I'm sure your users appreciate it. Whenever I see a gateway configured to disallow zip files I always think to myself that the admin is either too lazy to care, or they don't know what they're doing. In either cases I worry for the security of the network.

There's nothing wrong with blocking client access to port 25 completely however and using 587 instead with authentication (or even SSL). I think most ISPs around these parts have already gone at least the route of allowing mail only on 587.

But none of this is going to be relevant to Matt since I don't believe he's running a mail server. It's likely the ISP he mentioned already employs these precautions and other security measures. He needs only to find out the machine on his network responsible for the excessive mailings.

And therein lies another potential problem. Matt mentioned the ISP complained about spam, but was it based on content, quantity or both? It's going to be very difficult to isolate the responsible party if the content is spam but the quantity falls within the typical mail use for other users on his network.