IP spoofing and spamming

What does your contract say you can do? First and foremost
contact your legal department to ensure that you can cut
service within the parameters of the contract, or your
company can defend itself for terminating the contract
without cause.

Also contact your senior management about the issue. There are
many legal questions the legal department really can't decide.
they can only provide advice about the potential liabilities
among the different choices. The senior management of several
large providers seem to be getting blindsided by these issues.
If you don't tell them, who will?

In the end, any action or even inaction, can result in legal
liability thus it becomes a business decision that management
must make. In a bizzare way, it is easier for the little guys
because they are essentially judgement proof. The big guys have
deep pockets so the risks are larger monetarially. But in either
case, the final decision rests with management.

Since this is an operations forum, rather than a management or
legal forum; IMHO the operations folk need to LOUDLY raise the
issue with their senior management. Also it is called the "INTER"net
for a reason, the 'harm' being done might be on another provider's
network. So plan how you handle that case also, because on a
different day you might be on the receiving end of the harm
originating on a different providers network. There are precedents
from other industries where limited cooperation on security and
fraud prevention can pass anti-trust. Talk to your lawyers, and
then get senior management to make a decision.