said by keith2468:As Steve points out, SPEWS (and other blacklist outfits) start out by blacklisting the actual source IPs of spam. If spam occurs with a much frequently than is typical on a range of IP addresses, then they move to blacklisting that range of IP addresses.
The ISP is in control of this process. If the ISP investigages and terminate spamming customers, and helps customers with victimized computers secure them, the ISP will have industry average levels of spam and not be blacklisted.
ISPs have 3 main options in how to tackle this:
1. ISPs can tell their customers they don't care about security, that they don't care if the customers of other ISPs are spammed, and that they consider security to be a waste of profits. They can tell their customers to be satisfied that they can at least email each other.
2. ISPs can spend big bucks to manually tutor customers in cleaning infected machines and chasing spammers from their customer lists.
3. ISPs can use automated tools:
You forgot option 4, which I consider to be the best approach of all - quickly suspend any account that is causing spam complaints. If the account is found to be doing any kind of deliberate mass mailing, whether or not they claim it is "opt-in" or not, IMMEDIATELY and PERMANENTLY terminate the account.
