Deal with repeated spammers / compromised accounts

How to deal with the repeated account commitments used to send spam?

We have a big problem with the fact that the passwords of users' email accounts are compromised and used by IP addresses around the world to send spam.

Normally, we only change the password of the email account and write to the user. But lately there have been several email accounts in those compromised accounts or the same email account compromised again and again.

Most of the time, the problem is an extremely weak or insecure password. Other times I suspect that the user has malware running on his computer (and not knowing what else is leaking from his computer) or checking the account on insecure networks.

When this happens again and again, sometimes we will proactively change the passwords in all account email accounts or other times we will simply suspend the account. But apparently people do not like that, and it's better that they move their accommodation to a company that does not take into account their commitment problems or to a web hosting company that I guess does not care if they repeatedly send spam.

I am beginning to believe that I am losing the uphill battle. I'm thinking it might be easier to let spammers run rampant. And then, when people complain about not being able to send the mail because of the blacklists, I will say "% difficult! $ #!".

I mean, is that what everyone else is doing?

Sorry, I just dealt with this too much over the weekend and until this week and I need to go up a little bit to my soap box.