As we've seen over and over again, the one and only technique that has ever worked (and that I think ever *will* work) is the boycott -- whether enforced via the use of DNSBLs or RHSBLs or local blacklists or firewalls or whatever mechanism. It works for a simple reason: it makes the spam problem the problem of the originator(s), not the recipient(s). It forces them to either fix their broken operation (any network which persisently emits or supports spam/abuse is broken) or find themselves running an intranet.
I agree that the "boycott" approach is effective. It does not, however, completely resolve the issue that is SPAM. First and foremost, it does not make the spam a problem of the originator at all times. The issue is directly illustrated with smtp servers that are RFC ignorant and don't notify the sender that an error occurred. Sure, there's not too much work involved, I'm asked about a message that was supposed to be delivered, nope it wasn't, must be an issue on your end. It still requires me to look into the problem. The second issue with boycotting, is the false positives. And dhcp makes this a nightmare issue because some blacklists are retarded about how long entries are left in the list. Quite honestly, I think a good blacklist lookup and some sane bogon filters is relatively effective. Just be careful about what blacklist sites you use. Some blacklist sites require you to pay them to have entries removed. You can gurantee a lot of false positives arise from using sites like these. Or simply build your own. Rich is correct. The design and technology has been in place for at least a couple of decades. It does work, for the most part. Tim