I did not know that. I can't imagine how it could be done, either, but that's too far afield for this thread, I think, so I'll learn about it elsewhere.
I believe you can identify a proxy by polling it back, and if it's anonymous or high-anonymous, deny. Transparant proxies (like those in most businesses) can still come in.
Also, there are many publishers of proxy lists. Scrape those lists and put together a daily floating Denied IP List.