> what network detection could be done to detect this sort of thing. Clearly the code needed to make outbound connections to hosts.

Renting space that shares a netblock with a trusted host could make that more difficult.