Abuse is an arms race, so I'm not certain it can entirely be "open source". Someone has to man the servers to adapt as the assault develops. There can be tools that are open source, but without a foundation that is running services, it's just a bunch of dead end code.
Absolutely. I agree the key is less code than rapidly updated data. Source networks, browser headers, client behavior, target links, content markers. Spammers may be awful, but some of them aren't stupid. IF they discover something isn't working, then they'll change up their approach. And it can't be an open service, because you're just helping the smart ones to hide better.
