On another note, with all these worms and trojans going around, I've seriously considered blocking outbound SMTP on our network and
And that's just the thing. We're both. Most of our residential users are power-user types that like to run servers and stuff at home, or VPN into work a lot; the businesses also host all kinds of servers.
If you (and others in your position) would do this (block outbound SMTP), you would be doing the Internet as a whole an immense service. As long as you make it an easy webform and advertise it well in advance of implementation, your customers shouldn't complain too much. You could proactively set your firewall to log all outbound SMTP transactions and send the administrative account for that address a warning that this will be blocked in X days unless they register.
The strictly corporate network I am managing/abusing is similarly set up at the firewall. I'm doing it as a self-preservation thing; if any of my machines get infected with a random SMTP worm, I want to know about it.
John
