Do ISPs do anything when their customers computers are zombie-bots?
Since I put in the CAPTCHA trap in my image serverthe spam comments have gone away, but I still see the attempts in the httpd logs.
I could easily write a script that would find out the ISP's hosting the zombie-bot and report the IP address and time of the attempt. Unfortunately when I've done this manually in the past and contacted the ISP I have never gotten a response. So, should I take the time to write this script and hope a few ISP's are ethical enough to investigate?
Also, why do we chace after spammers? They are almost impossible to catch. Why are we not going after the companies that hire spammers? The need banks accounts and credit processing to take payments, these are things that can be tracked and seized. If companies are afraid of using spammers, then the spammer industry will dry up.
cbl.abuseat.org pretty much guarantees that any ISP ethical enough to investigate already knows, so you'd be wasting your time if you were doing it for any other reason than the fun of writing the script.
why do we chace after spammers?
To catch the dumb ones and provide a disincentive for prospective new dumb ones, to keep the smart ones on their toes from the inconvenience of being chased, and (very occasionally) to collect evidence to give to law enforcement when they can be bothered to step in.
Why are we not going after the companies that hire spammers?
Because they can afford better lawyers.
If companies are afraid of using spammers, then the spammer industry will dry up.
No. Your premise is flawed. A company is not an entity that can experience fear. The best you can hope to accomplish is to teach the well-intentioned but clueless.
In any case they're usually inundated with email and the first thing they do with anything that looks automated is removal from the queue. If you're sincerely interested in reporting the abuse, manually compose the email and state the issue. Also try and get it to the proper channels. A WHOIS of the IP address usually contains valid abuse contacts.
If you feel like automating, I'd suggest creating a script that automatically dropped the perpetrator's IP into a firewall rejection list. Since most of these boxes are zombies home user PCs, you should probably drop the /24's. They'll frequently change IPs in the same range. If you're worried about accidentally blocking valid users on comcast/verizon/charter/aol/cox/sbc, etc then at least look up the address spaces KRNIC, APNIC, RIPE and LACNIC and block Korea, China, Thailand, Malaysia, Brazil, Mexico, Russia among others.