I like the idea, but won't spammers simply start using real addresses that just point to /dev/null instead of a legit account?

In addition to the reason Roger cited, there is another reason they don't usually do this.

Known spammers who don't disguise their return address are already on existing publicly available blacklists. My ISP uses these blacklists as the second half of their two-pronged attack against spam. I neglected to mention this aspect of the system in my original post.