I thought it was statistical filtering and crowd-sourced spam tagging (like Google's spam filter). I maintain a mail server for a client and Spam Assassin (edit: and greylisting) works well enough without blacklists enabled. Throw in a couple of extra Bayesian filters via procmail, and you're doing about as well as Google does.
Greylists are murder on businesses that depend on receiving mail from new people.
I see SpamHaus as akin to a the Microsoft monopoly in the 90's. If your interests are aligned with them, great. And for most people they do a great job. But there a lots of small businesses who get caught up and nearly crushed. Because a listing on a blacklist can be murder for a business that depends on communicating with people over email.
Why are graylists that horrible? All it does is require the sending server to retry 5 minutes later; I don't see how that would have any impact on a business unless they are in the habit of being on the phone with new customers and asking them to send an email at the same time.
Assuming the sending server does that. Maybe it takes a few hours. Maybe it doesn't. Small businesses can be a mess, and you can't say "well, your customers suck" when the client complains about how greylisting is working for him.
Why in the world would greylists be "murder" on businesses? We use 10 minute greylisting, and I occasionally check the logs and it does not seem to ever cause us to lose e-mails from anything but spammers.
I hate spam as much as anyone but blacklists have gotten out of hand.
I rented a server, and when I decided to use it for sending emails, I found out the IPs were blacklisted. I tried appealing to Microsoft and they claimed the IP was blacklisted after I rented it. This was ridiculous since I had just installed Postfix for a few days and barely sent any emails out.
So I decided to relay all my emails to another server and haven't had any problems with it for a year except now I am stuck with a server with blacklisted IPs.
Some messages still randomly get blocked by Hotmail while Gmail happily accepts them. This whole email delivery problem is a mess and the fact that people are paying to have someone else send their emails is proof of how bad Email is failing.
I run a mail server with OpenBSD's spamd[1] with greylisting and it works well enough. Most spam is not sent by SMTP compliant hosts. Blacklisting makes it particularly hard to recover IPs that have ever been compromised and unfairly hurts good hosts on otherwise untrustworthy (like some home ISPs) networks.