This has like many things like cracking DRM become an arms race between spammers and anti-spam technologies.
I run a small ISP that was established in 1995. Spam was non-existent when we started our company. Since then many anti-spam measures have been implemented. All are effective when deployed. They get less effective over time as spammer find ways around them.
Most of the spam that leaves our network results from infections people get on their computers. These send through our servers and leave with correct SPF data. The only effective way we have been able to deal with this is to impose strict limits on how many email messages a subscriber can send. Your network is only as strong as it's weakest link. For us this link is our customers equipment/practices.