I won't get in to specifics, but the first few times the user will get spanked. If you keep reenabling accounts that send spam, eventually the domain as a whole gets spanked.
The purpose of an account lockout is either:
1. Stop a clear abuser from trashing the network, e.g. by sending spam that will get Google IPs blacklisted (yes this happens, there are no special breaks for Google).
2. Challenge an account in such a way that false positives have a chance to 'clear their name' by doing things that serial abusers have difficulty with, like passing phone verification or in the good old days, solving CAPTCHAs.
Virtually all responses to service violations in the consumer world are (2). They're automated, people pass the challenge when they log in and never think about it again so you just don't hear about it.
Corporate services pose special problems. Companies expect to be able to automatically create large numbers of accounts using APIs, which is something not allowed for consumer accounts. The latter are carefully monitored, throttled, and ultimately the services may just refuse to let you create an account. Tough cookies. That doesn't work for GSuite domains where the administration is devolved, so what happens when spammers notice this and create such domains then add lots of users at once? Yes they're meant to pay, but some abusers can get past CC fraud checks and other mechanisms that would otherwise make this approach too expensive.
Unfortunately the rapid, automated nature of abuse means that the response also has to be rapid and automated. It's not as easy as saying, hmm, foobar.com looks suspicious, let's get a trained expert to mount an investigation. By the time the specialist has woken up and got into the office the attack is over already and you sent 10 million spams or hosted 50,000 phishing sites. That's the flip side of very scalable systems with convenient signup, in which the admins don't suffer any consequences of abuse they proxy or allow (i.e. when you buy GSuite part of what you're buying is Google's spam reputation). That's also why these stories so often resolve with an ending like "A googler got in touch and we're back in now". This creates the impression that the only way to get support is to flag it up on Hacker News or Twitter. That's sometimes true for consumer services where getting people to look at your case is harder but for companies with support contracts, it's often just due to the time lag involved between someone doing a manual investigation and resolving it.
This
> there are no special breaks for Google).
and this are not the same thing. There are absolutely "special breaks" for Google, particularly (though not solely) since they are now the server of choice for a huge percentage of the email being sent and received, whether @gmail.com or on Gsuite accounts of various types.
So even if there were some kind of massive spam event, Google isn't going to block emails from its own IP blocks or domains from reaching Gmail or Gsuite customers. And frankly, I would be shocked if any of the various DNS blocklists that people use for determining who's a dirty spammer would actually put a Google IP block on there without massive and obvious changes in Googles mode of operation.
Meanwhile, us mere mortals, if we dare to try to set up our own mail server, can be listed in a blacklist because of a) something the previous owner of the IP address did, b) something someone else in the same class B block did, or c) something that was never expected before, but now because of escalation by spammers, it's required without any documentation. And then the blacklist just doesn't respond to requests for reconsideration or elaboration because obviously, we're dirty spammers, and why should we be listened to?
