Yes, we are facing same problems.
Regarding spam, we've decided to allow only smtp traffic, with destination within our own country, because mostly, all spam traffic goes abroad. That helps us to not get any of our IP addreses black-holed.
But, there is another case. When one of our IP addresses got DDOS attacked. Then our upstream providers sometimes block that IP. That depends on how big malicios traffic is, because sometimes it just overuses our upstream links.
Yes, the solution could be, to create a lot of inside vrf's, but there would be to much addtional configs. We have now 6 inside-vrf's (ABF is used). Creating more vrf's? not sure.
It could be much more easier to simply remove one blocked IP from the pool, rather then kill all existing millions of sessions from pool (/26) and config a new one.
Here was told that this feature will come in future release..So we are very interested in it :))