I am just trying to add my 2 cents, maybe DigitalOcean can also gain some help from this post.
Why is it only DO that sends me spam emails?
Do you mean the DigitalOcean marketing emails? Or customers using the platforms of DigitalOcean and sending emails? In the later case, DigitalOcean can do very little to control this behavior.
The identity check performed by DigitalOcean is strict, in fact very strict. Any user attempting to create an account (and services) has to provide a good amount of detail before they can create their account, and start using the services.
why not block outgoing port 25 until you have validated a credit card.
Not saying anything on behalf of DigitalOcean, but I am an Alibaba Cloud MVP, and at Alibaba Cloud we regularly face such issues of customers requesting port 25 access—since Alibaba Cloud has blocked port 25 access—and having to go through several applications to check whether a user is intending to perform a spam or not. So, in my personal opinion, this is not a good approach to tackle spam.
Rest of all, I agree with your point, there has to be a system that controls the sudden and unusual peak in activities in the user accounts and check if they match any spam/illegal activity. Like you have already mentioned, this would be a great experience for users if such a system were in place.
It has been almost a few days of mine here, and the only filter I have faced was the payment fraud capture system—oh, and my credit card was charged, and even then system caught me! :laugh: