Sounds like you can map out the compromised addresses and selectively block them.
Avoiding auto-spam-boxing new domains (as opposed to IP addresses), would be helpful. Any strategy that attempts to leverage multiple machines would still need to register and maintain many domain names, making such a spam strategy costly and more technically difficult. Further, an easy check for malicious users is to examine the websites at the domains suspected of spamming. Or even just WHOIS info.
If spam detection requires human intervention, it is too slow. Domain reputation needs to converge within 3-5 minutes---even 30 minutes means you have lost the spam race.
Avoiding auto-spam-boxing new domains (as opposed to IP addresses), would be helpful. Any strategy that attempts to leverage multiple machines would still need to register and maintain many domain names, making such a spam strategy costly and more technically difficult. Further, an easy check for malicious users is to examine the websites at the domains suspected of spamming. Or even just WHOIS info.