Some ISPs (often those of the "last-mile") allow outgoing packets whose source IP does not belong to their subnet. They have no rules in IPtables preventing packets that do not belong to the given subnet assigned to end customers. This is how spoofed packets enter Internet most of the time. The ISPs on upper tiers can not use such filters (even if they want to) because their networks are not strictly hierarchical like the networks of the "last-mile" ISPs and such filters will simply break the connectivity. The only way to significantly reduce spoofed packets is if all "last-mile" ISPs implement proper filtration.