So far none of the spammers have used valid NIP-05s. So, it has been very effective.

They'd have to cycle through quite a lot of domains to evade from a relay operator who regularly builds the blocklist. And as you point out that might not be worth it financially.

But as is the case with spam, malware, ransomware, etc... It'll always be a cat and mouse, whack-a-mole effort.

At least, for now, we're winning.