Looking for the necessary tools (security) to stop spamming through my proxies sites, turning off web mail did not help, blocking every site they go to through the proxies seems to be the only way, please advice.
What type of scripts are they using via the proxy? May be able to block the type of script they are using.
Here is what they said: it turned out that it wasn't a script, people were just going to web based mail through the proxy and sending spam so for instance if i went to your website and then through it went to hot mail if i sent spam through hot mail your server's IP would be listed as the culprit
You could try to detect the kind of behaviour that spammers exhibit such as only going to free webmail providers and sending large amounts of traffic very quickly or try to detect spam going through the proxy by inspecting every packet that passes through your system looking for spam but I suspect this would be seen as violating the privacy of your normal users. Google were criticised for serving targeted ads in Gmail, even though it was completely automated. The other option I can see would be to block free webmail providers as SSANZ said but then selectively allow them, either by having users sign up to your site and allowing logged-in users to go there or by putting a CAPTCHA or some equivalent in front of every webmail site. I'm sure the spammers know how to break CAPTCHAs if they are using webmail providers for spamming but it might make your proxy just that little bit more difficult to use than the next guy's proxy and all the spammers will move there while still allowing your normal users to get to their webmail with only a minor extra hassle. You don't need to be completely secure, just enough more secure than your competition that they attract all the spammers.