscribers' sending email.
Do any spammers use their own account for outbound spam?
Weaselmancer
rediculous.
I saw an article elsewhere on /. about wrong numbers directed to someone's cell phone (in essence, accidental phone spam). A few days ago, I saw a print article on the difficults an admin at a school corp. has with students' use of school computers, and that he routinely blocks 150 or so sites a week.
These are all related issues with one simple solution - implement a "deny by default" rule. Deny all communications except what is permitted. Given the option, I'd have all phone calls from number other than what's in my built-in phonebook routed to voice mail. I would block all email other than what's sent from my list of 'approved senders'. And in the admin's case, I'd block all internet access except what's specifically permitted.
Why don't people do this?
Jesus told him, "I am the way, the truth, and the life. No one can come to the Father except through me. - John 14:6 NLT
SPF assumes all email to be spam unless proven otherwise.. seems to reduce it by the ton from what I've seen. We should have more implementation of this.
{} ------ When I think of a good sig, I'll put it here
The Following links are as follows:
Spam and internet security information http://www.acma.gov.au/ACMAINTER:STANDARD::pc=PC_2 008 web page
Spam Act Review: http://www.acma.gov.au/acmainterwr/telcomm/industr y_codes/codes/iia%20spam%20code%20dec%202005.pdf
Spam Review http://www.dcita.gov.au/ie/spam_home/spam_act_revi ew2 documents.
Knock yourselves outwith it.
RegardsSlashdotgirl
The more I know, the less I know
I think the real lesson is not to be an idiot about emails from "the bank".
I set my threshold to -1 because all the good posts get censored by moderators with some sort of agenda.
Trolls are only effective because people like you give them mindshare. They don't bother me one bit. I actually get a chuckle out of them because people react so negatively to them.
I can see where the Aussies would have a pretty bad spam problem; most spam is already focused on the Down Under regions.
...to press submit, but figured I might as well live a little.
YES, WORLD, MY MIND IS IN THE GUTTER!;-)
picpix image polls. create - share - vote. fun!
As more and more people put SPF into their DNS, the punishment for a message not having it can increase. In turn, then, more and more people put SPF into their DNS.
Let's get the ball rolling!
http://en.wikipedia.org/wiki/Sender_Policy_Framewo rk
The title of the article is "Getting on Top of Spam Down Under," and I haven't even seen one v1@grA joke yet.
You seem to be a business. As a business, it is up to you to decide what services to offer your customers and what to charge for those services.
It is cheaper to not do anything about the situation and just buy more bandwidth as you need it. That's a business decision you have to make.
If your customers are swamped in spam, that is also a business consideration for you. There is a chance that they'll leave and go to a service that offers everything you offer and offers some degree of spam protection.
If you're offering email services, you should at least be monitoring the outgoing levels and taking automatic precautions when there is a huge jump in outgoing volumn. Do NOT become part of the spam sending problem.
Your customers will usually send out the same amount of email every day. If it's within their regular levels, don't worry about it.
But when they suddenly start sending 100 emails a second, to 100 different address, it's time to shut them down and email/call them to see if they meant to do that.
Scanning outbound email can be a problem. I send virus tests to servers and I would not like an ISP stopping that.
The same with scanning for "spam" because I also send spam examples to lists and other people.
For me, the best approach would be for all companies (ISP's or otherwise) hosting email services to limit outgoing email to 100/minute or something and automatically blocking accounts that have a huge change in the amount of their outgoing email.
It's never going to happen, but that's the approach I'd take.
What I don't understand is why the ISP's don't do SOME degree of spam checking and dump the offending customers onto their own email server?
Okay, I know why BellSouth doesn't do that. They send out a lot of spam.
But other ISP's. If you're just going to buy more bandwidth, at least be sensible and put the problem children on their own server with their own, tiny, pipe and keep the big, fast pipes for your good customers.
Your government advocates a
(x) technical (x) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(x) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(x) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
(x) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(x) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(x) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid government for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
This sig has not been evaluated by the FDA. It is not designed to diagnose, treat, prevent, or cure any disease.
Perhaps you've heard of me? I'm pretty popular!
By default I block all inbound IP connections, "except what's spefically permitted."
The big problem is a combination of three things:
- Goodmail is only useful for commercial mailing lists - it's not useful for people who aren't making money, whether that's non-profits or open-source developer lists or political grass-roots organizing or groups of friends or whatever, and
- by whitelisting Goodmail customers, AOL can turn up the screws on other high-volume email, which is bad for spammers but also causes collateral more damage to other legitimate mailing lists.
- AOL isn't providing a mechanism for people to choose whether to reject more of the non-GoodMail or not - they're just saying that the Goodmail is good.
From a social standpoint, the collateral damage is focused on non-commercial groups. I remember the days when almost any civic or recreational group typically charged a membership fee of $20-30/year, which covered printing and postage on a dead-tree newsletter. It'd be really annoying to have to go back to those days - for $20/year you can get yourself a real email provider instead of AOLBill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The Olympic Winter gold metal winner from the Australia made his millions from creating spam ware. It came out in many reports after his gold metal win. Now the Australia anti-spam ware law is fast tracked.
A simple device that prevents spammers from delivering junk to your mail server outperforms complex spam filtering. https://windowssecrets.com/comp/060126/#story1 https://windowssecrets.com/comp/060216/#story1
If they write laws that are too draconian, they'll break all the Aussie email providers and ISPs, and you'll will be stuck using Telstra to reach email providers in the US or Hong Kong - and Linux users probably won't be able to run their own email at home unless UUCP slides by the rules...
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
"ISPs will also be compelled to impose 'reasonable' limits on subscribers' sending email"
Of course, if you want to exceed the "reasonable limit" of 2 messages per day, you must pay $30/month.
Also, a lot of ISP's spam filters suck. I have earthlink service and I get no less than 14 spam emails per day. that makes me quite reluctant to try their other "services" such as "scam blocker".
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
And will contribute further to the unreliability of email. False positives are much worse than spam, but just try to convince spamfiltering ISPs of that...
Hey, that sounds like the title of a spam message I recieved recently.
From my ISP ,
.............
t ernode-bulletins
t
Dear Internode customer,
We're writing to let you know that we're about to turn on some filtering (protection) on HOME and SOHO Internet connections.
This is to help reduce the volume of email spam (junk email) and some other Internet 'worms' and viruses. The filtering will be activated on April 3rd 2006.
For more detail please read on below:
At Internode, we hate email spam and the challenges often called 'network worms' as much as you do.
Internode is about to commence a new initiative to further fight the incidence and spread of these things on the Internet.
If you are unsure about what the rest of this bulletin means... just relax... this means that you probably need to take no action at this time!
* What we will do
From 3rd April 2006, customers using HOME and SOHO services (via broadband or dialup access) will enjoy the increased network protection provided by these simple changes:
1) Windows File Sharing Ports Filtered
Access to some common Microsoft Windows file sharing service ports (commonly used by computer 'worms' and viruses to attack Windows PCs attached to the Internet) will be filtered out of your Internet connection.
2) Outbound email (email that you send out to other people) will need to be sent via the Internode mail server
Sending email via the normal Internode mail server (mail.internode.on.net or securemail.internode.on.net) will continue to work as normal, with no changes needed to do this.
However, using other email servers to send email (which is not the usual or recommended way to do so) will no longer be possible after the filters are put in place.
Note: this does not affect incoming email (email that you receive from other servers, places and people).
* How you can opt-out if you don't want Internode to do these things
For most of our customers, this initiative will require no action at all by you.
Some of the more 'technical' members of our customer base may have specific technical requirements that conflict with the presence of the new filtering processes noted above.
If you do not wish Internode to provide these filtering services on your Internet connection, it is very easy to 'opt out' (disable the filtering).
To opt out, log in to the Internode online accounts facility, which is here:
http://accounts.internode.on.net/cgi-bin/login
and then select 'Enable/Disable Network Port Filtering'
You can do this today, prior to the deployment of the filtering process on April 3rd.
Again, if you are unsure what this all means to you, chances are that you should simply keep enjoying your Internet service as normal, taking no action in response to this bulletin.
Regards,
The Internode Team
_______________________________________________
This is the Internode-Bulletins mailing list
For Internode technical support, please visit: http://support.internode.on.net/
To adjust list settings or view list archives, please visit:
http://lists.internode.on.net/mailman/listinfo/in
To be removed from this list:
send email to internode-bulletins-request@lists.internode.on.ne
with the word 'unsubscribe' in the subject line.
I'd be willing to bet the number of firewalls that are configured to allow by default exceeds the number of firewalls that are configured to deny by default by about 5 to 1. At least.
/. over port 80 and look what happens anyway.
I'm not talking about ports, but about source/destination of traffic. Of course, everybody's going to restrict to 80, 443, etc. But then you let in
Jesus told him, "I am the way, the truth, and the life. No one can come to the Father except through me. - John 14:6 NLT
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Unfortunately, the big phishing targets don't appear to be running SPF - eBay, PayPal, Chase Manhattan, e-Gold, etc., and unless they do, it won't have a lot of influence on spam. SPF can't stop all the possible abuses - somebody can still register names similar to the real ones (remember paypa1.com, with a digit 1 instead of lower-case L in the name?), and even give them SPF records - but at least it would be possible to block a lot of the junk. But if *they* don't adopt SPF, or DKIM, or PGP signatures, or S/MIME signatures, then they're not much help. Any ideas on how to reach clueful people at those companies to get them on board?
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I'd say the kind of spam filter I'd prefer does not delete any mails, just tags them so I easily can do any filtering I want with them.
My ISP does this, but basicly it ends up with something like 90% of my email being tagged as spam, even though only about 10% actually is. (yeah I know, not much spam. yay!)
unfortunatly this filtering can do nothing but give me a warning about potential spam, although that in itself is useful.
I think whats really needed is more effective filtering, not simply more of it.
We have an old GroupWise 5.5ep system. But I have it sending through an app called Guinevere that runs SpamAssassin and the anti-virus apps. Guinevere hands off to Exim4 running on Debian.
Exim4 runs greylisting, checks open relay lists, etc. If everything passes there, it hands off to Guinevere which runs anti-virus then SpamAssassin (with Bayes) to flag anything suspicious.
Prior to that, 8 out of 10 messages would be spam.
Now, less than 1 out of 10 messages is spam.
I prefer Exim4 because I can put my phone number right in the error message that our server kicks back. I only block during SMTP receipt. Everything that I accept, I deliver. I might deliver it with a SPAM tag, but it gets delivered.
I get about 1 call a week from someone who's blocked or has problems. Usually it's because their server is incorrectly configured or they're using their ISP's email server and their ISP is on multiple blacklists for spamming (BellSouth is a prime offender there).
In the past month, we've received 2,005 messages that were flagged as "spam". I'm sure that many of those were legit ads from reputable companies.
We've also sent out 14,960 messages. So our incoming spam is even a fraction of our outgoing email.
We've received 29,594 messages that same month.
I cannot recommend Exim4, greylisting and SpamAssassin highly enough.
The following list is by no stretch exhaustive but hits many of the major enterprise level vendors available today. I'm primarily a router/switch guy, not firewall guru, but my experience reflects the same info I got from a couple quick googles:
Checkpoint:
Default deny "any" where "any" is a configurable list that by default actually omits some popular types of traffic. Yuck...just...yuck. Still, most services are in the "any" list.
Cisco (by far the largest market share):
Pix-OS based? Default deny external to internal. Fine.
IOS-based? Default deny external to internal. Fine.
Fortinet FortiOS(all platforms):
Default deny external to internal. Fine.
Juniper/Netscreen:
Default deny external to internal. Fine.
So you must be talking about SOHO broadband router and/or host-based software firewalls. Woe is the mail server admin who hides behind those.
Can you elaborate on how you think the ant-spam laws are ineffective?
As far as I can tell the laws have had quite a good effect, apparently spammers have either stopped, or have moved overseas: http://www.spamhaus.org/news.lasso?article=154, and http://www.spamhaus.org/news.lasso?article=161
All we need now is a law against fax spamming so that Dell and getawaysdownunder.com.au stop using my equipment and resources for their own marketing campaign.
What I am surprised by is that no-one has noticed section 8.1:
"ISPs directly responsible for the allocation of IP addresses to their subscribers (eg, all of them) will use all reasonable efforts to retain information pertaining to those allocations for a minimum period of seven days."
Can someone tell me what this has got to do with spam? Isn't this just a case of our privacy being thrown out the window but disguising it within a "spam act"?
1.ISPs need to filter or block port 25 by default unless someone specifically requests it unblocked. Or, failing that, detect zombified machines and block those.
2.ISPs need to implement good email based virus scanning (email is a major attack vector for viruses & trojans including spam zombies)
3.ISPs need to implement SPF. SPF wont stop spam but it will make it easier to detect if email claiming to be from fraud@paypal.com is really from paypal.com or if email from asdgtrqwrdasfsd@hotmail.com is really from hotmail.com (and therefore if there is a legit account associated with the address and if the sender of the email owns that account)
4.Governments need to introduce penalties for any provider that knowingly provides hosting (web, email or whatever) to a sender of unsolicited bulk email.
There are FOSS solutions for spam around,
that anyone seriously bothered can apply
to the spam problem.
What we REALLY need help with is getting
broadband, ie if one is just a bit farther
from a City (even 24 km's from Adelaide
- in the "exclusive" (read: beautiful)
Adelaide Hills can bring problems...
like "unavailable ADSL port" at ADSL-
equipped exchanges.
Some suggest that our "10 Tonne guerilla"
(read: Telstra) - the "only game in town"
for retail ISP's that want to peddle ADSL
in Australia - RESERVES ADSL ports for
its own [unknowning, would-be] retail
ISP (ie, Big Pond), even when non-Big Pond
customers on the same exchange have
already applied for ADSL, but can't get it!
What we need:
- open queuing (so I see my Queue No. at my
exhange, & know how many are waiting - at
that exchange - for [now unavail. ports)
- oversight by ACCC or ACMA (the only, if
weak) regulators in country...
Have any other Aussies in the "Metro Bush"
had -similar- problems getting Broadband -
from non-Telstra ISP's - ie, while neighbors
(in the same street / area) manage to get
Big Pond -after- you've applied for more
cost-effective ADSL from a competing ISP?
Telstra's download data excess can be $150 / GB
Competing ISP's charge from $1.50 - $5.00 / GB
Competition: If not now, Telstra, when?
But until the economics of the spamming game change significantly, the stuff won't go away, and the economics include the facts that worldwide communication is nearly free, worldwide money transfer is convenient, at least from modern Western economies, and suckers are born every minute.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
You're misunderstanding me. It's not the firewall, it's the loose screw behind the keyboard that's using it. Firewalls, just like any other electronic appliance, are generally capable of doing their job AS LONG AS THEY'RE CONFIGURED PROPERLY. Of the homes and businesses with which I've been familiar enough in the past 5 years or so, I'd say 5% of homes, 10% of small businesses, and 20% of large businesses are setting their firewalls to "deny by default". And yes, I'm pulling those figures out of my anal orifice - it's just personal observation over the years.
Jesus told him, "I am the way, the truth, and the life. No one can come to the Father except through me. - John 14:6 NLT
I think we're talking past each other. To me, "configured by default," means the device comes from the factory with that behavior configured. To you, it apparently means, "a rule administrators deliberately configure to handle types of traffic that aren't specifically handled by other rules."
By default most firewalls deny all inbound traffic on an external interface and allow all outbound traffic that originated on an internal interface. Adminisitrators usually have to "break" their configurations to allow inbound from the outside "by default"--and, yes, this happens. I don't know that I'd say 80% are broken, but many are.
After looking through a few possible anti-spam plans the best I can see is chargin people to send emails. I don't really know how to administer it but if you charge a small amount, say 1c for each email. This wouldn't really effect the average user but to the people that spam sending thousands/millions it would become ecomically impossible to continue sending it?? I know the idea isn't perfect but it would have an immediate effect on the amount of spam. Let me know what you think. Cheers
Keep in mind that I'm talking about source/destination blocking, not port blocking. Sure, ports are blocked by default, and most people leave it that way. I'm talking about blocking by IP or DNS mask. How many home users realistically deny by default when it comes to addresses? Personally, I think that ought to be the approach to a lot of communications - email, web, IM, phones, even cable channels! Deny by default, then let in what you want.
J
Jesus told him, "I am the way, the truth, and the life. No one can come to the Father except through me. - John 14:6 NLT
They need to redesign the e-mail protocol, as it seems to allow insufficient control to block spam.
Some clever people need to sit down together and invent something new and future-proof, since the e-mail protocol as it exists has had it's best time. The anti-spam battle can go on forever until it's technically impossible to keep sending spam.
The whole spam filtering stuff is just hogging down e-mail servers, it's like fixing a leak by putting a bucket underneath it.
The best solution would be some opensource e-mail/instant messaging/VOIP/file exchange/blog integrated solution. It would fix many problems at the same time!
Keep in mind that I'm talking about source/destination blocking, not port blocking.
Er, default "deny all" rules do block by IP, not by port. The only times the firewall would look at the transport or higher layers are:
1) When there are existing entrie in its session table for internally initiated sessions that would expect return traffic. For that it would match transport layer ports and src/dst IP addrs to table entries.
2) There are exception rules superceding the default behavior. Then each packet must be inspected at layer 4 or higher to see if exceptions apply.
3) If NPAT one-to-many overloading is configured, such that every packet's layer three and four headers are updated according NPAT table entries.
How many home users realistically deny by default when it comes to addresses?
If they don't mess up their default configurations, then "many". But who knows? Home users aren't the demographic of this article.
Personally, I think that ought to be the approach to a lot of communications - email, web, IM, phones, even cable channels!
What a PITA that would be. Doesn't scale, breaks more stuff than it fixes, and generally just ugly conceptually. But to each their own...
I don't know about you but I don't find this funny anymore. It might have something to do with only one of the points actually being valid with respect to this article and even that one's only a "maybe".
In case you hadn't noticed, the government isn't actually advocating any particular approach but simply saying that you must take some approach to fighting spam or we'll fine you big time.
All this code has really done is to create a big stick that the government can use to whack ISPs who harbour spammers or who make it easy for spammers to operate. I'm sure this will improve the situation somewhat but three quarters of Australian ISPs will already comply with this code today, before it is enforced and the others are probably the small players. The market place demands that ISPs have spam filtering and virus scanning. Not sending out devices in default configuration is just common sense. Common sense is now legally mandated.
Sig matters not. Judge me by my sig, do you?
I work for a respected Australian ISP that does this spam blocking. This ISP is known for it's service.
We offer a spam service that blocks known spam and offers users of the service to add extra addresses to be blocked. Customers who use this service periodically get emails with links to where they can go and check all the messages that have been blocked (so they can check that they are all actually spam).
We also do our best to stop the propogation of SPAM and viruses via the use of SMTP blocking. Basically, when we get a complaint, or when we notice a large ammount of email being sent from a customer, we can instigate a SMTP block. We then email the customer that the block is in place and why. Normally this is a Virus issue, so doing Virus scans and Anti-spy/adware scans clears up the problem. I have not yet seen an issue where the customer was actually a spammer.
I honestly don't know why more people haven't been doing this sooner. Sure, it isn't really the ISP's fault that the user is sending virus's/spam, but most of the time the user is unaware or not computer literate enough to realise it is going on, let alone do anything about it.