IP spoofing is pretty uncommon nowadays because everyone has anti-spoofing mechanisms in place and most ASNs often don't forward spoofed addresses outbound.

But as the sibling mentioned, even with spoofing, you can still follow the packet trail from your border routers upstream. I think the main thing we are lacking is just responsibility on the ISP side, if someone reaches out complaining that half of your customers are sending ddos attacks, maybe you need to do something about it. Most of these huge attacks are compromised routers or IoT devices (remember Mirai Botnet?).