Owen DeLong said once upon a time:

...

I will also point out that many of the recent "smurf" attacks and similar problems people are having on the net would be gone if people would just carefully filter internal/external addresses on their border machines, that is, prevent packets claiming to be from "inside" networks from coming in from the "outside", and prevent packets claiming to be from "outside" networks from going out from the "inside". The latter will stop your network from *ever* being the source of a wide variety of packet forgery attacks, and is necessary to being a good network citizen. The former will stop your network from being the subject of a wide variety fo packet forgery attacks, and is necessary to make your customers even remotely safe on the net.

Expecting everyone else to do the right thing is the wrong way to solve the problem. 99% of everyone else will always do the easiest thing, which is nothing.

That's great if you're a downstream provider with no transit customers. However, when you become a transit provider, it becomes much more difficult to determine inside vs. outside, since you're more in the middle between two "outsides" that pass traffic through you.

Use customer configurable filters. There is no excuse for becoming less responsible as you grow larger.