I've noticed increasing levels of vandalism via anonymizing proxies. We turned off the automatic proxy-scanning some time ago because of complaints by the clue-deficient who saw this as potential attacks. However, it might be a good idea to do the following:
* whenever an admin _blocks_ a user, the IP they were editing from should be automatically proxy-scanned, and blocked indefinitely if it is an open proxy (_in addition to_ the username/IP block that would have been applied)
By restricting proxy scans to proven vandals, this will reduce the rate of proxy scans to a few dozen a day (from tens of thousands before), and result in a proportionately trivial level of complaints which can safely be auto-replied or ignored. It will also allow the reply to be very clear: "we detected abuse from your user, verified that it was coming from an unsecured proxy on your network, and took appropriate action".
99% of the code for this already exists, so it should be trivial to put in place -- however, I'm aware that our heroic developers are somewhat busy...
-- Neil