Based on recent observations of many folks, "spoofing is out of vogue". So much so that some recent discussions I've had with several folks lead me to believe that less than 1% of DDOS attacks today employ source address spoofing. As such, the value of techniques such as backscatter analysis and traceback decrease as well.
You should be right. If hacker use distributed network of zombie to set up massive attack, he do not bother about revealing back address of the packets (you can find a zombied machine, so what - he have a lot of them); on the other hand, it is much simpler to program such attack without frauding src address. SRC spoofing does not work thru firewalls, and makes zombie detection very simple on the originating side (for example, we log all packets with wrong SRC addresses, originated from our network ports in the INTRANET network).
I suspect that [at least] the perception of wide-scale BCP 38/uRPF and the sheer size and firepower of botnets today has resulted in a very significant decline in source-spoofed attacks. Clever folks actually spoof within the local (sometimes classful) subnet, making it slightly more difficult to identify the concerned host (IF your traceback functions ever make it to the "true Internet ingress" segment where a host resides, which is more often than not unlikely).
I suspect this is largely because we do such a poor job fixing compromised hosts that miscreants needn't worry much about losing significant portions of their botnets to traceback and cleanup - as Rob suggests, they're more concerned with losing them to other miscreants.
This is also representative of the inversion in attack methods over the past several years (i.e., the inversion from TCP-SYN type stuff to raw UDP-fill-the-pipe style attacks).
Nonetheless, ingress filtering certainly helps significantly.
-danny