> The only problem I see with the tactic is the ISP itself is likely to deal
> with the infected users pretty quickly, instead of dragging their feet,
> since the spam will now be bogging down their servers, instead of bypassing
> them.
And the answer is: scan outbound mail using SURBLs.
Or as I was discussing in another thread "Negative score on spams".. disable ALL_TRUSTED and scan outbound email as well as inbound. Use grep to check your logs for outbound spam and fix the infected machines on a proactive basis instead of waiting for a spam report to come in.
Note: me and Jim Maul sorted out our differences in that thread off-list. His objection was treating scanning outbound mail was a sole fix for having spammers in your network. If you couple it with some proactive checking for outbound spam and actually cut off the source we both agree this is a good thing...
