* WHOIS is effectively destroyed.
* Companies like Cloudflare actively protect known spammers & scammers, and have made abuse reporting time consuming and error prone.
* Consolidation of most email to several large players means filtering them causes problems.
* Large delivery companies such as Sendgrid, Salesforce and Google basically do nothing about reported abuse.
Yes, most spammers these days that set up their own domains have tools to make sure DKIM, SPF and DMARC are all good, but consider that we can't know anything about these spammers: TLS certificates no longer contain contact information, large providers don't provide useful WHOIS, don't forward abuse complaints, have no clue what an SOA record is, and so on.
The way things should work is that we get a spam, we see the network from which the spam came through WHOIS, we forward the spam to their abuse address or the address they list in WHOIS, and we're done.
The way things work is that they don't have working information in WHOIS, they ignore the abuse complaints, they act like they don't know what to do with it, or they reply with a form email saying to go and use a web page where it takes time and work to paste in each part of a spam.
I blame the large companies who do this. Make reporting abuse difficult and you'll get much less reported abuse.