Blacklists are only useful to stop only a few DDoS attacks mainly amplified ones like the ones that abuse open DNS resolvers which should be cleaned up on their own, in which case you want to be blacklisting the resolvers not the machines that use IP spoofing since they do not attack you directly.

Many (heck most) DDoS attacks do not use IP spoofing, the recent and largest recorded in history just used 145,000 IP enabled cameras, and this isn't even remotely the largest botnet out there, blacklisting an entire botnet is effectively DDoSing yourself since many of those machines can be on a network with 100's or 1000's of other computers behind the same IP which many of them would be legitimate users of your service.

Notifying ISP's also doesn't help, some ISP's can do some preventative measures but what often they do is simply kill routes to your service, again it would work if you are dealing with some ISP in Slovakia if you aren't serving any customers there (granted they actually respond to you in due time) but if you are dealing with large ISP's there is little they could do and cutting them off isn't an option.

And as for as cleaning and isolating these machines this is laughable, you aren't going to be tracking down customers, even the ISP won't do that for you, and even if it did what would it do send and email that would likely be ignored? Even if you identify customer the IP belongs to it doesn't tell you anything about the device, not to mention that the customer would likely have no capability of cleaning up their machines to begin with.

IP spoofing is a problem because there are currently ways to abuse IP spoofing to amplify the attacks, if you aren't amplifying your attack using UDP protocols you will usually not going to be using IP spoofing in the first place, and automatically banning IP addresses might sound like a good tactic until you are hit with DDoS from a big botnet within your market region at which point you can't use that any more, you might ban a few IP's that seem to have access to excessive bandwidth but even that might be problematic since it can affect legitimate users.

Only because spoofing prevents them from being reliable in any way.

>in which case you want to be blacklisting the resolvers

This approach is idiotic and its the reason these attacks are still a problem. EVERY DNS SERVER can be used if it resolves anything, not just if it's an open resolver. So your blacklist would have to include the root name servers, the .com names servers, etc.

>if you aren't amplifying your attack using UDP protocols you will usually not going to be using IP spoofing in the first place

Completely false. SYN floods and non amplified UDP floods very frequently spoof because it makes pruning attacks upstream by source impossible.

I'm not sure where you got this information, but stop spreading it. It's protecting incompetent network operators, harassing service operators, and doing little to improve the security of the Internet.