In the meanwhile, there are still numerous spambot networks that can be blocked safely with using wildcards in SMTP Block with EHLO. Some of the more sophisticated spambot networks use randomizers for their sub-domains, but many just identify themselves with the same sub-domain for all of their domains spread across multiple providers (they will rotate through a half-dozen providers when they develop a poor reputation and start getting listed on RBLs and wait until those blocks are dropped and their reputation returns to good before reusing that provider a month to 9 months later to prevent from being perma-blocked by IP Address).
We are blocking the following EHLOs using wildcards and found a significant drop in the volume of junk e-mail:
fst*.*.click
range.*.com
blink*.*.org
complex*.*.org
hgb*.*.rocks
sdf.*.rocks
wen.*.rocks
wer.*.rocks
dre.*.us
enc.*.us
ert.*.us
host.*.us
mars.*.us
post.*.us
tcd.*.us
hype*.*.work
ns*.ztomy.com (I have never seen anything legitimate from ztomy.com, but this one may cause false positives. Use this one with discretion.)
After implementing you should see a significant bump in your SMTP Blocked Connections.
Still, there are many more that could be blocked if we could use REGEX in SMTP Blocking of EHLO domains.