Tracking Spammers
All email from spammers must enter the Internet from somewhere. Part of constructing a good spam filter is to identify the routing domain from whence the spam originated and other telltale bits of information, which you can use to construct broad, solid anti-spam rules and profiles.
False Headers
Many spammers add some false header information to their messages in an effort to make tracking the spam difficult. Often, however, the most egregious bulk emailers will use and re-use the same false routing domains and other header information – it's just too much work to create unique fake header information for each spam-blast. This is actually good news when it comes to creating anti-spam rules, because you can use these false domains like a "signature," to identify and safely block whole classes of spam, rather than tracking spam on a one-rule-one-spam basis. Also, some genuine ISPs are just spam-friendly. They don't care whether they are used as a conduit for spam, and they quickly become notorious entry points for spam. Identifying these domains and adding them to your rule-list can have a significant impact on the amount of spam your organization receives. Unmasking spammers can also be fun.
Complaining
Besides adding them to your rule-list, another reason for occasionally taking the time to track down the source of a spam is so that you can send an email complaining to the ISP. Most responsible ISPs have a policy against using their services to propagate spam, and will take action when informed of offenders.
Importing Rules
Some Internet sites, including Trend Micro, provide ready-made lists of known or suspected spammers. Lists in the proper format can be imported into your rule and/or policies.
A word of caution when importing lists: Be sure you trust the source. A poorly composed list can end up causing more problems than it solves.
See also: