my 2 cents.
1. Personally, instead of overloading your resources with filtering of blacklists amongst other ip blocking related security (or rather obscurity) you may consider having link activation. Be smart about it. There is allot which can be done so bots cant spot activation links in email, just need to think outside the box.
2.
3. Of course there mail is gonna be blacklisted. Spammers dont like people like PH. Do you realise you can make exceptions to rules for blacklists and the likes of? If blacklists and reactive methods like Stop Forum Spam are you main solution to spam, then i would suggest you review your system. If you think outside the box you can minimalise spam or cut out completly spam, without the use of any blacklists whatsoever, not to mention gain much further resources.
4-5. Niko can address.
6. Gmail, Yahoo and AOL / Hotmail will never do that. In fact they make it even easier. For example, something everyone may not be aware off, most spammers would be. Actually, here is a spammers mail guide for you:
1. Create 1 Gmail Account
2. Create 1 AOL / hotmail Account (with no pop 3 download limits. Or even use a domain based one). Switch all spam fileters off.
3. Your gmail account
[email protected] - login and forward ALL MAIL including spam to you #2 account.
4. Write a simple script or macro to generate MAX combinations of google accounts from your original name. GOOGLE & ALL OTHERS WILL CATCH AND FORWARD ALL. EG
[email protected]
[email protected]
[email protected]
etc etc etc. You catch my drift. 1 Gmail or others Account = Shitloads of spam account to use.
Above is a simple example, highly simple vs, what can and is being done ATM. These kinds of tachics, most of which i wont share publically render blacklists and ip blocking a joke.
Real spammers laugh at the prospect of time, money and resources placed into such tactics to stop them. With that mindset you will always be wasting your town time trying to stop them. For every user you stop / they can create a 1000 more. Sophisticated products out there cannot be stopped easily. Ask me how i know? I run many forums and hence believe im fairly familiar with the software and what its does. For example, xrumer released an update a few days ago, easily passes both decap and now, on my testing over the last few days, smashes recaptch. We both know who developed them.
Best advice i could give is lose the blacklist/ip block methods, they are dated, easily evaded and cost you time and $ without you even realising. But you catch so many out that way, well, that's good. The ones your catching aren't proper spammers, but rather jokers / clowns wasting your valuable time and resources. The fact of the matter is you need to be intelligent about it. If you operate some decent PR forums, the chances are you already have a shitload of spam going on, which your not even aware of, nor would it even look like spam at all. Thats what smarter spammers do. Its all about AI and making it look not like spam. I'd love to post all the trick i know and have seen, all of which would blow your mind, however i think it would be highly inappropriate.
Good luck.