We reserve the right to do exactly that. Further, the logs which come from
the offended parties are certainly useful.
You can't spoof the source address of an SMTP connection to sendmail if you
expect *replies* and the ability to know if anything's working (if you're
not spamblocked already).
You can route it funny, but that's not the point.
Sooner or later I'll get wind of it. Someone will track the source of the
packets back to us (remember, people thought smurfing was untraceable -
they were wrong) and then I'll get a call. At that point I have cause to
investigate. When I do, you're busted. Something as simple as turning on
IP accounting (a normal system monitoring thing) on the suspect interface
will flag the "funny" source addresses, and at that point I have cause to
look into it further - including taking a dump of the packets involved.
The ECPA *ALWAYS* permits this kind of investigation, even absent explicit
language in the contract (which we have as well).
We *always* reserve the right to monitor for performance, and further, we
have the right to look into alleged violations of our agreement or the law.
Its part of our job. If you're violating the contract, and we can prove
it, you're screwed. If you sue in the US under such circumstances you're
asking to be slapped with sanctions and/or a countersuit yourself.
By the time you "catch" us in that kind of situation we've got more than
enough evidence compiled and the game's up. My answer to people who want
to sue us under such circumstances is "Here's our counsel's name and number;
serve us there please." as I laugh while hanging up the phone.
Acting surruptitiously (ie: your example) to avoid detection just makes the
original act look even worse when it comes time to go in front of a judge.
Someone who tries that is likely to end up with their assets in our computer
room instead of theirs.
We just don't worry about situations like that. Log it, prove it, send
notice, shut down the line and move on.