The LISTSERV spamexit routine, as mentioned, does help but you get another very valuable option after upgrading to a 15.x version - this introduces a spam exit routine at the incoming SMTP level.  The difference is the LISTSERV spam exit routine does not see, and thus cannot squelch, traffic addressed to the server command interface, such as the Subscribe items you mention.

Both of these features require that you have some kind of spam scoring engine available - the samples given in the documentation expect a *nix host running the open-source SpamAssassin package in your network.

Since I run my Windows-based LISTSERV in a VMware guest environment, I created another guest system on the same host, installed openSUSE and SpamAssassin there.  Works quite well.  But as with any non-commercial spam scoring engine, it does require regular monitoring and updating (which is what you pay for mostly, when you purchase a spam filter product).

If you have some kind of spam filter in operation for your non-LISTSERV mail system, explore routing your LISTSERV inbound through that.

And I recommend not "bouncing" anything - if the incoming address is not valid then REJECT the message immediately in the SMTP transaction.  Bounce notices are a backscatter problem, an SMTP Reject is totally RFC-compliant and completely not-spam too.

>>> Larry <[log in to unmask]> 11/01/08 3:19 PM >>>
Backscatter is the new spam. Spammers are intentionally sending spam that will be returned in the bounce message. We have configured our MTA to not bounce messages to invalid addresses on our server (in violation of RFC 822) to cut down on this spam source. But listserv is now a major source of backscatter spam.

The backscatter problem has become overwhelming, and has gotten our site blacklisted by AT&T and MSN. Spam messages from non-subscribed addresses are sent to the list, and listserv dutifully sends a "you are not authorized.." reply. We see about 300 of these an hour. While it violates the RFCs, AT&T and MSN have told us we need to not reply to these bogus posts (which contain typical spam messages). Is there a way to configure listserv v 14 to ignore posts from non-subscribers, rather than to send reject messages?

We have a similar problem with bogus SUBSCRIBE messages. We get about 300 of these per day. Each one results in a confirmation message being sent to the bogus address in the subscribe request. These are treated as spam by AT&T and MSN. We're afraid to turn off CONFIRM for obvious reasons.