Well, I see the IP-intelligence module mainly utilized in this way.
First, it will block external attacks from entering into the environment e.g., botnet, DDoS, proxy scanners etc... Most companies place the service (webroot updates db every five minutes) in the front line, it won't breach your DMZ but that, as you know, is a design decision.
When it comes to internal attacks or devices infected, it will block the traffic on the way out. So, in this case, instead of scrambling around trying to remove the email or block the website at the proxy level, it can be done on the F5 device.
As you mentioned, it wouldn't be purchased for a pure anti-spam solution but rather would allow you to feel comfortable that most harmful inbound requests won't be entering your infrastructure and outbound request will be blocked allowing you to have multi-layered security.
I don't care what anyone says, most proxies do a poor job of looking at outbound requests :)