The problem with DNSBLs: they only tell you where someone was spamming from, not where they will spam you from next. As number of listed hosts rises, and feed quality increases, your odds improve, but it's still not enough.
We could block 1-2-3-4.example.net, then 1-2-3-5.example.net, then... but instead we blockn-n-n-n.example.net.
We can do this at connect time or soon after, depending on local policy and whether we want to gather more information before rejecting.
Building a database of naming conventions; over 15 thousand documented, describing almost 10 thousand domains in 182 countries. We add a few dozen a week.Works surprisingly well, with few false positives.
Takeaway: no longer plausible to run a mail server without easy, direct way to identify it as a legitimate source of mail.