1. (users having confidential information the org does not want to leak) computers with access to such information should not be internet-connected; keep on reading...
2. yes, caching proxies are pretty much dead.
3. blocking ports does not work; one can always put one tunnel inside another (some years ago, a coworker had a simple http-80-GET/POST tunnel installed connecting his machine to his home machine, and from there, he was free). And THAT is why I said in #1 above that computers with confidential information should not be internet-connected.
4. I didn't understand what you meant with this; what can phishers and spammers do with https that they can't do with http? And MITM proxies just HELP phishers and spammers because your browser cannot veto the original certificate and more: you introdute a SPOF because if one pwns the proxy, you have the entire organization open to phishing and spoofing addresses (*).
> In other words, "don't touch https" means giving up on any firewall-like defence perimeter, trusting users will behave when they have no IT security culture, trusting no software installed on your system is going to leak data or even backdoor you via network accesses masquerading as https, trusting no web site you access is going to grossly abuse bandwidth and latency by serving badly-optimised content, etc
Repeating: firewall-like defence perimeter via proxy does not work, introduces a SPOF and your confidential data is never safe if it is in an internet-connected computer. You open yourself and your organization to millions of dollars in liability by MITMing https because you can be inadvertently opening a backdoor to secure, money-transacting websites.