Originally, spammers would just buy Internet access like everyone else, then spam straight from it. Individuals would buy dialup accounts, spam-for-hire companies larger connections. Usually, this results in a lot of complaints to the provider, and some providers even react by disconnecting their spamming customers. Unfortunately a lot of providers, due to shortage of manpower or ethics, don't disconnect their spammers. Particularly naive or ethics-challenged providers have been known to enter into "pink contracts" that explicitly permit spamming activity. However, any spammer operating from a fixed location is at a significant disadvantage, since they're easy for everyone else to block.
Spammers then moved on to exploiting SMTP servers without relay limitations. This worked fairly well, except those pesky open relays, at the prompting of those darn RFCs, tend to provide usable tracing information that points back to the spammer's origin. Owners of the exploited servers have also successfully argued in court that the spammers are violating certain computer crime laws, and anyway it's become pretty easy (and now default behavior) to restrict relaying. Any mail server operator stubborn enough to persist in maintaining an open relay also tends to find his server widely blocked.
Spammers have since hit the jackpot in the form of millions of Microsoft Windows hosts now connected to the Internet full-time. Windows security holes, both in the form of remote attacks and a rich compost of Outlook email worms, allow a substantial fraction of those hosts to be controlled by spammers for use in spamming. The proxies and spam software installed on those hosts doesn't give up the real origin of the spam; it can only be traced back to this cable modem or that DSL connection, whose owner is often unaware that his computer is being used to spam others.