If a fixed login/password pair is enough for someone from external network to send mass e-mail via your network, you have a problem.
Obviously I know little about their network so I'm probably already sounding arrogant but there are some solutions that (generally) have better inconvenience/security ratio than just plain login&pass. Especially if you account for the inconvenience of getting the whole site blacklisted. My site uses one-time, limited-time passwords to authorize external connections but the users are tech savvy so I'm not sure if it works in general settings.
Obviously I know little about their network so I'm probably already sounding arrogant but there are some solutions that (generally) have better inconvenience/security ratio than just plain login&pass. Especially if you account for the inconvenience of getting the whole site blacklisted. My site uses one-time, limited-time passwords to authorize external connections but the users are tech savvy so I'm not sure if it works in general settings.