Start with configuring your various email clients to use port 587
and to authenticate to the right server (the one responsible for that email account/domain) in each case.
So for example if you had a phone with a Gmail account or laptop with a Outlook.com account your would make sure they were contacting their respective servers rather than trying to relay via the ISP (which is not a portable setting anyway).
587 is now a standard port for email clients to submit a new message to a server.
This includes any smartphones and other portable devices.
Port 25 is only really needed for server to server delivery and doing the above means you can safely block it (outgoing and incoming) on your router firewall if you don't have a mail server on site.
Then, while a virus could still be generating spam it wont be able to do direct delivery, nor unauthenticated to your ISPs mail server on port 25, so you eliminate an easy path and it can't impact your quota or get you onto a spam blacklist.
When the protocol was invented, mail clients were not on portable things so would almost always be able to reach their mail server locally. The server could choose to authenticate the client simply by virtue of the message having arrived from the LAN (rather than the internet) together with the From email address
being a valid local address.
This would include dial up where the computer still received an address directly on the ISP's network and they would almost always be the email provider too.
Nowadays this is often not the case.
prompt $P - Invalid drive specification - Abort, Retry, Fail? $G
prlzx on iDNET: ADSL2+ / 21CN at ~4Mbps / 700kbps with IP4/6