I just found this article on reputation from the spam fighter’s point of view:

Spam has undergone a radical evolution during the past few years, and reputation systems are now a key technology in dealing with the ever-increasing volume of unwanted messages.
Reputation systems have been in use for the past three years, but are only now becoming "table stakes" for any vendor offering email security solutions. That is, it’s hard for any vendor to substantiate a high spam detection rate without relying on reputation.

The general concept behind a reputation system is that you can, with some precision, figure out the likelihood of a message being spam, based on who is sending it. IP addresses cannot be spoofed; they identify the sender and receiver of an email message and are essential to ensuring a message gets to its destination. You can fake pretty much everything else about a message, but not the originating IP address.

So how does a reputation system actually help your organization?  

Its data serves as another ingredient in the spam-detection cocktail
that your company uses to help determine which messages are unwanted.
Adding a measure of sender intent will definitely help make the
cocktail more effective. Spam-detection cocktails use hundreds of
attributes, scored and optimized to determine whether a message is
spam. No one attribute is fool-proof, so in general the more data you
have, the more optimized your cocktail will be. It’s not that
reputation data will help catch spam that no other technique would
catch, but another "juror" weighing in with a guilty verdict increases
the confidence level of the spam decision.

So what’s the catch? First, as with every other spam detection
technique, reputation systems are an inexact science. And every email
that gets flagged at the perimeter is essentially getting the death
penalty. Most vendors’ systems place borderline messages in quarantine
so false positives can be retrieved. But that’s why most organizations
set their connection management settings conservatively, so messages
from only the most egregiously bad senders will be discarded.

Now spammers are not stupid, so when they realized that these
reputation systems were affecting deliverability, they started looking
for other ways to obscure sender identities. Since IP addresses can’t
be spoofed, they did the next best thing: they recruited an army of
anonymous zombies to do their dirty work for them.

Zombies are actually the fatal flaw within reputation systems. Some
reputation systems assume that unknown senders (which are most likely
zombies) are good, and others figure they are bad. Neither method is
ideal; assuming unknown senders are bad can result in more false
positives, and assuming they are good inhibits the effectiveness of the
connection management function. The author of this article favors
systems that take a "guilty until proven innocent" approach; it’s
pretty clear that a great majority of the email senders out there have
bad intentions. But that approach may not work for everyone.

Fortunately for end users, reputation is only one piece of the
spam-detection puzzle.
In today’s enterprise messaging environment, there is too much spam
traffic to scrutinize every message. Reputation systems used to discard
spam before a message passes through the perimeter, alleviating
pressure from the gateway. While
they aren’t the answer to all of an organization’s spam woes, when used
in conjunction with other technologies, reputation systems can be a
valuable addition to a corporate anti-spam strategy.