I highly recommend to think of this less of an exercise in maximizing compliance, but more in a exercise in minimizing the disservice to humans having to suffer the collateral damage.
The relevant standard does describe what the server generally must do after accepting - but it also clearly notes exceptions, such as for abusive clients:
When the receiver-SMTP accepts a piece of mail (by sending a "250 OK"
message in response to DATA), it is accepting responsibility for
delivering or relaying the message. It must take this responsibility
seriously. It MUST NOT lose the message for frivolous reasons, such
as because the host later crashes or because of a predictable
resource shortage. Some reasons that are not considered frivolous
are discussed in the next subsection and in Section 7.8.
( emphasis mine, from https://datatracker.ietf.org/doc/html/rfc5321#section-7.8 )
You may still "deliver" any share of incoming mail directly to whatever place you deem reasonable for the recipient, including the trash bin. But you do not win or lose much in how you treat the occasional spammer (really, computational resources are nothing in comparison to human lifetime), but we all lose a lot in applying special treatment to presumed abusive users that ends up affecting legitimate uses.
Spamhaus has a very good track record, but it will still occasionally return results that may not perfectly align with what sources your users never want mail from. It may even open up legal challenges around accepted, then never acted-on messages. Please wherever not strictly necessary for resistance against attacks clearly let the sender know - with a high preference on SMTP-stage defer/reject.