Macbooks don't have them or their bluetooth wireless keyboard. I find it quite annoying.

Since GA is based off of Urchin, I assume that they are using something close to it. Urchin works off of a server's access logs. Primarily, it tries to set a cookie that is then used for tracking. The standard practice is to modify the access logs to include that tracking token in the log entry. If no cookie can be set, then it approximates a session based on source IP, user-agent, referrer, time between requests, etc.

I would imagine that most people are being counted multiple times, thus inflating the number considerably.

Some companies get patents for defensive purposes to ensure no one else patents it and uses it against them. I had a serious knee-jerk reaction when my employer sent out an email advertising our patent program. The explanation I got was that we weren't going to be patenting stuff to keep others from doing those things, but to patent them before others do so that we can't be sued. Facebook could be doing just that. In that same email, I was told that the company despises the state of IP and have active lobbying efforts to change things. I felt much better about my employer after hearing all of that.

It sounds like you're not the type of person that is the target of most managed solutions. Cloud products aren't right for everyone and certainly not for every application. Cloud solutions won't ever take the place of bare-metal hardware for folks that need it. I am an operations admin for a cloud product and I have no problem telling customers when their stuff just isn't the right fit for our product. But, what's not right for you, doesn't make it wrong for everyone else.

As someone that works in support for a hosting provider, you're the type of customer that irritates me the most. While they shouldn't be rebooting your box to get root access without your consent, you should at least help them help you. Give them an account with limited sudo access to view your logs. If that won't do, then provide them with the necessary logs. If that's not good enough, don't expect support and move your stuff to some place that doesn't provide the level of support you're paying for.

There are ways to configure a mail server to automatically report messages that are identified as spam to other blacklists.

Yes. (I work for a large hosting provider and see it among the most commonly used after Spamhaus.)

Again, some client-side utilities can be configured to automatically report spam to blocklists and spam digesting providers (i.e. pyzor).

But a lost sale is still a lost sale. If would really suck if one of those would have been a repeat business customer wanting to setup contracts.

Again, from someone that works at a large hosting provider, you're right. I think the biggest risk is the potential tarnishing of the business image. It sounds like the boss is in the knee-jerk reaction. He needs to have a cool head to gently persuade him and show him the business case for not responding. You have to show him that it makes the whole business look unprofessional and the competitor has already done that to themselves. If these are known customers, it would be better to contact them directly via some other means (such as a phone call). You'll do better to work on your customer relationships than you would to respond in such an impersonal and annoying fashion.