Exposing Bots In Big Companies

CalicoPenny let us know about yet another "30 days" effort, this one to name the names of major companies infected with spam-spewing bots. Support Intelligence began the effort on March 28, out of frustration at not being able to attract the attention of anyone who could fix the problems at these companies. While they haven't named 30 companies over the ensuing month, they did name some prominent ones, such as Thompson Financial, Bank of America, and AIG. The scary part is that if a bot can spam it can capture keystrokes or troll for interesting documents.

Why don't they block outgoing smtp traffic?

[whoever57]

Surely, these large companies could block outgoing port 25 traffic, except for their own email servers. Then the traffic can easily be monitored and spam zombies detected.

Why is this not "best practice"?