Blocking port 25 for dynamic ranges means they can't send email, so
that drone are pretty useless for spammers on that account. Trojan
horses would have to use local information for the user's own account
(from Outlook or such).
Next you'll block SIP if we start getting "spam calls"? Or any other
application that pops up and is used by the same people sending spam today?
ISP's could then, I suppose, limit every user to 5 emails a minute (or
any other number).
That combined with domain-keys and sender-ID could make for a much
prettier Internet, don't you think?
You're fixing the symptom, not curing the cause. The immediate root
cause is a compromised PC which among other things does send mail across
port 25. Itīll also send mail using x-y-z webmail or misconfigured
Abuse using port 25 is a major issue today, why not solve it? If a
user wants it open, they could always ask for it or even pay more
money. Perhaps move to a static IP?
It would be much more beneficial to deny all packets from AS's which
don't have abuse in control.