anyone who was facile with perl could transform a full list of open relays or proxies into something that avibgpd could use, so that you could have your access controls implemented as routes rather than acl's. if you combine that with policy routing so that you can blackhole traffic based on source rather than destination, you could get the added benefit of not having to take/deliver the SYN only to blackhole the resulting SYN-ACK.
But how will the average BGP speaking router deal with an additional half million routes today or million routes in a few months? My guess is "not well"...or do you suggest some form of aggregation that would reduce the number of routes but penalize the innocent for being in the same /something as open systems?
i guess i have hopes of discovering a new and better equilibrium point, such that widely scalable, mechanistic shunning of open proxies would cause the owners of those hosts to wake up, smell the burning coffee, and contact their software vendor to demand improved security. but you're right, a half million additional routes would Break Stuff in most places. one could pixelize, aggregate on /28 or /24 boundaries, or maintain some kind of MRU. but it's all very hacky compared to "upgrade the bgp core to be able to handle a million more route$".