I don't know if the carriers are implementing anything, which is really where this would have to happen.
Mmmm... just spitballing, there are two things that come to mind: (1) create a more asymmetric internet or (2) significantly reduce anonymity.
If you route machines with major penalties for any connections outside of machines they have connected to in the past week or month, for example, or if you require ISP-level configuration for peer-to-peer (at least logging into your ISP's web site to enable it), you could begin to reduce the usefulness of DDoS. On the anonymity side, you can strongly prefer authenticated and digitally signed connections, until at some point you perhaps only allow them.
It would add significant overhead, but if every packet, or at least connection, were signed by every piece of hardware it goes through, you could send (and sign) "compromised upstream" messages. When a large enough portion of traffic from any route becomes "compromised upstream," you bandwidth-limit (or even cut off) the route, with some intelligent rules for preferred traffic from that connection. (E.g. signed by a regular customer of the destination site.) End-users get messages once a day if they are generating compromised upstream errors.
The problem is it adds a *lot* of overhead.
You could also use the same system to *stop* junk phone calls.