“There is nothing you can do about this, other than improving your spam filters.”
I disagree with this. You *can* attempt to read the header information off the original email and determine a consistent source IP. This has worked or me in the past with unsophisticated spoofers. Then you can whois them and get contact info.
Another option is to check what site they are referencing in the original email. It is possible you can whois that and get the administrative contact for the domain. There is a decent chance, however, that the info there will be bogus, too. When it was kiddie porn, it turned out to be some poor woman in Kentucky who didn’t have a clue what was happening when I called her. She had already called the FBI re: identity theft.
I was speaking from the perspective of someone who gets literally thousands of junk emails per day, on two email addresses (my personal one, and my work one) both of which I have widely exposed to public view for many years.
One can bail out ones fishing boat with a bucket. A single person cannot bail out a ship in tsunami. All one can do in that case is button down the hatches and stay below decks. If the ship is big and strong, and able to be operated without going topside, then it's full steam ahead.