So on top of everything, you can get blacklisted for mail that didn't even come from your network?
Disappointing to see so much analysis and no solution.
Now we can work on solutions. And we will.
This has been looked at pretty extensively before. Confusingly enough, a lot of the research was done by the creators of BGPmon (http://bgpmon.netsec.colostate.edu/ - same name, concept, and primary functionality with no connection between the two as far as I can tell).
The solution is easy enough, secured peering to prevent hijacking, and a centralized certification process to prevent rogue AS's. We've known this stuff for a good decade now, but the exploitation has never been serious enough to overcome push-backs on the costs (both in terms of hardware and reachability issues) from ISPs.
By shining the light on this, solutions will be much easier to deploy.
Spam pays a lot. I mean, like, a lot. So it doesn't surprise me that some people can basically choose their own hours, work on something challenging and get paid well for doing it, all for a crime that Russia will never extradite them for, is going to be happier doing that than sitting in an office 9-5 and every other week on 24x7 on-call babysitting some Cisco firewalls.
