* Hank Nussbacher:
Please show me which virus scanner scans html pages for the words like V I A G R A, or Free M O R T G A G E, as it is going outbound.
I assumed your Internet cafe example was the concrete scenario you were trying to address. There are quite a few scaners which contain signatures for spam-sending software, but it might be necessary to roll your own stuff. In that scenario, it's simply more effective to look for the software (and accompanying anomalies) than for some web application traffic.
The big boys know what to do. The smaller ones like walla.co.il, jumpy.it and mail.ru to name just 3 out of about 300 I have seen, do not have all those bells and whistles and therefore, in order to protect an ISPs IP address space from not getting burned by spammers, the ISP has to take proactive measures.
I still don't understand why you think this has to be solved at the network level, specifically targeting web-based email services. There are hugely different two scenarios: 1. Spammers buy your Internet service and use it to send spam. 2. Regular customers catch some piece of malware and their computers send spam. In the first case, you get rid of the customers (possibly involving law enforcement because many of the advertised products and services are illegal). In the second case, you need a general anti-malware strategy, and webmailers are the least of your problems.